Docker Security Training
This 3-day training provides comprehensive Docker security knowledge covering the entire container lifecycle. Participants learn image security, runtime protection, rootless Docker, secrets management, network policies, vulnerability scanning, content trust, and CIS benchmark compliance.
Lock down your container workloads with this focused 2-day security course. Learn to build hardened images, enforce runtime security controls, scan for vulnerabilities, manage secrets properly, and implement defense-in-depth strategies for Docker environments.
Training Details
| Duration | 2 days (16 hours) |
| Level | Intermediate |
| Delivery | In-person, Live online, Hybrid |
| Certification | N/A |
Who Is This For?
- DevOps engineers hardening container infrastructure
- Security engineers assessing container environments
- Developers building secure containerized applications
- Teams implementing DevSecOps practices
Learning Outcomes
After completing this training, participants will be able to:
- Build minimal, hardened Docker images
- Implement container runtime security controls
- Scan images for vulnerabilities and misconfigurations
- Manage secrets without embedding them in images
- Configure Linux security modules for containers
- Establish a secure container supply chain
Detailed Agenda
Day 1: Image Security
Module 1: Secure Image Building
- Minimal base images (Distroless, Alpine, scratch)
- Running as non-root and USER instruction
- Removing unnecessary packages and files
- Hands-on: Harden a Dockerfile following CIS benchmarks
Module 2: Vulnerability Scanning
- Image scanning with Trivy, Grype, and Snyk
- CVE analysis and prioritization
- Integrating scanning into CI/CD pipelines
- Hands-on: Set up automated scanning with build-time gating
Module 3: Supply Chain Security
- Image signing with Cosign and Notation
- Content trust and Docker Content Trust
- Base image provenance and SBOMs
- Hands-on: Sign images and verify signatures in a pipeline
Day 2: Runtime Security
Module 4: Container Isolation
- Linux namespaces and cgroups
- Capabilities — dropping and adding
- Seccomp profiles and AppArmor
- Hands-on: Apply least-privilege runtime security profiles
Module 5: Secrets Management
- Docker secrets and config objects
- External secret injection patterns
- Environment variables vs mounted secrets
- Hands-on: Implement secret management without embedding in images
Module 6: Network and Host Security
- Docker daemon security configuration
- Network policies and firewall rules
- Read-only filesystems and tmpfs
- Hands-on: Lock down a Docker host following CIS Docker Benchmark
Prerequisites
- Docker Fundamentals or equivalent experience
- Basic understanding of Linux security concepts
- Familiarity with CI/CD pipelines
Delivery Formats
| Format | Description |
|---|---|
| In-Person | On-site at your company's location, hands-on with direct interaction |
| Live Online | Interactive virtual sessions with screen sharing and real-time labs |
| Hybrid | Combination of on-site and remote sessions, flexible scheduling |
All formats include hands-on labs, course materials, and post-training support.
Ready to get started?
Request a training quote for your team — in-person, live-online, or hybrid.