How to check docker container security?

Hello,

I’ve installed a docker container locally via a compose file and things seem to work fairly well.
Now, it would be great to have this setup on a VPS somewhere online.
How can I check the docker engine, docker compose and container for security?
That’s the one I’m talking about: Docker Compose | n8n Docs

How can I keep the setup secure over the coming months / years?

Thanks,
Chris

Hardening of Docker Host and Installation:

Container Image Scanning:

  • Use tools like Docker Scout or Trivy to detect known vulnerabilities in container images

Furthermore, you can use the Open Policy Agent for access control. It allows per identity restrictions of the docker api usage. Note: this one might be tough to learn.

Thanks.

I’ve just tried trivy. Does this work with docker-compose.yml as well?

ls -lah
total 16K
drwxrwxr-x 2 tp tp 4,0K Jan 10 08:15 .
drwxrwxr-x 8 tp tp 4,0K Jan 10 06:32 ..
-rw-rw-r-- 1 tp tp 2,3K Jan 10 08:15 docker-compose.yml
-rw-rw-r-- 1 tp tp  471 Jan 10 06:36 .env
#:~/Software/Docker/n8n$ trivy fs --scanners vuln,secret,misconfig ./
2025-01-10T09:43:41+01:00       INFO    Need to update DB
2025-01-10T09:43:41+01:00       INFO    Downloading DB...       repository="ghcr.io/aquasecurity/trivy-db:2"
58.40 MiB / 58.40 MiB [-----------------------------------------------------------------------------------------------------------------------------------------------] 100.00% 5.11 MiB p/s 12s
2025-01-10T09:43:54+01:00       INFO    Vulnerability scanning is enabled
2025-01-10T09:43:54+01:00       INFO    Misconfiguration scanning is enabled
2025-01-10T09:43:54+01:00       INFO    Need to update the built-in policies
2025-01-10T09:43:54+01:00       INFO    Downloading the built-in policies...
74.86 KiB / 74.86 KiB [----------------------------------------------------------------------------------------------------------------------------------------------------] 100.00% ? p/s 100ms
2025-01-10T09:43:55+01:00       INFO    Secret scanning is enabled
2025-01-10T09:43:55+01:00       INFO    If your scanning is slow, please try '--scanners vuln' to disable secret scanning
2025-01-10T09:43:55+01:00       INFO    Please see also https://aquasecurity.github.io/trivy/v0.52/docs/scanner/secret/#recommendation for faster secret detection
2025-01-10T09:43:55+01:00       INFO    Number of language-specific files       num=0
2025-01-10T09:43:55+01:00       INFO    Detected config files   num=0

It seems, as if it doesn’t find the file?

Also check OWASP Docker Security Cheat Sheet.