I’m trying to collect security enhancements for my new configs. One I have found is: DOCKER_CONTENT_TRUST=1
Can we just add this at the beginning of every Dockerfile?

Also, we should have a line like this to every Dockerfile to have it run as a user instead of root, right?
RUN groupadd -r name && useradd -r -s /bin/false -g name

Any other recommendations? It also seems Docker’s docs need to be clarified with something like, “we recommend that you only run docker and docker-compose as root via sudo instead of trying to get it to run as a regular user.”

Thank you.