Docker Security — Docker Hub Health Score Grade A

Overview

General Dockerfile patterns are documented in dev-team/docs/standards/devops.md#containers. This skill focuses specifically on Docker Hub Health Score compliance.

This skill creates or audits Dockerfiles and image configurations to achieve Docker Hub Health Score grade A.

Docker Hub Health Score Policies

#	Policy	Weight	How to Comply
1	Default non-root user	Required	Dockerfile MUST have a `USER` directive with a non-root user
2	No fixable critical/high CVEs	Required	Zero critical/high vulnerabilities with available fixes
3	No high-profile vulnerabilities	Required	Zero CVEs in the CISA KEV catalog
4	No AGPL v3 licenses	Required	No packages with AGPL-3.0 licenses
5	Supply chain attestations	Required	SBOM + provenance attached to pushed images (pipeline config)
6	No outdated base images	Optional	Only evaluated for Docker Hub hosted base images
7	No unapproved base images	Optional	Only evaluated for Docker Hub hosted base images

ring:dev-docker-security

Docker Security — Docker Hub Health Score Grade A

Overview

Docker Hub Health Score Policies

More from lerianstudio/ring

ring:pre-dev-trd-creation

ring:test-driven-development

ring:pre-dev-feature-map

ring:pre-dev-prd-creation

ring:dev-cycle

ring:infrastructure-cost-estimation