Use the following guidelines for performing container security assessment

• Choose minimal base images to reduce attack surface of the container
• Create a dedicated user and group on the image, with minimal permissions to run the application
• Sign and verify images to mitigate Man in The Middle attacks
• Scan images for known vulnerabilities
• Harden container images, daemons, and the host environment
• Create separate virtual networks for the containers to segregate them by data sensitivity
• Do not store secrets in containers
• Ensure that containers are stateless and immutable
• Do not run container processes as Root
• Monitor the user activity around container ecosystem
• Configure resource quotas on a per-container basis
• Capture host and container logs

Imported from SD Elements: https://redhat.sdelements.com/bunits/psse-secure-development/group-2-extended-functionality-offerings/openshift-source-to-image-s2i-builder-image/tasks/phase/requirements/106-T1917/