Skip to content

Latest commit

 

History

History
25 lines (21 loc) · 976 Bytes

README.md

File metadata and controls

25 lines (21 loc) · 976 Bytes

ironpeakservices/iron-redis

Secure base image for running Redis.

docker pull ghcr.io/ironpeakservices/iron-redis:1.0.0

How is this different?

We build from the official redis source code, but additionally:

  • an empty scratch container (no shell, unprivileged user, ...) for a tiny attack vector
  • secure healthcheck binary for embedded container monitoring
  • hardened redis config
  • hardened Docker Compose file
  • max volume size set to 10GB, max memory set to 4GB
  • Continuous vulnerability scanning

Example

FROM ghcr.io/ironpeakservices/iron-redis:1.0.0
# add 'requirepass MySecret' into redis.conf
COPY redis.conf / 

Update policy

Updates to the official redis docker image are automatically created as a pull request and trigger linting & a docker build. When those checks complete without errors, a merge into master will trigger a deploy with the same version to packages. A GitHub release will also be created to notify the GitHub subscribers.