This repository provides guidance on objectively classifying container images for security hardening. The CHPs specification details security criteria across 4 "vectors":
- Minimalism – Reducing software packages and complexity
- Provenance – Verifying source and authenticity
- Configuration & Metadata – Applying secure defaults and best practices
- Vulnerabilities – Tracking known vulnerabilities at any point in time
CHPs help DevOps teams, image authors, and security practitioners quickly see where container images meet or miss security hardening measures. Users can self-assess images and display badges that reflect their security posture.
- Read the Spec: See CHPs.md for the complete classification levels.
- Assess Your Image: See how well your images rank across the criteria. Use the CHPs Scorer project to do this automatically.
- Badge Your Projects: Add badges showing how your images score across minimalism, provenance, configuration, and vulnerabilities.
Please open issues or submit pull requests to help refine the specification or suggest new criteria.
All CHPs specification content is provided under the Creative Commons BY 4.0 License.