Experimental features are disabled in production

Docs > Datadog Security > OOTB Rules > Experimental features are disabled in production

Classification:

compliance

Framework:

cis-docker

Control:

2.16

Set up the docker integration.

Description

Experimental features should not be enabled in production.

Rationale

“Experimental” is currently a runtime Docker daemon flag rather than being a feature of a separate build. Passing --experimental as a runtime flag to the docker daemon activates experimental features. Whilst “Experimental” is considered a stable release, it has a number of features which may not have been fully tested and do not guarantee API stability.

Audit

Check whether the Experimental property is set to false in the Server section, by running:

docker version --format '{{ .Server.Experimental }}'

Remediation

Do not not pass --experimental as a runtime parameter to the Docker daemon on production systems.

Impact

None

Default value

By default, experimental features are not activated in the Docker daemon.

References

https://docs.docker.com/edge/engine/reference/commandline/dockerd/#options

CIS controls

Version 6 18 Application Software Security Application Software Security