References:

Docker Security Labs : https://github.com/docker/labs/tree/master/security

Docker Bench Security Scan : https://github.com/docker/docker-bench-security

Content Trust : https://github.com/docker/labs/blob/master/security/trust/README.md

User Namespaces : https://github.com/docker/labs/blob/master/security/userns/README.md

Seccomp: https://docs.docker.com/engine/security/seccomp/#significant-syscalls-blocked-by-the-default-profile

Secrets: https://github.com/docker/labs/blob/master/security/secrets/README.md