In modern-day to day development and operations, we use container images and containers to run our applications ranging from developer laptops, raspberry pi, staging servers to including production environments. And Docker has become a defacto container runtime. As we use modern technologies and tools, we tend to forget securing them while building and serving our customers. In this talk, we will see how we can write secure Dockerfiles and how we can automate these security checks as codified policies and validate them against the Dockerfiles (Infrastructure as a Code) to identify the potential security risks before deploying them into production.