====== Docker - Security - Use labels for metadata ======

Labels with metadata for images provide useful information for users.

Include security details as well.

Use and communicate a Responsible Security Disclosure policy by adopting a **SECURITY.TXT** policy file and providing this information in your images labels.

----

Image labels provide metadata for the image you’re building. This help users understand how to use the image easily. The most common label is “maintainer”, which specifies the email address and the name of the person maintaining this image. Add metadata with the following **LABEL** command:

<code>
LABEL maintainer="me@acme.com"
</code>

In addition to a maintainer contact, add any metadata that is important to you. This metadata could contain: a commit hash, a link to the relevant build, quality status (did all tests pass?), source code, a reference to your [[https://securitytxt.org/|SECURITY.TXT]] file location and so on.

It is good practice to adopt a SECURITY.TXT (RFC5785) file that points to your responsible disclosure policy for your Docker label schema when adding labels, such as the following:

<code>
LABEL securitytxt="https://www.example.com/.well-known/security.txt"
</code>

See more information about labels for Docker images: https://label-schema.org/rc1/