docs: add lab7 submission - container security analysis

[ph1larmon1a]

Goal

Analyze the security posture of the bkimminich/juice-shop:v19.0.0 container image, audit the Docker host against the CIS Docker Benchmark, and compare secure deployment configurations (Default, Hardened, Production) to understand practical hardening measures for containerized workloads.

Changes

• Added full vulnerability analysis for the Juice Shop image using Docker Scout, Snyk, and Dockle
• Documented CVE findings and configuration weaknesses with remediation steps
• Compared Default, Hardened, and Production container deployment profiles
• Explained security measures: capabilities, no-new-privileges, resource limits, PID limits, and restart policy
• Created final documentation in:
  • labs/submission7.md
  • labs/lab7/scanning/ – raw vulnerability scan outputs
  • labs/lab7/hardening/ – docker-bench-security results
  • labs/lab7/analysis/ – deployment comparison evidence

Testing

1. Scans executed locally
   • Ran docker scout cves, snyk test, and dockle on bkimminich/juice-shop:v19.0.0.
   • Verified outputs saved under labs/lab7/scanning/.
2. Deployment validation
   • Deployed three container profiles (juice-default, juice-hardened, juice-production).
   • Confirmed functionality via HTTP 200 responses on ports 3001–3003.
   • Collected docker stats and docker inspect data for comparison.
3. Reviewers can reproduce
   • Pull the same image.
   • Re-run provided commands in lab7.md to verify identical outputs and configuration behavior.

Artifacts & Screenshots

• Documentation: labs/submission7.md
• Scan Outputs: labs/lab7/scanning/
• Deployment Comparison: labs/lab7/analysis/deployment-comparison.txt

---

Checklist

• PR has a clear and descriptive title
• Documentation updated if needed
• No secrets or large temporary files committed
• Task 1 done — Advanced Image Security & Configuration Analysis
• Task 2 done — Docker Security Benchmarking & Assessment
• Task 3 done — Secure Container Deployment Analysis