I haven’t switched products but I did go through a process of hardening my containers to a degree. I did find that the hardening is limited by the authors of the software and if they have built their apps with security in mind.

I have always used docker-compose I found that easier to see what needed to be tweaked.

Some helpful links

docs.docker.com/…/vulnerability-scanning/

…owasp.org/…/Docker_Security_Cheat_Sheet.html