diff --git a/colin/checks/best_practices/cmd_or_entrypoint.py b/colin/checks/best_practices/cmd_or_entrypoint.py
new file mode 100644
index 00000000..e39a5c5b
--- /dev/null
+++ b/colin/checks/best_practices/cmd_or_entrypoint.py
@@ -0,0 +1,36 @@
+import logging
+
+from colin.checks.abstract.containers import ContainerCheck
+from colin.checks.abstract.images import ImageCheck
+from colin.checks.result import CheckResult
+
+logger = logging.getLogger(__name__)
+
+
+class CmdOrEntrypointCheck(ContainerCheck, ImageCheck):
+
+    def __init__(self):
+        super().__init__(name="cmd_or_entrypoint",
+                         message="Cmd or Entrypoint has to be specified",
+                         description="",
+                         reference_url="?????",
+                         tags=["cmd", "entrypoint", "required"])
+
+    def check(self, target):
+        metadata = target.instance.get_metadata()["Config"]
+        cmd_present = "Cmd" in metadata and metadata["Cmd"]
+        msg_cmd_present = "Cmd {}specified.".format("" if cmd_present else "not ")
+        logger.debug(msg_cmd_present)
+
+        entrypoint_present = "Entrypoint" in metadata and metadata["Entrypoint"]
+        msg_entrypoint_present = "Entrypoint {}specified.".format("" if entrypoint_present else "not ")
+        logger.debug(msg_entrypoint_present)
+
+        passed = cmd_present or entrypoint_present
+        return CheckResult(ok=passed,
+                           severity=self.severity,
+                           description=self.description,
+                           message=self.message,
+                           reference_url=self.reference_url,
+                           check_name=self.name,
+                           logs=[msg_cmd_present, msg_entrypoint_present])
diff --git a/colin/checks/best_practices/no_root.py b/colin/checks/best_practices/no_root.py
new file mode 100644
index 00000000..4c9267a3
--- /dev/null
+++ b/colin/checks/best_practices/no_root.py
@@ -0,0 +1,25 @@
+from colin.checks.abstract.containers import ContainerCheck
+from colin.checks.abstract.images import ImageCheck
+from colin.checks.result import CheckResult
+
+
+class NoRootCheck(ContainerCheck, ImageCheck):
+
+    def __init__(self):
+        super().__init__(name="no_root",
+                         message="Service should not run as root by default.",
+                         description="",
+                         reference_url="?????",
+                         tags=["root", "user"])
+
+    def check(self, target):
+        metadata = target.instance.get_metadata()["Config"]
+        root_present = "User" in metadata and metadata["User"] in ["", "0", "root"]
+
+        return CheckResult(ok=not root_present,
+                           severity=self.severity,
+                           description=self.description,
+                           message=self.message,
+                           reference_url=self.reference_url,
+                           check_name=self.name,
+                           logs=[])
diff --git a/colin/checks/labels/io_openshift_expose-services.py b/colin/checks/labels/io_openshift_expose-services.py
new file mode 100644
index 00000000..51d13bbe
--- /dev/null
+++ b/colin/checks/labels/io_openshift_expose-services.py
@@ -0,0 +1,14 @@
+from colin.checks.abstract.labels import LabelCheck
+
+
+class IoOpenshiftExposeServicesLabelCheck(LabelCheck):
+
+    def __init__(self):
+        super().__init__(name="io.openshift.expose-services_label",
+                         message="Label 'io.openshift.expose-services' has to be specified.",
+                         description="port:service pairs separated with comma, e.g. \"8080:http,8443:https\"",
+                         reference_url="?????",
+                         tags=["io.openshift.expose-services", "label", "optional"],
+                         label="io.openshift.expose-services",
+                         required=True,
+                         value_regex=None)
diff --git a/colin/checks/labels/vcs-url.py b/colin/checks/labels/vcs-url.py
new file mode 100644
index 00000000..cb7d9e22
--- /dev/null
+++ b/colin/checks/labels/vcs-url.py
@@ -0,0 +1,14 @@
+from colin.checks.abstract.labels import LabelCheck
+
+
+class VcsUrlLabelCheck(LabelCheck):
+
+    def __init__(self):
+        super().__init__(name="vcs-url_label",
+                         message="Label 'vcs-url' has to be specified.",
+                         description="URL of the version control repository.",
+                         reference_url="https://github.com/projectatomic/ContainerApplicationGenericLabels",
+                         tags=["vcs-url", "vcs", "label", "optional"],
+                         label="vcs-url",
+                         required=True,
+                         value_regex=None)
diff --git a/config/fedora.json b/config/fedora.json
index a29c0eaa..241d2dc8 100644
--- a/config/fedora.json
+++ b/config/fedora.json
@@ -18,7 +18,10 @@
       "vcs-ref",
       "vcs-type",
       "description",
-      "io_k8s_description"
+      "io_k8s_description",
+      "vcs-url",
+      "maintainer",
+      "io_openshift_expose-services"
     ]
   },
   "dockerfile": {
@@ -32,7 +35,9 @@
   },
   "best_practices": {
     "required": [
-      "help_file_or_readme"
+      "help_file_or_readme",
+      "cmd_or_entrypoint",
+      "no_root"
     ],
     "optional": [
     ]
diff --git a/config/redhat.json b/config/redhat.json
index 401ee9be..dba83ce5 100644
--- a/config/redhat.json
+++ b/config/redhat.json
@@ -1,7 +1,6 @@
 {
   "labels": {
     "required": [
-      "maintainer",
       "name",
       "com_redhat_component",
       "summary",
@@ -30,6 +29,10 @@
       "release_capital_deprecated"
     ],
     "optional": [
+      "vcs-url",
+      "maintainer",
+      "io_openshift_expose-services",
+      "maintainer"
     ]
   },
   "dockerfile": {
@@ -43,7 +46,9 @@
   },
   "best_practices": {
     "required": [
-      "help_file"
+      "help_file",
+      "cmd_or_entrypoint",
+      "no_root"
     ],
     "optional": [
     ]