Launching today
dockersec
Scan Dockerfiles for security issues. Offline. Free.
4 followers
Scan Dockerfiles for security issues. Offline. Free.
4 followers
dockersec is an offline CLI security scanner for Dockerfiles and docker-compose files. 28 built-in rules, GitHub Actions ready, ships as a single Go binary.
Hey Product Hunt! 👋
I built dockersec because I kept seeing the same Docker security mistakes show up in production codebases , containers running as root, API keys hardcoded in ENV, base images that change silentlyevery week.
The existing tools either required a cloud account, called home on every scan, or only checked a handful of issues. I wanted something that runs offline, ships as a single binary, and gives you actionable fix instructions instead of just a list of CVE IDs.
So I built it in Go over a few weeks. It now covers 28 rules across Dockerfile and docker-compose files, has a YAML rule engine so anyone can add rules without writing Go, and ships binaries for Linux, macOS, and Windows via goreleaser.
The thing I'm most proud of: the fix instructions. Each finding tells you not just what's wrong but exactly why it matters and what to type to fix it. I wrote them for someone who is new to Docker security, not just for experts.
Would love to hear what rules you think are missing.
Website: https://deepakms.com/projects/dockersec.html
GitHub: https://github.com/Deepak-coder80/dockersec