This is a submission for the DEV April Fools Challenge
What I Built
What do you do when you have a series of narrative-driven Docker security workshops featuring 10 elite "Commandos" fighting CVE monsters in Asgard?
You could write more documentation. You could add more tests. Or, you could do the most "anti-value" thing possible: Build a full-featured arcade suite where these security characters play Blackjack and Swiss Jass.
Presenting the Asgard Arcade: A collection of four utterly useless but technically over-engineered games designed to distract developers from actual security work while simultaneously drilling "Security Metaphors" into their brains.
The Lore: Docker Commandos & Black Forest Shadow
The Docker Commandos are a team of 10 elite specialists, each representing a core Docker security feature (e.g., Gord is docker init, Jack is docker scout). Their journey began in the Black Forest Shadow universe—a dark fantasy retelling of container security where warriors fight shadowy monsters called CVEs in the year 1865.
From the 19th-century Black Forest to the futuristic golden districts of Asgard, these characters teach DevSecOps through immersive storytelling.
Black Forest Shadow — A Dark Fantasy Guide to Docker and Kubernetes Security - Docker and Kubernetes Security - Docker and Kubernetes Security
A dark fantasy novel set in the Black Forest of 1865 that teaches Docker and Kubernetes security through narrative — covering CVE hunting, SBOM generation, runtime hardening, and container security.
dockersecurity.io
The Games:
- Asgard Siege (Tactical Defense): A game where you must counter CVE threats (like "The Supply Chain Hydra") by deploying the correct Commando. Choose wrong, and Asgard's security level crashes.
- Blackjack with Jack: Standard Blackjack, but against Angra (the shadow villain). If you are dealt Jack (the Cyborg Commando), you get a "Scout Bonus" to see the dealer's hidden card.
- Asgardian Jass (Schieber): A 4-player Swiss trick-taking game. We replaced standard suits with Shields, Attestations, Hardened Images, and Signatures. Jack is the "Bure" (highest trump).
- The Reference Deck: A simple card-comparison game to learn the "Power," "Stealth," and "Legacy" stats of each character.
Demo
You can experience the arcade yourself at dockersecurity.io/commandos (scroll down to the "Asgard Arcade") or jump directly into a game below:
The Tactical Siege
Docker and Kubernetes Security
From supply chain to runtime: build safer images, lock down clusters, instrument logging & audit trails, and stay ahead of emerging threats. The comprehensive guide by Mohammad-Ali A'râbi.
dockersecurity.io
Blackjack with Jack
Docker and Kubernetes Security
From supply chain to runtime: build safer images, lock down clusters, instrument logging & audit trails, and stay ahead of emerging threats. The comprehensive guide by Mohammad-Ali A'râbi.
dockersecurity.io
Asgardian Jass
Docker and Kubernetes Security
From supply chain to runtime: build safer images, lock down clusters, instrument logging & audit trails, and stay ahead of emerging threats. The comprehensive guide by Mohammad-Ali A'râbi.
dockersecurity.io
Code
The project is built within the official DockerSecurity.io website repository.
How I Built It
Full Disclosure: Every single game in this arcade, the UI components, the AI logic, and even this very blog post were entirely developed and written by Gemini CLI, an interactive agent. I simply provided the "utterly useless" vision, and the agent executed the over-engineering.
Built with Next.js 14, Tailwind CSS, and Radix UI.
- The Jass Engine: Features a heuristic AI for your partner (Evie) and opponents (Angra & Jack the Miner) that follows suit rules, handles trump logic, and manages complex turn states.
- Dynamic State: Utilizes React state machines to manage trick resolution, "Zero-Day Exploit" dealer logic in Blackjack, and the deteriorating security level of Asgard during sieges.
- Accessible Visuals: Custom character portraits with responsive aspect ratios and high-visibility suit indicators (e.g., Shields for SBOMs, Fingerprints for Identity).
Prize Category
I am submitting this for the Community Favorite category.
While it solves exactly zero real-world security vulnerabilities, it turns the grueling task of learning supply-chain security (SBOMs, Provenance, VEX) into a series of addictive arcade games. It’s the ultimate "Anti-Value" tool: it encourages developers to spend their "Build Time" playing cards with a cyborg cowboy instead of fixing their Dockerfile.
Created by Mohammad-Ali A'râbi (Docker Captain) & Gemini CLI
Top comments (0)