docker-scan-lite after seeing too many prod incidents from:
FROM ubuntu:latestUSER root- Hardcoded API keys
- No version pinning
DON'T
Last week: seen container compromised because someone deployed with root user + hardcoded API key.
This happens. We write Dockerfiles in a hurry:
-
FROM ubuntu:latest(no time for versions) -
USER root(it just works) - Hardcoded secrets (just for testing)
- No pinning (build's failing, gotta ship)
we hear warnings but keep driving.
DO
go install github.com/nickciolpan/docker-scan-lite@latest
docker-scan-lite scan Dockerfile
Catches:
- Vulnerable base images
- Hardcoded secrets
- Root user configs
- Insecure commands
- Unpinned packages
Real output:
🐳 Docker Scan Lite Results
📊 Summary: 3 issues found
🔒 Security Issues
⚠️ [HIGH] Container running as root user (line 15)
⚠️ [MEDIUM] Using 'latest' tag not recommended (line 1)
⚠️ [LOW] Package installation without version pinning (line 8)
Setup (30 seconds)
Add to CI:
- name: Scan Dockerfile
run: docker-scan-lite scan Dockerfile
30 seconds to install. Catches stupid mistakes before production.
GitHub: https://github.com/nickciolpan/docker-scan-lite
What's your worst Docker security mistake?
Top comments (0)
Some comments may only be visible to logged-in visitors. Sign in to view all comments.