What tools does this skill use for scanning?

It wraps Hadolint for Dockerfile linting and Trivy for container image vulnerability scanning.

What kind of security issues can it detect?

It identifies misconfigurations like using the 'latest' tag or root users, as well as specific CVEs within the packages installed in your images.

Is it possible to check if I have the dependencies installed?

Yes, you can use the --check flag with the container-scanner to verify if the required tools are properly installed.

Do I need to install Hadolint and Trivy separately?

Yes, these tools must be installed on your system (via Homebrew, Docker, or direct binary) for the skill to perform the scans.

Can I get machine-readable results from the scanner?

Yes, the skill supports a --json flag for both linting and image scanning to provide structured output.

Container Security Scanner

Name: Container Security Scanner
Author: naporin0624

bynaporin0624

•

セキュリティとテスト

Audits Dockerfiles for best practices and scans container images for security vulnerabilities using industry-standard tools like Hadolint and Trivy.

概要

The Container Scanner skill empowers developers to integrate security and quality checks directly into their containerization workflows. By wrapping Hadolint and Trivy, it provides a unified interface for linting Dockerfiles to ensure adherence to best practices and scanning container images for known vulnerabilities (CVEs). It is particularly useful during the development phase to catch misconfigurations, non-root user violations, and outdated packages before they reach production environments, ensuring a more secure and efficient deployment.

主な機能

Automated Dockerfile linting against standard best practices (Hadolint)
Validation of version pinning, root user usage, and layer optimization
2 GitHub stars
Deep vulnerability scanning for container images and CVEs (Trivy)
Support for structured JSON output for automation and reporting
Integrated tool check to verify local scanner availability

ユースケース

Enforcing consistent Docker standards across a development team locally
Scanning external or public base images for critical security vulnerabilities
Auditing a project's Dockerfile for security and optimization before deployment

概要

主な機能

Automated Dockerfile linting against standard best practices (Hadolint)
Validation of version pinning, root user usage, and layer optimization
2 GitHub stars
Deep vulnerability scanning for container images and CVEs (Trivy)
Support for structured JSON output for automation and reporting
Integrated tool check to verify local scanner availability

ユースケース

Enforcing consistent Docker standards across a development team locally
Scanning external or public base images for critical security vulnerabilities
Auditing a project's Dockerfile for security and optimization before deployment