What tools does this skill support?

It provides detailed guidance and command syntax for industry-standard tools including Trivy, Grype, Snyk, and Docker Scout.

Can I use this for non-PHP projects?

Yes, while the repository context is PHP-focused, the core scanning logic, CI/CD templates, and SBOM generation patterns apply to any Dockerized application.

How does it help with security compliance?

It includes severity classification tables (CVSS), policy configuration templates, and standardized SBOM formats like CycloneDX and SPDX to meet legal and security requirements.

Does it support automated CI/CD pipelines?

Yes, it provides ready-to-use YAML configurations for GitHub Actions and GitLab CI to automate scanning and policy enforcement during the build process.

Can it help fix vulnerabilities identified in scans?

It provides specific fix strategies ranging from base image upgrades and PHP version updates to dependency pinning and risk acceptance documentation.

Docker Security Scanning Knowledge

Name: Docker Security Scanning Knowledge
Author: dykyi-roman

bydykyi-roman

•

セキュリティとテスト

Simplifies vulnerability detection and compliance management for Docker container images with integrated tool support and SBOM generation.

This skill provides a comprehensive knowledge base for securing Docker containers, specifically optimized for PHP-based environments but applicable to any containerized workflow. It offers instant access to best practices, command references, and CI/CD integration patterns for industry-standard tools like Trivy, Grype, Snyk, and Docker Scout. Whether you are generating Software Bill of Materials (SBOMs), setting up automated security gates in GitHub Actions, or interpreting vulnerability severity levels, this skill enables Claude to implement robust container security protocols and remediation strategies.

主な機能

01Automated CI/CD workflow templates for GitHub Actions and GitLab CI

0245 GitHub stars

03Actionable remediation strategies for OS and PHP-specific vulnerabilities

04Vulnerability severity classification and compliance policy templates

05Multi-tool command reference for Trivy, Grype, and Docker Scout

06Standardized SBOM generation guidance in CycloneDX and SPDX formats

ユースケース

01Securing PHP-based Docker images using best-of-breed security tools

02Automating container vulnerability scanning in DevOps pipelines

03Generating and auditing Software Bill of Materials (SBOM) for compliance

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add dykyi-roman/awesome-claude-code docker-scanning-knowledge

For use in Claude.ai and ChatGPT

Download Skill