Can I still debug my containers if they don't have a shell?

Yes, the templates include a 'latest-dev' build argument that allows you to build a version of the image with a shell for local troubleshooting while keeping production images shell-free.

Which programming languages are supported by this skill?

The skill provides specialized templates for Python (via uv), Bun, Node.js (via pnpm), Golang (both static and CGO), and Rust (glibc and musl variants).

How does this skill help speed up my development workflow?

It implements BuildKit cache mounts for package managers like pip, pnpm, and cargo, ensuring that dependencies aren't redownloaded or recompiled unnecessarily during every build.

What makes these container images more secure than standard images?

These templates use Wolfi runtime images which have a minimal attack surface, are built to be CVE-free, and enforce a non-root user (UID 65532) by default to prevent privilege escalation.

Secure Container Build

Name: Secure Container Build
Author: pigfoot

bypigfoot

•

배포 및 DevOps

Builds security-hardened, minimal container images using Wolfi runtimes, multi-stage builds, and non-root configurations.

This skill provides specialized templates and best practices for creating production-grade container images that prioritize security and performance. By leveraging Wolfi-based runtime images and multi-stage builds, it ensures a minimal attack surface while supporting a wide array of ecosystems including Python (uv), Node.js (pnpm), Bun, Go, and Rust. It automates complex configurations such as non-root user setup, signal handling with tini, and memory allocator optimization, making it an essential tool for developers aiming for CVE-free deployments and efficient CI/CD workflows.

주요 기능

01BuildKit cache mount integration for significantly faster dependency installation

02Optimized multi-stage build templates for Python, Node.js, Go, and Rust

03Automatic non-root user configuration (UID 65532) by default

04Security-hardened Wolfi runtime base images for minimal attack surface

051 GitHub stars

06Advanced memory allocator tuning with mimalloc support for Rust applications

사용 사례

01Migrating legacy root-based Dockerfiles to secure non-root environments

02Optimizing CI/CD pipelines with BuildKit caching and minimal image footprints

03Creating CVE-free production containers for enterprise microservices

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add pigfoot/claude-code-hubs secure-container-build

For use in Claude.ai and ChatGPT

Download Skill