docker-patterns
Pass
Audited by Gen Agent Trust Hub on May 14, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill provides detailed guidance on container hardening, including the use of non-root users (
adduser,USER appuser), multi-stage builds to minimize image size, and the use of specific image digests for reproducibility. - [SAFE]: Explicitly identifies and warns against critical security anti-patterns such as
privileged: true,network_mode: host, and the dangerous practice of bind-mounting/var/run/docker.sock. - [SAFE]: Recommends secure secret management techniques, such as using BuildKit secrets (
RUN --mount=type=secret) to avoid leaking credentials in image layers, and advises against committing.envfiles to source control. - [SAFE]: Provides a robust container supply chain playbook in
references/supply-chain.md, recommending the use of official security scanners (Trivy, Grype), SBOM generation, and image signing (Cosign/Sigstore).
Audit Metadata