security-docker

Installation

SKILL.md

Security audit patterns for Docker and container deployments covering secrets in images, port exposure, user privileges, and compose security.

Secrets in Images (Critical)

Secrets in Build Args/ENV

# ❌ CRITICAL: Secret in ENV (visible in image history)
ENV API_KEY=sk_live_abc123
ENV DATABASE_URL=postgres://user:password@host/db

# ❌ CRITICAL: Secret in ARG (visible in image history)
ARG AWS_SECRET_ACCESS_KEY
RUN aws configure set aws_secret_access_key $AWS_SECRET_ACCESS_KEY

Installs

Repository

igorwarzocha/op…orkflows

GitHub Stars

123

First Seen

Jan 24, 2026

Security Audits

Gen Agent Trust HubPass

SocketPass

SnykFail

security-docker — igorwarzocha/opencode-workflows