docker-scout-scanner
Docker Scout Scanner
This skill performs container security analysis for Docker projects using Docker Scout, identifying CVEs in image layers, insecure Dockerfile patterns, outdated base images, and misconfigured container builds, then mapping findings to CWE and OWASP Top 10:2021 standards. When Docker Scout is unavailable, the skill falls back to a ten-point static Dockerfile review covering the most critical container hardening checks.
When to Use
- When the user asks to "scan a Docker image for vulnerabilities" or "run Docker Scout"
- When the user mentions "container CVE scan", "image security", or "container SAST"
- When reviewing a
Dockerfileordocker-compose.ymlbefore deployment - When a pull request contains changes to
Dockerfile,.dockerignore, ordocker-compose.ymland a security check is requested - When the user wants to check for outdated base images, exposed secrets in build args, or privilege escalation risks
- When generating a Software Bill of Materials (SBOM) for a container image
When NOT to Use
More from kalshamsi/claude-security-skills
pci-dss-audit
Use when auditing code for PCI-DSS v4.0 compliance, reviewing cardholder data handling, checking credit-card storage and transmission, hunting PAN logging, or answering \"is this code PCI-compliant?\".
2socket-sca
Supply chain analysis via Socket.dev CLI. Use when asked to scan dependencies for supply chain risks, run Socket SCA, audit npm/pip packages, detect typosquatting, or find malicious dependencies.
2crypto-audit
Use when reviewing code for weak encryption, hardcoded cryptographic keys, insecure TLS/SSL configuration, broken hashing, bad randomness, or any cryptographic implementation concern — regardless of language.
2bandit-sast
Use when scanning Python code for security vulnerabilities, running Bandit, performing Python SAST, auditing Python security bugs, or reviewing Python source for injection, weak crypto, or insecure deserialization.
2security-headers-audit
Use when reviewing HTTP security headers, checking a Content-Security-Policy, auditing CORS or HSTS configuration, evaluating X-Frame-Options or Permissions-Policy, inspecting header middleware, or hardening a web application's response headers.
2devsecops-pipeline
Generate GitHub Actions security CI/CD pipelines. Use when asked to generate security pipeline, DevSecOps workflow, CI/CD security, GitHub Actions security, create security workflow, add security scanning to CI, or set up automated security checks.
2