render-docker
Pass
Audited by Gen Agent Trust Hub on May 1, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill demonstrates strong security awareness by explicitly warning against passing secrets via Docker
ARGinstructions, which can be recovered from image history. - [SAFE]: Dockerfile templates provided in the reference files follow the principle of least privilege by creating and switching to non-root users (e.g., nodejs, appuser) for application execution.
- [SAFE]: The templates promote multi-stage builds, which is a security best practice that ensures build tools and sensitive build-time artifacts are not included in the final production image, reducing the overall attack surface.
- [SAFE]: All external references and base images used in the provided templates (such as Node.js, Python, Golang, Ruby, Rust, and Alpine) are official, well-known images from trusted registries.
- [SAFE]: The documentation provides clear guidance on secure registry configuration using Render's built-in credential management, avoiding hardcoded secrets in configuration files.
Audit Metadata