docker

Installation

SKILL.md

Docker Code Review Rules

Security (Critical)

Run as non-root user (USER directive)
Don't store secrets in image (use runtime injection)
Don't use --privileged without justification
Scan images for vulnerabilities
Set readonly root filesystem where possible
Review any use of build-time variables (e.g., ARG, ENV, LABEL values) that can be influenced by external inputs (such as --build-arg values or CI/CD environment variables sourced from untrusted users) to ensure they are not used in a way that enables build-time injection
Never use HTML comments () in Dockerfiles

Base Images

Pin base image to specific version (not latest)
Use official images from trusted sources
Prefer minimal images (alpine, slim, distroless)
Regularly update base images for security patches

Build Optimization

Use multi-stage builds to reduce final image size

Related skills

More from yldgio/anomaly-codereview

Installs

2

Repository

yldgio/anomaly-…dereview

First Seen

Jan 30, 2026

Security Audits

Gen Agent Trust HubPass