docker
Installation
SKILL.md
Docker Code Review Rules
Security (Critical)
- Run as non-root user (
USERdirective) - Don't store secrets in image (use runtime injection)
- Don't use
--privilegedwithout justification - Scan images for vulnerabilities
- Set
readonlyroot filesystem where possible - Review any use of build-time variables (e.g.,
ARG,ENV,LABELvalues) that can be influenced by external inputs (such as--build-argvalues or CI/CD environment variables sourced from untrusted users) to ensure they are not used in a way that enables build-time injection - Never use HTML comments (
<!-- -->) in Dockerfiles
Base Images
- Pin base image to specific version (not
latest) - Use official images from trusted sources
- Prefer minimal images (
alpine,slim,distroless) - Regularly update base images for security patches
Build Optimization
- Use multi-stage builds to reduce final image size
Related skills
More from yldgio/codereview-skills
dotnet
ASP.NET Core patterns, dependency injection, middleware, async/await, and security
6github-actions
GitHub Actions workflow security, performance optimization, and best practices
6react
React component patterns, hooks best practices, state management, and performance optimization
3nextjs
Next.js 14+ App Router patterns, Server Components, API routes, and performance optimization
1angular
Angular component architecture, RxJS patterns, change detection, and module organization
1gh-cli
GitHub CLI (gh) comprehensive reference for repositories, issues, pull requests, Actions, projects, releases, gists, codespaces, organizations, extensions, and all GitHub operations from the command line.
1