Skip to content

v0.2.0 - Dockerfile Security Scanner

Latest

Choose a tag to compare

@github-actions github-actions released this 29 Jan 15:36

Dockerfile Security Scanner - Complete Go Rewrite

Analyze Dockerfiles for security vulnerabilities and exposed credentials using regex-based rules.

Features

  • 35 Built-in Security Rules across 5 categories:

    • Core best practices (10 rules)
    • Credential detection (11 rules) - detects AWS keys, GitHub tokens, API keys, private keys
    • Security issues (7 rules) - Docker socket mounts, dangerous permissions, sudo usage
    • Package management (4 rules) - apt-get cleanup, pip cache, npm cache
    • Configuration issues (3 rules) - privileged containers, dangerous ports
  • Multi-platform Support: Linux, macOS, Windows (amd64, arm64)

  • Flexible Output: ASCII table or JSON

  • Custom Rules: Load your own YAML rules

  • Ignore Rules: Suppress specific findings

  • CI/CD Ready: Exit code 1 on issues for automated workflows

Usage

```yaml

  • uses: cr0hn/dockerfile-security@v0.2.0
    with:
    dockerfile: 'Dockerfile'
    fail-on-issues: true
    ```

What's New in v0.2.0

  • Complete rewrite from Python to Go for better performance
  • Expanded from 16 to 35 security rules
  • Added GitHub Action support for seamless CI/CD integration
  • Improved credential detection (GitHub PAT, RSA keys, OpenAI, Stripe)
  • Enhanced regex patterns for better accuracy

See README for full documentation.