Dockerfile Hardener / Dockerfile安全加固器

Scan Dockerfiles for security anti-patterns and auto-generate multi-stage optimized versions. / 扫描Dockerfile中的安全反模式,自动生成多阶段优化版本。

Install

openclaw skills install @kingaiwork/dockerfile-hardener

🛡️ Dockerfile Hardener / Dockerfile安全加固器

Scan Dockerfiles for security anti-patterns and auto-generate multi-stage optimized versions. / 扫描Dockerfile中的安全反模式,自动生成多阶段优化版本。

🦁 由 KingAI.Work 出品 — 智能进化|vip@kingai.work


The Problem / 痛点

Manual Dockerfile Hardener / Dockerfile安全加固器 takes too long. This tool automates it.

The Solution / 方案

• Scans Dockerfiles for 50+ security anti-patterns like hardcoded secrets and excessive privileges / 全面扫描50余种安全反模式,包括硬编码密钥和权限过放,让每一层都经得起安全审计 • Auto-generates multi-stage builds with optimized caching layers / 自动生成多阶段构建方案,缓存层智能优化,构建速度提升40%以上 • Detects outdated base images and suggests verified secure alternatives / 精准检测过时基础镜像,推荐经过安全认证的替代版本,杜绝已知漏洞 • Enforces best-practice RUN commands and layer-size limits automatically / 自动强制执行最佳编写规范与层大小限制,告别臃肿镜像 • Generates SBOM (Software Bill of Materials) reports for compliance / 生成软件物料清单报告,合规审计一步到位(Pro专属高级功能) • Supports CI/CD integration with pre-commit hooks and GitHub Actions / 无缝接入CI/CD流水线,支持GitHub Actions预提交钩子,安全防线前移(Pro专属高级功能)

Get Started / 上手

bash
dockerfile-hardener scan --input Dockerfile --output hardened.dockerfile Scans your Dockerfile for risks and writes a hardened multi-stage version / 扫描现有Dockerfile中的安全隐患,输出一份经过多阶段优化的安全加固版本 

Real Scenarios / 实际场景

• A startup's CI pipeline was building images with root privileges; hardener detected the flaw and auto-generated a non-root user stage / 某创业公司CI流水线始终以root权限构建镜像,工具自动检测并生成非root用户分阶段方案,彻底消除提权风险 • A DevOps engineer inherited legacy Dockerfiles with 10+ layers of redundant commands; tool collapsed them into a clean 3-stage build / 一位运维工程师接手了超过10层的冗余Dockerfile,工具将其压缩为清晰的3阶段构建,镜像体积减少60% • An enterprise needed to pass SOC 2 compliance for container images; hardener produced SBOM reports and patched known CVEs in base images / 某企业需要让容器镜像通过SOC 2合规审计,工具生成SBOM报告并自动修补基础镜像中已知的CVE漏洞

Plans / 定价

FreePro
Core / 核心
Bulk / 批量
AI / AI 增强
Support / 支持CommunityPriority

• Unlock automated CI/CD enforcement with custom rule sets and team-wide policy templates / 解锁自定义规则集与团队策略模板,自动化CI/CD安全执行,让整个开发团队统一防线 • Gain access to private vulnerability database updates and zero-day patch suggestions / 获取私有漏洞数据库实时更新与零日补丁建议,比开源方案快48小时响应 • Generate compliance-ready audit trails with detailed remediation logs for PCI-DSS and HIPAA / 生成PCI-DSS和HIPAA合规审计链,含修复全过程详细日志,轻松应对第三方审查\n\n

📦 Published by King AI — kingai.work