{"id":13787877,"url":"https://github.com/madhuakula/docker-security-checker","last_synced_at":"2025-10-12T23:05:38.610Z","repository":{"id":40689758,"uuid":"264303011","full_name":"madhuakula/docker-security-checker","owner":"madhuakula","description":"Dockerfile Security Checker using OPA Rego policies with Conftest","archived":false,"fork":false,"pushed_at":"2022-06-27T10:28:09.000Z","size":11,"stargazers_count":59,"open_issues_count":0,"forks_count":27,"subscribers_count":3,"default_branch":"master","last_synced_at":"2025-04-11T09:59:29.706Z","etag":null,"topics":["conftest","docker","dockerfile","infosec","opa","opa-rego-policies","rego","security"],"latest_commit_sha":null,"homepage":"https://blog.madhuakula.com/dockerfile-security-checks-using-opa-rego-policies-with-conftest-32ab2316172f","language":"Open Policy Agent","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/madhuakula.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2020-05-15T21:31:10.000Z","updated_at":"2024-10-21T15:04:21.000Z","dependencies_parsed_at":"2022-09-05T14:31:26.926Z","dependency_job_id":null,"html_url":"https://github.com/madhuakula/docker-security-checker","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/madhuakula/docker-security-checker","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/madhuakula%2Fdocker-security-checker","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/madhuakula%2Fdocker-security-checker/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/madhuakula%2Fdocker-security-checker/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/madhuakula%2Fdocker-security-checker/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/madhuakula","download_url":"https://codeload.github.com/madhuakula/docker-security-checker/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/madhuakula%2Fdocker-security-checker/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":279013416,"owners_count":26085274,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-10-12T02:00:06.719Z","response_time":53,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["conftest","docker","dockerfile","infosec","opa","opa-rego-policies","rego","security"],"created_at":"2024-08-03T21:00:32.727Z","updated_at":"2025-10-12T23:05:38.570Z","avatar_url":"https://github.com/madhuakula.png","language":"Open Policy Agent","funding_links":[],"categories":["Open Policy Agent (4)","Language and Platform Integrations","Open Policy Agent"],"sub_categories":["Docker"],"readme":"# docker-security-checker\n\nThis repository contains OPA Rego policies for `Dockerfile` Security checks using Conftest\n\n* The rego policy rules can be found at [policy/security.rego](policy/security.rego)\n\n## Sample rego policy for using COPY instead of ADD in Dockerfile\n\n```\ndeny[msg] {\n    input[i].Cmd == \"add\"\n    val := concat(\" \", input[i].Value)\n    msg = sprintf(\"Use COPY instead of ADD: %s\", [val])\n}\n```\n\n## Running the conftest with security policies\n\n* Run the following command to test security policies against the Dockerfile\n\n```bash\nconftest test Dockerfile\n```\n\n* Now you can see the below example output\n\n```bash\nWARN - Dockerfile - Do not use latest tag with image: [\"ubuntu:latest\"]\nFAIL - Dockerfile - Suspicious ENV key found: [\"SECRET\", \"AKIGG23244GN2344GHG\"]\nFAIL - Dockerfile - Use COPY instead of ADD: app /app\nFAIL - Dockerfile - Use COPY instead of ADD: code /tmp/code\n\n5 tests, 1 passed, 1 warning, 3 failures\n```\n\n## Try it out yourself\n\n* I have created this scenario in katacoda playground to learn and try out yourself\n\n[![Katacoda Playground for docker-security-checker](https://miro.medium.com/max/1400/1*gO49knu-MTkDBjChMrFGZA.png)](https://katacoda.com/madhuakula/scenarios/docker-security-linter)\n\n* Read more about it at [https://blog.madhuakula.com/dockerfile-security-checks-using-opa-rego-policies-with-conftest-32ab2316172f](https://blog.madhuakula.com/dockerfile-security-checks-using-opa-rego-policies-with-conftest-32ab2316172f)\n\n\n## Contribution\n\n* You can add more policies at policy directory with more information by adding comments\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fmadhuakula%2Fdocker-security-checker","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fmadhuakula%2Fdocker-security-checker","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fmadhuakula%2Fdocker-security-checker/lists"}