{"id":50076693,"url":"https://github.com/owasp/docksec","last_synced_at":"2026-05-22T08:01:15.993Z","repository":{"id":277631874,"uuid":"933046325","full_name":"OWASP/DockSec","owner":"OWASP","description":"AI-Powered Docker Security Analyzer","archived":false,"fork":false,"pushed_at":"2026-05-14T16:49:41.000Z","size":30359,"stargazers_count":180,"open_issues_count":26,"forks_count":51,"subscribers_count":3,"default_branch":"main","last_synced_at":"2026-05-14T18:35:22.396Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/OWASP.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":"CONTRIBUTING.md","funding":".github/FUNDING.yml","license":"LICENSE","code_of_conduct":"CODE_OF_CONDUCT.md","threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":"docs/SECURITY.md","support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null},"funding":{"custom":"https://owasp.org/donate/?reponame=DockSec\u0026title=OWASP+DockSec"}},"created_at":"2025-02-15T02:49:30.000Z","updated_at":"2026-05-14T18:20:53.000Z","dependencies_parsed_at":"2026-05-22T04:04:53.911Z","dependency_job_id":null,"html_url":"https://github.com/OWASP/DockSec","commit_stats":null,"previous_names":["advaitpatel/docksec","owasp/docksec"],"tags_count":6,"template":false,"template_full_name":null,"purl":"pkg:github/OWASP/DockSec","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/OWASP%2FDockSec","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/OWASP%2FDockSec/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/OWASP%2FDockSec/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/OWASP%2FDockSec/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/OWASP","download_url":"https://codeload.github.com/OWASP/DockSec/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/OWASP%2FDockSec/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":33334777,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-05-21T12:23:38.849Z","status":"online","status_checked_at":"2026-05-22T02:00:06.671Z","response_time":265,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2026-05-22T08:01:04.373Z","updated_at":"2026-05-22T08:01:15.974Z","avatar_url":"https://github.com/OWASP.png","language":"Python","funding_links":["https://owasp.org/donate/?reponame=DockSec\u0026title=OWASP+DockSec"],"categories":[],"sub_categories":[],"readme":"\u003cdiv align=\"center\"\u003e\n\n[![OWASP](https://img.shields.io/badge/Incubator-blue?\u0026label=level\u0026style=for-the-badge)](https://owasp.org/DockSec/) [![OWASP](https://img.shields.io/badge/Code-blue?label=type\u0026style=for-the-badge)](https://owasp.org/DockSec/) [![project-docksec](https://img.shields.io/badge/%23project--docksec-blue?label=slack\u0026logoColor=white\u0026style=for-the-badge)](https://owasp.slack.com/archives/C0APXGCUW7M) [![Build Status](https://img.shields.io/github/actions/workflow/status/OWASP/DockSec/python-app.yml?branch=main\u0026style=for-the-badge\u0026label=Build\u0026color=blue)](https://github.com/OWASP/DockSec/actions)\n\n[![License](https://img.shields.io/badge/license-MIT-blue?style=for-the-badge)](https://github.com/OWASP/DockSec/blob/main/LICENSE) [![Last Commit](https://img.shields.io/github/last-commit/OWASP/DockSec/main?color=blue\u0026style=for-the-badge\u0026label=Last%20commit)](https://github.com/OWASP/DockSec/commits/main/) [![Contributors](https://img.shields.io/github/contributors/OWASP/DockSec?style=for-the-badge\u0026label=Contributors\u0026color=blue)](https://github.com/OWASP/DockSec/graphs/contributors)\n\n[![Forks](https://img.shields.io/github/forks/OWASP/DockSec?style=for-the-badge\u0026label=Forks\u0026color=blue)](https://github.com/OWASP/DockSec/network/members) [![Stars](https://img.shields.io/github/stars/OWASP/DockSec?style=for-the-badge\u0026label=Stars\u0026color=blue)](https://github.com/OWASP/DockSec/stargazers) ![PyPI Downloads](https://img.shields.io/pepy/dt/docksec?style=for-the-badge\u0026color=blue)\n\n[![Issues](https://img.shields.io/github/issues/OWASP/DockSec?color=blue\u0026style=for-the-badge\u0026label=Issues)](https://github.com/OWASP/DockSec/issues) [![Pull Requests](https://img.shields.io/github/issues-pr/OWASP/DockSec?color=blue\u0026style=for-the-badge\u0026label=Pull%20Requests)](https://github.com/OWASP/DockSec/pulls)\n\n[![CREATED](https://img.shields.io/badge/created-feb,%202025-blue?style=for-the-badge)](https://github.com/OWASP/DockSec/commit/80664db8935e4b5ab44df5867913e)\n\n\u003cpicture\u003e\n  \u003csource srcset=\"https://raw.githubusercontent.com/OWASP/DockSec/main/images/docksec-logo-for-github.png\" media=\"(prefers-color-scheme: dark)\"\u003e\n  \u003cimg src=\"https://raw.githubusercontent.com/OWASP/DockSec/main/images/docksec-logo-for-github.png\" alt=\"DockSec Logo\" width=\"200\"\u003e\n\u003c/picture\u003e\n\u003cimg src=\"https://raw.githubusercontent.com/OWASP/DockSec/main/images/owasp-logo.png\" alt=\"OWASP Logo\" width=\"400\"\u003e\n\n# [DockSec](https://owasp.org/DockSec/)\n\n**AI-powered Docker security scanner that explains vulnerabilities in plain English**\n\n\u003c/div\u003e\n\n---\n\n## What is DockSec?\n\nDockSec is an **OWASP Incubator Project** that bridges the gap between complex security scan results and actionable developer fixes. It integrates industry-standard scanners (Trivy, Hadolint, Docker Scout) with advanced AI to provide **context-aware security analysis**. \n\nInstead of overwhelming you with a list of 200+ CVEs, DockSec:\n\n- **Prioritizes** what actually affects your specific container setup.\n- **Explains** vulnerabilities in plain English, not just security jargon.\n- **Suggests** specific, line-by-line fixes for your Dockerfile.\n- **Generates** professional, interactive security reports for your team.\n\nThink of it as having a security expert sitting right next to you, reviewing your Dockerfiles in real-time.\n\n---\n\n## How It Works\n\n\u003cdiv align=\"center\"\u003e\n  \u003cimg src=\"https://raw.githubusercontent.com/OWASP/DockSec/main/images/workflow.png\" alt=\"DockSec Workflow\" width=\"800\"\u003e\n  \u003cp\u003e\u003cem\u003eDockSec workflow: From scanning to actionable insights\u003c/em\u003e\u003c/p\u003e\n\u003c/div\u003e\n\nDockSec follows a robust four-stage pipeline:\n1. **Scan**: Runs Trivy, Hadolint, and Docker Scout locally on your environment.\n2. **Analyze**: AI correlates findings across all scanners to remove noise and assess real-world impact.\n3. **Recommend**: Generates human-readable explanations and specific remediation steps.\n4. **Report**: Exports actionable results in JSON, PDF, HTML, or Markdown formats.\n\n---\n\n## Leaders\n\nDockSec is led by a dedicated team committed to making container security accessible.\n\n- [Advait Patel](https://github.com/advaitpatel) - Project Lead\n\nFor questions or discussions, please join the [#project-docksec](https://owasp.slack.com/archives/C0APXGCUW7M) channel on OWASP Slack.\n\n---\n\n## Quick Start\n\n### GitHub Action\n\nIntegrate DockSec into your GitHub Actions workflow:\n\n```yaml\n- name: Run DockSec AI Scanner\n  uses: OWASP/DockSec@main\n  with:\n    dockerfile: 'Dockerfile'\n    openai_api_key: ${{ secrets.OPENAI_API_KEY }}\n```\n\n### CLI Usage\n\n```bash\n# Install DockSec\npip install docksec\n\n# Scan a Dockerfile (AI-powered)\n# Reports will be saved to ~/.docksec/results/\ndocksec Dockerfile\n\n# Scan Dockerfile + Docker image\ndocksec Dockerfile -i myapp:latest\n\n# Scan only a Docker image\ndocksec --image-only -i myapp:latest\n\n# Fast scan only (no AI)\ndocksec Dockerfile --scan-only\n```\n\n---\n\n## Features\n\n- **Smart Analysis**: AI explains what vulnerabilities mean for *your* specific setup.\n- **Multi-LLM Support**: Use OpenAI, Anthropic Claude (4.x), Google Gemini (1.5+), or local models via Ollama.\n- **Deep Integration**: Combines Trivy (vulnerabilities), Hadolint (linting), and Docker Scout.\n- **Security Scoring**: Get a 0-100 score to track your security posture over time.\n- **Centralized Reporting**: All reports are neatly organized in `~/.docksec/results/` by default.\n- **Rich Formats**: Professional exports in HTML (interactive), PDF, JSON, and CSV.\n- **CI/CD Ready**: Designed for easy integration into GitHub Actions and build pipelines.\n- **GitHub Action**: Available on the GitHub Marketplace for automated security scans.\n\n---\n\n## Contributing\n\nDockSec thrives on community contributions. Whether you are a developer, designer, or security enthusiast, there are many ways to get involved:\n\n- **Code Contributions**: Fix bugs or add new features.\n- **Documentation**: Improve guides or create tutorials.\n- **Issue Reporting**: Identify and report bugs.\n- **Feedback**: Share your experience and suggestions.\n\nTo get started, check out our [Contributing Guidelines](CONTRIBUTING.md), [Code of Conduct](CODE_OF_CONDUCT.md), and [Sponsorship Guide](SPONSORSHIP.md).\n\n---\n\n## Community and Social Media\n\n- **OWASP Project Page**: [owasp.org/DockSec/](https://owasp.org/DockSec/)\n- **OWASP Slack**: [#project-docksec](https://owasp.slack.com/archives/C0APXGCUW7M)\n- **PyPI**: [pypi.org/project/docksec/](https://pypi.org/project/docksec/)\n- **Issues**: [Report a bug](https://github.com/OWASP/DockSec/issues)\n\n---\n\n\u003cdiv align=\"center\"\u003e\n  \u003cstrong\u003eIf DockSec helps you, give it a ⭐ to help others discover it!\u003c/strong\u003e\u003cbr\u003e\n  Built with ❤️ by \u003ca href=\"https://github.com/advaitpatel\"\u003eAdvait Patel\u003c/a\u003e and the OWASP community.\n\u003c/div\u003e\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fowasp%2Fdocksec","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fowasp%2Fdocksec","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fowasp%2Fdocksec/lists"}