go-docker-deploy
Pass
Audited by Gen Agent Trust Hub on Mar 13, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The Dockerfile utilizes multi-stage builds and minimal distroless production images (gcr.io/distroless/static-debian12), which reduces the attack surface by excluding unnecessary shells and system utilities.
- [SAFE]: The provided .dockerignore file is correctly configured to exclude sensitive files such as .env and .git directories from the container build context.
- [SAFE]: All deployment templates for Cloud Run, ECS, and Kubernetes utilize environment variables and placeholders for configuration, preventing the exposure of hardcoded secrets or credentials.
- [SAFE]: The automation scripts and Makefiles use standard system tools and Go toolchain commands without any suspicious or dynamic code execution patterns.
- [SAFE]: Infrastructure services defined in the docker-compose environment utilize official and well-known images from trusted registries.
Audit Metadata