gradle-docker-jib
Pass
Audited by Gen Agent Trust Hub on Feb 24, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill utilizes the Google Jib plugin, which is a reputable tool from a trusted vendor (Google) for containerizing applications without requiring a Docker daemon.
- [SAFE]: Credential management follows secure patterns, using environment variables rather than hardcoded secrets for registry authentication.
- [SAFE]: The documentation explicitly recommends security-hardened practices, such as using minimal 'distroless' or Alpine base images and configuring non-root user execution within containers.
- [SAFE]: All external references and dependencies (e.g., Eclipse Temurin, Google Container Registry) are well-known, trusted technology services or organizations.
Audit Metadata