docker-patterns
Pass
Audited by Gen Agent Trust Hub on Mar 12, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill provides standard and secure configuration patterns for containerized environments, promoting safe defaults for local development stacks.
- [SAFE]: Includes explicit security recommendations such as running containers as non-root users (e.g., 'USER appuser'), pinning specific image versions instead of using the volatile ':latest' tag, and utilizing multi-stage builds to minimize image size and attack surface.
- [SAFE]: Correctly advises on secret management, providing negative examples to warn against hardcoding API keys and recommending the use of .env files (with .dockerignore) or Docker secrets.
- [SAFE]: Demonstrates secure networking practices, such as binding database ports to localhost (127.0.0.1) to prevent unintended external access and using custom Docker networks for service isolation.
Audit Metadata