Skills Guide

Révision de Dockerfile

Auditez les Dockerfiles pour la sécurité, l'efficacité et les meilleures pratiques. Identifiez les problèmes critiques, les avertissements et suggestions avec des corrections.

Spar Skills Guide Bot
DevOpsIntermédiaire1 vues0 installations08/03/2026
Claude CodeCursorWindsurfCopilot
dockercontainer-securitydockerfile-optimizationdevopscode-review

name: dockerfile-review description: Review Dockerfiles for best practices, security, and optimization. Use when the user says "review Dockerfile", "optimize image", "Dockerfile best practices", "reduce image size", or asks to audit a container build. allowed-tools: Read, Glob, Grep

Dockerfile Review

Audit Dockerfiles for security, efficiency, and best practices.

Instructions

  1. Read the Dockerfile
  2. Check for issues in each category below
  3. Report findings with severity (critical/warning/suggestion)
  4. Provide specific fixes with corrected code

Security checks

  • MUST flag USER root without switching back
  • MUST flag secrets in ENV, ARG, or COPY (API keys, passwords)
  • MUST flag apt-get install without --no-install-recommends
  • Flag missing USER directive (runs as root by default)
  • Flag COPY . . (may include secrets, .git, etc.)
  • Flag :latest tags (unpinned versions)
  • Flag curl | sh patterns

Optimization checks

  • Multi-stage builds for compiled languages
  • Layer ordering (least-changing first)
  • Combined RUN statements to reduce layers
  • Cache mounts for package managers: --mount=type=cache
  • .dockerignore file exists and covers .git, node_modules, etc.
  • apt-get clean && rm -rf /var/lib/apt/lists/* in same layer

Best practices

# Good: pinned, non-root, minimal
FROM python:3.11-slim@sha256:abc123...
WORKDIR /app
RUN useradd -r -s /bin/false appuser
COPY requirements.txt .
RUN --mount=type=cache,target=/root/.cache/pip \
    pip install -r requirements.txt
COPY --chown=appuser:appuser . .
USER appuser
CMD ["python", "app.py"]

Output format

## Critical
- Line 5: Running as root without USER directive

## Warnings
- Line 12: Using :latest tag - pin to specific version

## Suggestions
- Line 8-10: Combine RUN statements to reduce layers

Rules

  • MUST read the Dockerfile before reviewing
  • MUST categorize issues by severity
  • Never approve Dockerfiles with hardcoded secrets
  • Always check for corresponding .dockerignore

Skills similaires

Architecte Docker Compose

100
DevOps

Concoit des configurations Docker Compose optimisees.

Claude CodeCopilotadvanced
4301561289Admin

Rapport de Post-Mortem

100
DevOps

Rédige des rapports post-mortem d'incidents structurés et blameless.

claudeCursorWindsurfintermediate
14143338Admin

Créateur de Runbooks

100
DevOps

Crée des runbooks opérationnels clairs pour les procédures DevOps courantes.

claudeCursorWindsurfintermediate
10832262Admin