# Docker Profile

Use when the repository has `Dockerfile`, `compose.yml`, or deployment container artifacts.

## Checks

Look for:

- secrets copied into images,
- `.env` files committed,
- broad build contexts,
- unpinned base images,
- root-only runtime when avoidable,
- exposed ports documented in README.

## Commands

Common placeholders:

```text
BUILD_COMMAND = docker build -t PROJECT_NAME .
TEST_COMMAND = docker compose config
AUDIT_COMMAND = docker scout cves PROJECT_NAME
```

Use only commands that are available in the target environment.

## Ignore Additions

```text
.env
.env.*
!.env.example
docker-compose.override.yml
```