644 B
644 B
Docker Profile
Use when the repository has Dockerfile, compose.yml, or deployment container artifacts.
Checks
Look for:
- secrets copied into images,
.envfiles committed,- broad build contexts,
- unpinned base images,
- root-only runtime when avoidable,
- exposed ports documented in README.
Commands
Common placeholders:
BUILD_COMMAND = docker build -t PROJECT_NAME .
TEST_COMMAND = docker compose config
AUDIT_COMMAND = docker scout cves PROJECT_NAME
Use only commands that are available in the target environment.
Ignore Additions
.env
.env.*
!.env.example
docker-compose.override.yml