- Home
- Skills
- Physics91
- Claude Vibe
- Docker Reviewer
docker-reviewer_skill
- TypeScript
1
GitHub Stars
1
Bundled Files
2 months ago
Catalog Refreshed
4 months ago
First Indexed
Readme & install
Copy the install command, review bundled files from the catalogue, and read any extended description pulled from the listing source.
Installation
Preview and clipboard use veilstrat where the catalogue uses aiagentskills.
npx veilstrat add skill physics91/claude-vibe --skill docker-reviewer- SKILL.md7.4 KB
Overview
This skill reviews Dockerfiles and docker-compose configurations to improve image size, build speed, security, and runtime reliability. It highlights multi-stage build opportunities, layer-caching improvements, secret handling, and compose production hardening. The goal is actionable fixes you can apply in CI or locally to reduce image size, speed builds, and reduce attack surface.
How this skill works
The skill scans project files for Dockerfile variants, .dockerignore, and docker-compose YAML. It detects base-image choices, layer ordering that impacts cache, missing multi-stage builds, security issues (running as root, secrets in image, unpinned tags), and compose omissions (resource limits, healthchecks). It produces prioritized findings with concrete remediation steps and sample snippets for fixes.
When to use it
- Perform code review on Dockerfiles before merge
- Optimize image size and build time for CI pipelines
- Audit container security and remove secrets from images
- Harden docker-compose for production deployments
- Detect layer-caching regressions after refactors
Best practices
- Use slim/alpine/distroless base images and pin exact versions
- Adopt multi-stage builds to separate build-time and runtime artifacts
- Order COPY and RUN to maximize layer cache (copy package files before source)
- Keep secrets out of layers; use BuildKit secrets or CI secret mounts
- Add USER, HEALTHCHECK, resource limits, and restart policies in compose
- Combine RUN steps and clean caches in the same layer to reduce image size
Example use cases
- Convert a single-stage Node image into a multi-stage builder/runner to cut size
- Reorder Dockerfile to COPY package*.json then npm ci to leverage cache
- Add BuildKit secret mount to avoid embedding credentials during npm install
- Add healthcheck, deploy.resources, and restart policy to docker-compose for production
- Detect and suggest removal of large unwanted files via .dockerignore
FAQ
No. It produces concrete recommendations and example patches; you apply changes in your repo or CI pipeline.
Does it scan Kubernetes manifests or Terraform?
No. It focuses on Dockerfiles and docker-compose. Use k8s-reviewer for Kubernetes and terraform-reviewer for Terraform.