- Home
- Skills
- Williamzujkowski
- Cognitive Toolworks
- Container Image Optimizer
container-image-optimizer_skill
- Python
5
GitHub Stars
2
Bundled Files
2 months ago
Catalog Refreshed
4 months ago
First Indexed
Readme & install
Copy the install command, review bundled files from the catalogue, and read any extended description pulled from the listing source.
Installation
Preview and clipboard use veilstrat where the catalogue uses aiagentskills.
npx veilstrat add skill williamzujkowski/cognitive-toolworks --skill container-image-optimizer- CHANGELOG.md1.0 KB
- SKILL.md11.2 KB
Overview
This skill generates optimized Dockerfiles and supporting artifacts to produce minimal, secure container images using multi-stage builds and language-aware optimizations. It includes production hardening, vulnerability scanning, and actionable remediation guidance to meet safety and size targets. Outputs include Dockerfile, .dockerignore, build commands, and security reports tailored to the application's language and build type.
How this skill works
Given validated inputs (language, build_type, base_image, exposed_port), the skill creates a multi-stage Dockerfile that separates build and runtime stages, copies only artifacts, and configures a non-root runtime. For production tiers it selects minimal bases (distroless/scratch), optimizes layer ordering and caching, runs vulnerability scanners (Trivy/Grype), and produces a security report with CVE counts and remediation steps. Advanced mode adds multi-arch buildx configuration, SBOM generation, and CI/CD pipeline snippets.
When to use it
- Containerizing an app where image size and security matter
- Converting an existing Dockerfile to multi-stage and reducing layers
- Preparing production images with vulnerability scans and hardening
- Setting up multi-architecture builds for ARM64 and AMD64
- Optimizing build times using BuildKit cache and mount features
Best practices
- Use multi-stage builds: keep build tools out of the final image
- Pin base image tags and dependency versions for reproducibility
- Run runtime as a non-root user and set read-only root where possible
- Optimize layer ordering and combine RUN statements to reduce layers
- Scan images in CI and block builds for Critical CVEs; track High/Medium
Example use cases
- Generate a Node.js multi-stage Dockerfile that installs production deps with npm ci and copies only build artifacts
- Produce a Go scratch-based image with CGO disabled and static binary for minimal footprint
- Create a production Dockerfile using distroless, add non-root user, and run Trivy with a remediation report
- Add buildx configuration and GitHub Actions workflow for multi-arch builds and automated scanning
- Convert a legacy single-stage Dockerfile into an optimized, layer-ordered, cache-friendly multi-stage file
FAQ
Supported languages: nodejs, python, go, java, rust. The skill infers package managers and build steps per language.
Which scanner is used and when are builds blocked?
Trivy or Grype are used for T2+; builds are blocked on Critical CVEs and flagged for review on High CVEs.