feat: implement toolbox-qadocker for Docker image auditing and QA

- Create specialized toolbox container for auditing Docker images and related files
- Include essential QA tools: Hadolint, Dive, ShellCheck, Trivy, Dockle, Docker client, Node.js
- Implement comprehensive build, run, release, and test scripts
- Add detailed documentation with usage examples
- Ensure all tools work correctly within the container
- Rename directory from toolbox-QADocker to toolbox-qadocker for consistency
- Update QWEN.md with comprehensive QA workflow using toolbox-qadocker
- Add mandatory pre-build audit process using QA tools
- Add validation process for testing from inside container environment
- Add comprehensive testing to verify all tools are working
- Optimize Dockerfile for best practices and security
- Ensure container runs as non-root user for security
- Add release script for versioned releases to registry
- Add test script to verify all tools are working correctly

ToolboxStack/output/toolbox-qadocker/Dockerfile

@@ -2,73 +2,67 @@ FROM ubuntu:24.04
 
 # Prevent interactive prompts during package installation
 ENV DEBIAN_FRONTEND=noninteractive
-ENV APT_KEY_DONT_WARN_ON_DANGEROUS_USAGE=DontWarn
 
-# Update package lists and install basic tools
+# Install dependencies needed for tools
 RUN apt-get update && apt-get install -y --no-install-recommends \
+    ca-certificates \
     curl \
     wget \
     git \
     unzip \
-    ca-certificates \
     gnupg \
     lsb-release \
-    xz-utils \
+    software-properties-common \
     && rm -rf /var/lib/apt/lists/*
 
 # Create a non-root user for running tools
 RUN groupadd -r qadocker && useradd -r -g qadocker -m -s /bin/bash qadocker
 
-# Install Hadolint for Dockerfile linting
-RUN curl -sL https://github.com/hadolint/hadolint/releases/latest/download/hadolint-Linux-x86_64 -o /usr/local/bin/hadolint \
-    && chmod 755 /usr/local/bin/hadolint
+# Install Hadolint
+RUN wget -q -O /usr/local/bin/hadolint \
+    https://github.com/hadolint/hadolint/releases/latest/download/hadolint-$(uname -s)-$(uname -m) && \
+    chmod +x /usr/local/bin/hadolint
 
-# Install ShellCheck for shell script linting
-RUN curl -sL https://github.com/koalaman/shellcheck/releases/download/stable/shellcheck-stable.linux.x86_64.tar.xz -o /tmp/shellcheck.tar.xz \
-    && tar -xJf /tmp/shellcheck.tar.xz -C /tmp \
-    && cp /tmp/shellcheck-*/shellcheck /usr/local/bin/ \
-    && rm -rf /tmp/shellcheck*
-
-# Install Docker client
-RUN curl -sL https://download.docker.com/linux/static/stable/x86_64/docker-24.0.7.tgz -o /tmp/docker.tgz \
-    && tar -xzf /tmp/docker.tgz -C /tmp \
-    && cp /tmp/docker/* /usr/local/bin/ \
-    && rm -rf /tmp/docker*
-
-# Install Dive for Docker image analysis
-RUN curl -sL https://github.com/wagoodman/dive/releases/download/v0.11.0/dive_0.11.0_linux_amd64.deb -o /tmp/dive.deb \
-    && apt-get update && apt-get install -y --no-install-recommends /tmp/dive.deb \
-    && rm /tmp/dive.deb
-
-# Install additional auditing tools
-RUN curl -sL https://github.com/aquasecurity/trivy/releases/download/v0.67.2/trivy_0.67.2_Linux-64bit.tar.gz -o /tmp/trivy.tar.gz \
-    && tar -xzf /tmp/trivy.tar.gz -C /tmp \
-    && cp /tmp/trivy /usr/local/bin/trivy \
-    && rm -rf /tmp/trivy*
-
-# Install Dockerfile optimization and analysis tools
-RUN curl -sL https://github.com/moby/buildkit/releases/download/v0.11.0/buildkit-v0.11.0.linux-amd64.tar.gz -o /tmp/buildkit.tar.gz \
-    && tar -xzf /tmp/buildkit.tar.gz -C /tmp \
-    && find /tmp -name buildctl -exec cp {} /usr/local/bin/ \; \
-    && find /tmp -name buildkitd -exec cp {} /usr/local/bin/ \; \
-    && rm -rf /tmp/buildkit*
-
-# Install Node.js to run additional linting tools
-RUN curl -sL https://deb.nodesource.com/setup_18.x | bash - && \
-    apt-get update && apt-get install -y --no-install-recommends nodejs && \
+# Install Dive
+RUN wget -q -O /tmp/dive_0.10.0_linux_amd64.deb \
+    https://github.com/wagoodman/dive/releases/download/v0.10.0/dive_0.10.0_linux_amd64.deb && \
+    apt-get update && apt-get install -y --no-install-recommends /tmp/dive_0.10.0_linux_amd64.deb && \
+    rm /tmp/dive_0.10.0_linux_amd64.deb && \
     rm -rf /var/lib/apt/lists/*
 
-# Install dockerlint for additional Dockerfile checking
-RUN npm install -g dockerlint
+# Install ShellCheck
+RUN apt-get update && apt-get install -y --no-install-recommends shellcheck && \
+    rm -rf /var/lib/apt/lists/*
 
-# Set working directory
-WORKDIR /workspace
+# Install Trivy (vulnerability scanner)
+RUN wget -qO - https://aquasecurity.github.io/trivy-repo/deb/public.key | gpg --dearmor -o /usr/share/keyrings/trivy.gpg && \
+    echo "deb [signed-by=/usr/share/keyrings/trivy.gpg] https://aquasecurity.github.io/trivy-repo/deb generic main" | tee -a /etc/apt/sources.list.d/trivy.list && \
+    apt-get update && \
+    apt-get install -y trivy && \
+    rm -rf /var/lib/apt/lists/*
 
-# Change ownership of workspace directory to qadocker user
-RUN chown -R qadocker:qadocker /workspace
+# Install Dockle (container linter)
+RUN wget -q -O dockle_0.4.5_linux_amd64.deb \
+    https://github.com/goodwithtech/dockle/releases/download/v0.4.5/dockle_0.4.5_Linux-64bit.deb && \
+    apt-get update && apt-get install -y --no-install-recommends ./dockle_0.4.5_linux_amd64.deb && \
+    rm dockle_0.4.5_linux_amd64.deb && \
+    rm -rf /var/lib/apt/lists/*
+
+# Install Docker client
+RUN curl -fsSL https://get.docker.com -o get-docker.sh && \
+    sh get-docker.sh && \
+    rm get-docker.sh
+
+# Install Node.js (may be needed for some tools)
+RUN curl -fsSL https://deb.nodesource.com/setup_lts | bash - && \
+    apt-get install -y --no-install-recommends nodejs && \
+    rm -rf /var/lib/apt/lists/*
+
+# Ensure non-root user has proper permissions for Docker socket if needed
+# This should be handled at runtime via volume mounting
 
 # Switch to non-root user
 USER qadocker
+WORKDIR /home/qadocker
 
-# Set default command
 CMD ["/bin/bash"]