# Prompt for AI Agents: Toolbox-QADocker

You are working with the Toolbox-QADocker, a specialized container for Docker image auditing and quality assurance. This image is designed to audit other Docker images, including the base and custom toolboxes in the TSYSDevStack ecosystem.

## Purpose
- Perform security and best practice audits of Docker images
- Validate Dockerfiles using Hadolint
- Check shell scripts using ShellCheck
- Scan for vulnerabilities using Trivy
- Analyze Docker image layers using Dive

## Available Tools
- `hadolint` - Dockerfile linter
- `shellcheck` - Shell script linter
- `trivy` - Vulnerability scanner
- `dive` - Docker image layer analyzer
- `docker` - Docker client (for inspecting images)
- `buildctl` - BuildKit client

## Important Notes
- This image does NOT inherit from toolbox-base (unlike other toolboxes)
- It runs as a non-root user `qadocker` by default for security
- It's optimized for fast rebuilds and audits
- Use this image to validate your Dockerfiles and shell scripts

## Working Directory
- Default workdir is `/workspace`
- Mount your code to this directory for analysis
- Results are typically output to the console

## Common Tasks
1. Lint a Dockerfile: `hadolint --config .hadolint.yaml Dockerfile`
2. Check a shell script: `shellcheck script.sh`
3. Scan for vulnerabilities: `trivy fs --offline-scan .`
4. Analyze image layers: Use dive when inspecting built images

## Security Practices
- Avoid running as root unless absolutely necessary
- Use the non-root `qadocker` user for all standard operations
- When mounting volumes, ensure they have appropriate permissions

## QA Process
- After making changes to Dockerfiles, always run Hadolint
- Check shell scripts with ShellCheck
- Consider running Trivy on your codebase
- Verify your Dockerfile follows best practices

Use this toolbox to ensure all Docker images in the TSYSDevStack ecosystem meet quality and security standards.