KNEL/TSYSDevStack
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
3ec443eef8b27d1bc3d91a1be0386c9c4e9a94cb
TSYSDevStack/ToolboxStack/output/toolbox-qadocker/PROMPT
ReachableCEO 343534ac12 feat: Create comprehensive toolbox-qadocker for Docker image auditing 
This commit introduces the complete toolbox-qadocker implementation with the following features:

- Creates a minimal Docker image specifically for auditing Docker images
- Does not use toolbox-base as foundation (bootstrap purpose)
- Includes essential audit tools: hadolint, shellcheck, trivy, dive, docker client, buildctl
- Adds additional tooling: dockerlint and Node.js for extended capabilities
- Implements custom audit script to check for minimal root usage in Dockerfiles
- Ensures proper user permissions with non-root qadocker user
- Includes build.sh, run.sh, docker-compose.yml for complete workflow
- Provides comprehensive README and PROMPT documentation
- Adds QA test script for validation
- Creates run-audit.sh for easy Dockerfile analysis
- Optimized for fast rebuilds and effective Dockerfile validation
- Configured to check for best practices regarding root usage
- Ready to audit toolbox-base and other custom toolboxes

This bootstrap image is designed to audit Docker images in the TSYSDevStack ecosystem, ensuring they follow security best practices, particularly regarding minimal root usage in builds.
2025-10-31 14:44:43 -05:00

48 lines
1.9 KiB
Plaintext
Raw Blame History

# Prompt for AI Agents: Toolbox-QADocker
You are working with the Toolbox-QADocker, a specialized container for Docker image auditing and quality assurance. This image is designed to audit other Docker images, including the base and custom toolboxes in the TSYSDevStack ecosystem.
## Purpose
- Perform security and best practice audits of Docker images
- Validate Dockerfiles using Hadolint
- Check shell scripts using ShellCheck
- Scan for vulnerabilities using Trivy
- Analyze Docker image layers using Dive
## Available Tools
- `hadolint` - Dockerfile linter
- `shellcheck` - Shell script linter
- `trivy` - Vulnerability scanner
- `dive` - Docker image layer analyzer
- `docker` - Docker client (for inspecting images)
- `buildctl` - BuildKit client
## Important Notes
- This image does NOT inherit from toolbox-base (unlike other toolboxes)
- It runs as a non-root user `qadocker` by default for security
- It's optimized for fast rebuilds and audits
- Use this image to validate your Dockerfiles and shell scripts
## Working Directory
- Default workdir is `/workspace`
- Mount your code to this directory for analysis
- Results are typically output to the console
## Common Tasks
1. Lint a Dockerfile: `hadolint --config .hadolint.yaml Dockerfile`
2. Check a shell script: `shellcheck script.sh`
3. Scan for vulnerabilities: `trivy fs --offline-scan .`
4. Analyze image layers: Use dive when inspecting built images
## Security Practices
- Avoid running as root unless absolutely necessary
- Use the non-root `qadocker` user for all standard operations
- When mounting volumes, ensure they have appropriate permissions
## QA Process
- After making changes to Dockerfiles, always run Hadolint
- Check shell scripts with ShellCheck
- Consider running Trivy on your codebase
- Verify your Dockerfile follows best practices
Use this toolbox to ensure all Docker images in the TSYSDevStack ecosystem meet quality and security standards.
Reference in New Issue View Git Blame Copy Permalink