KNEL/TSYSDevStack
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
80d5c64eb94faefa28124e17a5a7b4f1e65d8a2e
TSYSDevStack/ToolboxStack/output/toolbox-QADocker/README.md
ReachableCEO ab57e3a3a1 feat: Update toolbox-base and template with latest Docker configurations and documentation 
\n- Updated Dockerfiles in both toolbox-base and toolbox-template
- Modified build scripts and docker-compose configurations
- Added new audit tools and documentation files
- Created new toolbox-DocStack and toolbox-QADocker implementations
- Updated README and maintenance documentation
2025-10-31 12:46:36 -05:00

85 lines
2.4 KiB
Markdown
Raw Blame History

# 🛡️ Docker QA Toolbox
A specialized development environment for Docker image auditing, security scanning, and quality assurance.
## 🚀 Quick Start
```bash
cd output/toolbox-QADocker
./build.sh # build the image with UID/GID matching your host
./run.sh up # launch the toolbox-qadocker service in the background
docker exec -it tsysdevstack-toolboxstack-toolbox-qadocker zsh
```
Use `./run.sh down` to stop the container when you are finished.
## 🧰 Included Tools
### Security Scanning
- **Trivy** - Comprehensive vulnerability scanner for containers and code
- **ClamAV** - Antivirus scanner for file system analysis
- **Hadolint** - Dockerfile linter for best practices
### Docker Analysis
- **Dockerfilelint** - Node.js-based Dockerfile linter
- **Docker** - Docker CLI with access to host Docker daemon via socket
- **Docker Buildx** - Docker CLI plugin for extended build capabilities
### Development Tools
- **Git** - Version control system
- **Zsh** - Interactive shell with Oh My Zsh framework
- **Mise** - Runtime manager for language versions
- **Aqua** - CLI tool manager
- **YQ** - YAML/JSON processor
- **JQ** - JSON processor
## 📋 QA Workflows
### Security Scanning
```bash
# Scan a Docker image with Trivy
trivy image <your-image-name>
# Scan a Dockerfile with Hadolint
hadolint Dockerfile
# Scan a Dockerfile with dockerfilelint
dockerfilelint Dockerfile
```
### Image Analysis
```bash
# Analyze image layers and size
docker history <your-image-name>
# Extract image contents for analysis
docker save <your-image-name> -o image.tar
tar -xf image.tar
```
### Best Practices Validation
The toolbox includes tools to validate Docker best practices:
- Hadolint for Dockerfile best practices
- Trivy for security vulnerabilities
- Docker's own best practices recommendations
## ⚙️ Configuration
The toolbox is configured to:
- Run as a non-root user with host UID/GID mapping
- Access the host Docker daemon via socket mounting
- Include both Docker build and runtime analysis tools
- Follow security best practices (no sudo, minimal attack surface)
## 🔐 Security Features
- Non-root user execution with UID/GID mapping
- Sudo is removed from the final image
- Multi-stage build minimizing attack surface
- Regular security scanning capabilities
## 🤖 AI Agent
This toolbox is maintained by **ToolboxBot**, an AI agent focused on Docker QA tooling.
## 📄 License
See [LICENSE](../LICENSE) for full terms.
Reference in New Issue View Git Blame Copy Permalink