KNEL/TSYSDevStack
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
ab54d694f26d0a9b7df70d341afadccd3d3ac5ab
TSYSDevStack/ToolboxStack/output/toolbox-qadocker/README.md
ReachableCEO ab54d694f2 chore(filesystem): reflect major filesystem restructuring changes 
- Renamed DocStack to dockstack
- Transformed toolbox-template into toolbox-qadocker with new functionality
- Removed NewToolbox.sh script
- Updated PROMPT and configuration files across all toolboxes
- Consolidated audit and testing scripts
- Updated QWEN.md to reflect new filesystem structure as authoritative source
- Merged PROMPT content into QWEN.md as requested

Co-authored-by: Qwen-Coder <qwen-coder@alibabacloud.com>

The filesystem structure has been intentionally restructured and is now the authoritative source of truth for the project organization.
2025-10-31 13:26:39 -05:00

2.3 KiB
Raw Blame History

🧰 TSYSDevStack QA Docker Toolbox

A minimal Docker image designed for auditing, verifying, and testing Docker images and container configurations.

🚀 Quick Start

  1. Build the toolbox

    ./build.sh

  2. Start the toolbox

    ./run.sh up

  3. Access the toolbox

    docker exec -it tsysdevstack-toolboxstack-qadocker bash

  4. Stop the toolbox

    ./run.sh down

🧱 Architecture

  • Base Image: Ubuntu 24.04 (minimal base without extending from toolbox-base)
  • User: Runs as non-root toolbox user (UID/GID mapped to host)
  • Workspace: Mounts current directory to /workspace (read/write)
  • Tools: Contains essential Docker auditing and security tools

🛠️ Included Tools

Docker Auditing & Security

  • Docker CLI: For Docker operations and container management
  • Hadolint: Dockerfile linter for best practices and common errors
  • Dive: Tool to explore Docker image layers and discover inefficiencies
  • Trivy: Comprehensive security scanner for vulnerabilities
  • Grype: Vulnerability scanner for container images
  • Docker Bench Security: Tool for running CIS Docker benchmark tests

Version Control & General Tools

  • Git: For version control operations
  • Lazygit: Terminal UI for Git
  • Curl/Wget: For downloading resources
  • Yq: Command-line YAML processor
  • Xh: Friendly and fast tool for HTTP requests

📂 Project Layout

Path Purpose
Dockerfile Defines the minimal QA Docker image with auditing tools
docker-compose.yml Service configuration for the QA toolbox
build.sh Wrapper around docker build with host UID/GID mapping
run.sh Helper to bring the service up/down
aqua.yaml Configuration for aqua-managed CLI tools
SEED Defines the toolbox's purpose and goals
PROMPT LLM onboarding prompt for future contributors

🤝 Collaboration Notes

  • This is the ONLY image that does NOT extend from toolbox-base (used for bootstrap purposes)
  • Designed for use by AI CLI agents when creating and verifying container images
  • Contains tools for auditing Docker images (hadolint, dive, etc.)
  • Meant to be rebuilt quickly and be easy to extend
  • Follows best security practices for minimal attack surface