ReachableCEO
ab57e3a3a1
\n- Updated Dockerfiles in both toolbox-base and toolbox-template - Modified build scripts and docker-compose configurations - Added new audit tools and documentation files - Created new toolbox-DocStack and toolbox-QADocker implementations - Updated README and maintenance documentation
🛡️ Docker QA Toolbox
A specialized development environment for Docker image auditing, security scanning, and quality assurance.
🚀 Quick Start
cd output/toolbox-QADocker
./build.sh # build the image with UID/GID matching your host
./run.sh up # launch the toolbox-qadocker service in the background
docker exec -it tsysdevstack-toolboxstack-toolbox-qadocker zsh
Use ./run.sh down to stop the container when you are finished.
🧰 Included Tools
Security Scanning
- Trivy - Comprehensive vulnerability scanner for containers and code
- ClamAV - Antivirus scanner for file system analysis
- Hadolint - Dockerfile linter for best practices
Docker Analysis
- Dockerfilelint - Node.js-based Dockerfile linter
- Docker - Docker CLI with access to host Docker daemon via socket
- Docker Buildx - Docker CLI plugin for extended build capabilities
Development Tools
- Git - Version control system
- Zsh - Interactive shell with Oh My Zsh framework
- Mise - Runtime manager for language versions
- Aqua - CLI tool manager
- YQ - YAML/JSON processor
- JQ - JSON processor
📋 QA Workflows
Security Scanning
# Scan a Docker image with Trivy
trivy image <your-image-name>
# Scan a Dockerfile with Hadolint
hadolint Dockerfile
# Scan a Dockerfile with dockerfilelint
dockerfilelint Dockerfile
Image Analysis
# Analyze image layers and size
docker history <your-image-name>
# Extract image contents for analysis
docker save <your-image-name> -o image.tar
tar -xf image.tar
Best Practices Validation
The toolbox includes tools to validate Docker best practices:
- Hadolint for Dockerfile best practices
- Trivy for security vulnerabilities
- Docker's own best practices recommendations
⚙️ Configuration
The toolbox is configured to:
- Run as a non-root user with host UID/GID mapping
- Access the host Docker daemon via socket mounting
- Include both Docker build and runtime analysis tools
- Follow security best practices (no sudo, minimal attack surface)
🔐 Security Features
- Non-root user execution with UID/GID mapping
- Sudo is removed from the final image
- Multi-stage build minimizing attack surface
- Regular security scanning capabilities
🤖 AI Agent
This toolbox is maintained by ToolboxBot, an AI agent focused on Docker QA tooling.
📄 License
See LICENSE for full terms.