KNEL/TSYSDevStack
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
ab57e3a3a1e31e10517313fdab0edfa9426c8666
TSYSDevStack/ToolboxStack/output/toolbox-QADocker/README.md
ReachableCEO ab57e3a3a1 feat: Update toolbox-base and template with latest Docker configurations and documentation 
\n- Updated Dockerfiles in both toolbox-base and toolbox-template
- Modified build scripts and docker-compose configurations
- Added new audit tools and documentation files
- Created new toolbox-DocStack and toolbox-QADocker implementations
- Updated README and maintenance documentation
2025-10-31 12:46:36 -05:00

2.4 KiB
Raw Blame History

🛡️ Docker QA Toolbox

A specialized development environment for Docker image auditing, security scanning, and quality assurance.

🚀 Quick Start

cd output/toolbox-QADocker
./build.sh        # build the image with UID/GID matching your host
./run.sh up       # launch the toolbox-qadocker service in the background
docker exec -it tsysdevstack-toolboxstack-toolbox-qadocker zsh

Use ./run.sh down to stop the container when you are finished.

🧰 Included Tools

Security Scanning

  • Trivy - Comprehensive vulnerability scanner for containers and code
  • ClamAV - Antivirus scanner for file system analysis
  • Hadolint - Dockerfile linter for best practices

Docker Analysis

  • Dockerfilelint - Node.js-based Dockerfile linter
  • Docker - Docker CLI with access to host Docker daemon via socket
  • Docker Buildx - Docker CLI plugin for extended build capabilities

Development Tools

  • Git - Version control system
  • Zsh - Interactive shell with Oh My Zsh framework
  • Mise - Runtime manager for language versions
  • Aqua - CLI tool manager
  • YQ - YAML/JSON processor
  • JQ - JSON processor

📋 QA Workflows

Security Scanning

# Scan a Docker image with Trivy
trivy image <your-image-name>

# Scan a Dockerfile with Hadolint
hadolint Dockerfile

# Scan a Dockerfile with dockerfilelint
dockerfilelint Dockerfile

Image Analysis

# Analyze image layers and size
docker history <your-image-name>

# Extract image contents for analysis
docker save <your-image-name> -o image.tar
tar -xf image.tar

Best Practices Validation

The toolbox includes tools to validate Docker best practices:

  • Hadolint for Dockerfile best practices
  • Trivy for security vulnerabilities
  • Docker's own best practices recommendations

⚙️ Configuration

The toolbox is configured to:

  • Run as a non-root user with host UID/GID mapping
  • Access the host Docker daemon via socket mounting
  • Include both Docker build and runtime analysis tools
  • Follow security best practices (no sudo, minimal attack surface)

🔐 Security Features

  • Non-root user execution with UID/GID mapping
  • Sudo is removed from the final image
  • Multi-stage build minimizing attack surface
  • Regular security scanning capabilities

🤖 AI Agent

This toolbox is maintained by ToolboxBot, an AI agent focused on Docker QA tooling.

📄 License

See LICENSE for full terms.