docksec 2026.5.22

AI-Powered Docker Security Analyzer

DockSec

AI-powered Docker security scanner that explains vulnerabilities in plain English

---

What is DockSec?

DockSec is an OWASP Incubator Project that bridges the gap between complex security scan results and actionable developer fixes. It integrates industry-standard scanners (Trivy, Hadolint, Docker Scout) with advanced AI to provide context-aware security analysis.

Instead of overwhelming you with a list of 200+ CVEs, DockSec:

• Prioritizes what actually affects your specific container setup.
• Explains vulnerabilities in plain English, not just security jargon.
• Suggests specific, line-by-line fixes for your Dockerfile.
• Generates professional, interactive security reports for your team.

Think of it as having a security expert sitting right next to you, reviewing your Dockerfiles in real-time.

---

How It Works

DockSec workflow: From scanning to actionable insights

DockSec follows a robust four-stage pipeline:

1. Scan: Runs Trivy, Hadolint, and Docker Scout locally on your environment.
2. Analyze: AI correlates findings across all scanners to remove noise and assess real-world impact.
3. Recommend: Generates human-readable explanations and specific remediation steps.
4. Report: Exports actionable results in JSON, PDF, HTML, or Markdown formats.

---

Leaders

DockSec is led by a dedicated team committed to making container security accessible.

• Advait Patel - Project Lead

For questions or discussions, please join the #project-docksec channel on OWASP Slack.

---

Quick Start

GitHub Action

Integrate DockSec into your GitHub Actions workflow:

- name: Run DockSec AI Scanner
  uses: OWASP/DockSec@main
  with:
    dockerfile: 'Dockerfile'
    openai_api_key: ${{ secrets.OPENAI_API_KEY }}

CLI Usage

# Install DockSec
pip install docksec

# Scan a Dockerfile (AI-powered)
# Reports will be saved to ~/.docksec/results/
docksec Dockerfile

# Scan Dockerfile + Docker image
docksec Dockerfile -i myapp:latest

# Fast scan only (no AI)
docksec Dockerfile --scan-only

---

Features

• Smart Analysis: AI explains what vulnerabilities mean for your specific setup.
• Multi-LLM Support: Use OpenAI, Anthropic Claude, Google Gemini, or local models via Ollama.
• Deep Integration: Combines Trivy (vulnerabilities), Hadolint (linting), and Docker Scout.
• Security Scoring: Get a 0-100 score to track your security posture over time.
• Centralized Reporting: All reports are neatly organized in ~/.docksec/results/ by default.
• Rich Formats: Professional exports in HTML (interactive), PDF, JSON, and CSV.
• CI/CD Ready: Designed for easy integration into GitHub Actions and build pipelines.
• GitHub Action: Available on the GitHub Marketplace for automated security scans.

---

Contributing

DockSec thrives on community contributions. Whether you are a developer, designer, or security enthusiast, there are many ways to get involved:

• Code Contributions: Fix bugs or add new features.
• Documentation: Improve guides or create tutorials.
• Issue Reporting: Identify and report bugs.
• Feedback: Share your experience and suggestions.

To get started, check out our Contributing Guidelines, Code of Conduct, and Sponsorship Guide.

---

Community and Social Media

• OWASP Project Page: owasp.org/DockSec/
• OWASP Slack: #project-docksec
• PyPI: pypi.org/project/docksec/
• Issues: Report a bug

---

If DockSec helps you, give it a ⭐ to help others discover it!
Built with ❤️ by Advait Patel and the OWASP community.