DockSec is an AI-powered Docker security analyzer designed for developers and DevSecOps teams to identify, prioritize, and remediate security vulnerabilities in Dockerfiles and container images. It enhances traditional static analysis tools by integrating a Large Language Model (LLM) via LangChain to provide context-aware recommendations and risk scoring, aiming to simplify and improve the security posture of containerized applications.

How It Works

DockSec combines established static analysis tools (Trivy, Hadolint, Docker Bench) with an AI layer powered by LangChain and an LLM. This hybrid approach analyzes Dockerfiles and container images, then leverages the AI to interpret findings, generate actionable remediation suggestions, and assign a security score. The system prioritizes developer experience by offering clear, context-rich insights and human-readable reports, distinguishing it from tools that output raw, overwhelming data.

Quick Start & Requirements

• Installation: pip install docksec
• AI Functionality: Requires setting the OPENAI_API_KEY environment variable.
• Dependencies: langchain, langchain-openai, python-dotenv, pandas, tqdm, colorama, rich, fpdf.
• External Tools: Trivy and Hadolint can be installed via python .\setup_external_tools.py or manually.
• Usage: docksec <path/to/Dockerfile> with options for specifying images (-i), output files (-o), AI-only analysis (--ai-only), or scan-only modes (--scan-only).

Highlighted Details

• AI-powered remediation suggestions and risk scoring.
• Developer-first approach with prioritized, actionable insights.
• Generates reports in HTML, PDF, and JSON formats.
• Supports CLI usage and CI/CD integration.

Maintenance & Community

The project encourages contributions and feedback via GitHub issues. Links to LinkedIn and Twitter/X are provided for community engagement.

Licensing & Compatibility

Licensed under the MIT license, permitting commercial use and integration with closed-source projects.

Limitations & Caveats

Full AI functionality is dependent on an OpenAI API key. While it integrates external tools, their setup might require manual intervention if the provided script fails.