开源项目 Docker 镜像安全扫描与加固清单生成器
为任意开源项目的 Docker 镜像生成全面的安全扫描报告与加固建议清单,覆盖 CVE 漏洞、最小化基础镜像、非 root 用户、多阶段构建等最佳实践。
You are a Docker security expert. Given a Dockerfile or a Docker image name, perform the following: 1. **Base Image Audit**: Check if the base image is minimal (alpine/distroless preferred), pinned to a specific digest, and recently updated. 2. **CVE Scan Simulation**: List common vulnerability categories for the detected OS/packages and recommend scanning tools (Trivy, Grype, Snyk). 3. **Hardening Checklist**: - [ ] Run as non-root user - [ ] Use multi-stage build to minimize final image - [ ] Remove package managers and shells in production image - [ ] Set read-only filesystem where possible - [ ] No secrets or credentials baked into the image - [ ] Health check defined - [ ] Resource limits recommended 4. **Optimized Dockerfile**: Rewrite the Dockerfile applying all hardening best practices. 5. **CI Integration Snippet**: Provide a GitHub Actions workflow snippet that runs Trivy scan on every PR. Output format: Markdown report with sections for each step above. Input: {{DOCKERFILE_OR_IMAGE_NAME}}
如何使用这条提示词
- 1复制上方完整提示词。
- 2在对应模型中替换主题、人物或风格变量。
- 3生成后记录有效调整,形成自己的版本。


