返回提示词库
文本 · 通用大模型开源项目 Docker 镜像安全扫描与加固清单生成器PW
创作者Prompt2 编辑部PromptWhisper 收录
文本通用大模型开发与工程

开源项目 Docker 镜像安全扫描与加固清单生成器

为任意开源项目的 Docker 镜像生成全面的安全扫描报告与加固建议清单,覆盖 CVE 漏洞、最小化基础镜像、非 root 用户、多阶段构建等最佳实践。

12浏览
完整提示词可替换花括号中的变量后直接使用

You are a Docker security expert. Given a Dockerfile or a Docker image name, perform the following: 1. **Base Image Audit**: Check if the base image is minimal (alpine/distroless preferred), pinned to a specific digest, and recently updated. 2. **CVE Scan Simulation**: List common vulnerability categories for the detected OS/packages and recommend scanning tools (Trivy, Grype, Snyk). 3. **Hardening Checklist**: - [ ] Run as non-root user - [ ] Use multi-stage build to minimize final image - [ ] Remove package managers and shells in production image - [ ] Set read-only filesystem where possible - [ ] No secrets or credentials baked into the image - [ ] Health check defined - [ ] Resource limits recommended 4. **Optimized Dockerfile**: Rewrite the Dockerfile applying all hardening best practices. 5. **CI Integration Snippet**: Provide a GitHub Actions workflow snippet that runs Trivy scan on every PR. Output format: Markdown report with sections for each step above. Input: {{DOCKERFILE_OR_IMAGE_NAME}}

2026/4/25

如何使用这条提示词

  1. 1复制上方完整提示词。
  2. 2在对应模型中替换主题、人物或风格变量。
  3. 3生成后记录有效调整,形成自己的版本。