← Back to Skills

Container Scan Hadolint

🌐Community
by vchirrav · vlatest · Repository

This skill uses Hadolint to automatically scan Docker containers for security vulnerabilities and coding issues, improving container security posture.

Install on your platform

We auto-selected Claude Code based on this skill’s supported platforms.

1

Run in terminal (recommended)

terminal
claude mcp add container-scan-hadolint npx -- -y @trustedskills/container-scan-hadolint
2

Or manually add to ~/.claude/settings.json

~/.claude/settings.json
{
  "mcpServers": {
    "container-scan-hadolint": {
      "command": "npx",
      "args": [
        "-y",
        "@trustedskills/container-scan-hadolint"
      ]
    }
  }
}

Requires Claude Code (claude CLI). Run claude --version to verify your install.

About This Skill

What it does

This skill performs container image scanning and Hadolint analysis to identify potential security vulnerabilities and Dockerfile anti-patterns. It analyzes container images for known vulnerabilities using a vulnerability scanner, and then checks the Dockerfile against Hadolint's ruleset to ensure best practices are followed. The results of both scans are presented in a structured format.

When to use it

  • Dockerfile review: Before deploying a new container image, use this skill to proactively identify and fix potential issues.
  • Security audits: Integrate into CI/CD pipelines for automated security checks during the build process.
  • Vulnerability assessment: Regularly scan existing container images in your registry to detect newly discovered vulnerabilities.
  • Compliance checks: Ensure Dockerfiles adhere to organizational standards and best practices.

Key capabilities

  • Container image vulnerability scanning
  • Dockerfile Hadolint analysis
  • Structured reporting of findings
  • Integration with CI/CD pipelines (implied)

Example prompts

  • "Scan this container image: docker.io/nginx:latest and report any vulnerabilities."
  • "Analyze this Dockerfile for anti-patterns: /path/to/Dockerfile"
  • “Run a security scan on my application’s Docker image, including Hadolint checks.”

Tips & gotchas

  • The skill requires access to the container image or Dockerfile being analyzed. Ensure appropriate permissions are granted.
  • Vulnerability scanning results depend on the accuracy and completeness of the underlying vulnerability database.
View Repository →

Tags

🛡️

TrustedSkills Verification

Unlike other registries that point to live repositories, TrustedSkills pins every skill to a verified commit hash. This protects you from malicious updates — what you install today is exactly what was reviewed and verified.

Security Audits

Gen Agent Trust HubPass
SocketPass
SnykPass

Details

Version
vlatest
License
Author
vchirrav
Installs
3
Repository (canonical source) →

🌐 Community

Passed automated security scans.