← Back to Skills

Container Scan Hadolint

🌐Community
by vchirrav · vlatest · Repository

This skill uses Hadolint to automatically scan Docker containers for security vulnerabilities and code style issues, improving container security posture.

Install on your platform

We auto-selected Claude Code based on this skill’s supported platforms.

1

Run in terminal (recommended)

terminal
claude mcp add vchirrav-container-scan-hadolint npx -- -y @trustedskills/vchirrav-container-scan-hadolint
2

Or manually add to ~/.claude/settings.json

~/.claude/settings.json
{
  "mcpServers": {
    "vchirrav-container-scan-hadolint": {
      "command": "npx",
      "args": [
        "-y",
        "@trustedskills/vchirrav-container-scan-hadolint"
      ]
    }
  }
}

Requires Claude Code (claude CLI). Run claude --version to verify your install.

About This Skill

What it does

This skill performs container image scanning using Hadolint, a tool that analyzes Dockerfiles for common errors and anti-patterns. It identifies potential security vulnerabilities and inefficiencies in the Dockerfile based on best practices. The skill helps ensure images are built securely and efficiently by flagging issues related to caching, base image selection, and command usage.

When to use it

  • Dockerfile Review: Before deploying a containerized application, scan the Dockerfile to proactively identify and fix potential problems.
  • CI/CD Pipeline Integration: Integrate Hadolint scanning into your CI/CD pipeline to automatically check for issues during image builds.
  • Security Audits: As part of a broader security audit process, use this skill to assess the quality and security posture of container images.
  • Developer Training: Help developers learn best practices by providing feedback on their Dockerfile structure and content.

Key capabilities

  • Dockerfile analysis
  • Hadolint integration
  • Security vulnerability identification (through Dockerfile anti-patterns)
  • Efficiency improvement suggestions within Dockerfiles

Example prompts

  • "Scan this Dockerfile for Hadolint issues: [Dockerfile Content]"
  • "Analyze the following Dockerfile and report any potential security concerns: [Dockerfile Content]"
  • "Check this Dockerfile against best practices using Hadolint: [Dockerfile Content]"

Tips & gotchas

  • Requires a valid Dockerfile as input. The skill will not function without a properly formatted Dockerfile to analyze.
View Repository →

Tags

🛡️

TrustedSkills Verification

Unlike other registries that point to live repositories, TrustedSkills pins every skill to a verified commit hash. This protects you from malicious updates — what you install today is exactly what was reviewed and verified.

Security Audits

Gen Agent Trust HubPass
SocketPass
SnykPass

Details

Version
vlatest
License
Author
vchirrav
Installs
2
Repository (canonical source) →

🌐 Community

Passed automated security scans.