UncategorizedVibe Coding Security420 lines

Container and Deployment Security

Quick Summary13 lines

AI-generated Dockerfiles run everything as root, use `latest` tags, embed secrets in environment variables, install unnecessary tools, and skip health checks. The container runs your application in production — every shortcut in the Dockerfile is a vulnerability on your infrastructure.

## Key Points

- `latest` tag — unpredictable builds
- `COPY . .` — includes `.git`, `.env`, `node_modules`, and everything else
- `npm install` — includes devDependencies
- Secrets in ENV — visible in image layers, `docker inspect`, and logs
- Running as root
- Full base image with unnecessary tools (curl, wget, apt — useful for attackers)
- to: # Allow DNS

skilldb get vibe-coding-security-skills/container-deployment-securityFull skill: 420 lines

Install this skill directly: skilldb add vibe-coding-security-skills

Get CLI access →

Related Skills

Container and Deployment Security

Dockerfile Best Practices

What AI Generates

Production Dockerfile

Stage 1: Build

Copy only dependency files first (layer caching)

Copy application code

Stage 2: Production

Install security updates

Create non-root user

Copy only what's needed from build stage

Make filesystem read-only where possible

Health check

Switch to non-root user

Don't use EXPOSE — it's just documentation and can mislead

Configure port via environment variable at runtime

.dockerignore

Distroless and Minimal Base Images

Even more minimal: Google's distroless images

No shell, no package manager, no tools for attackers

For Go applications — scratch image (literally empty)

Secret Injection (Not ENV)

Docker Secrets (Swarm / Compose)

docker-compose.yml

BuildKit Secrets (Build Time)

Mount secrets during build — they don't persist in layers

Build command:

docker build --secret id=npm_token,src=.npm_token .

Kubernetes Secrets

Image Scanning

Trivy

Scan a local image

Scan and fail on high/critical vulnerabilities

Scan a Dockerfile for misconfigurations

Scan in CI (GitHub Actions)

.github/workflows/security.yml

Snyk Container

Scan image

Monitor for new vulnerabilities

Kubernetes Security Context

Network Policies

Default deny all ingress

Allow only specific traffic to the app

Container Security Checklist

Details

Pack: vibe-coding-security-skills
File: container-deployment-security.md
Lines: 420
Category: Uncategorized

Download via CLI

Pro

$ skilldb add vibe-coding-security-skills

Installs the full Vibe Coding Security pack to your project.

Container and Deployment Security

Related Skills

AI-Specific Vulnerabilities

Authentication and Authorization Patterns

Credential Management

Database Security Hardening

Dependency Supply Chain Security

Error Handling and Information Leakage