Intelligent Dockerfile optimization with security scanning, performance analysis, and best practices enforcement.
Docker Optimizer Agent analyzes Dockerfiles and automatically generates optimized, secure, and efficient container configurations. It combines static analysis, security scanning, and performance optimization to produce production-ready Dockerfiles following industry best practices.
- π Security-First Optimization: Vulnerability scanning with Trivy, security scoring (A-F grades), and automated security fixes
- π Intelligent Size Reduction: Multi-stage builds, minimal base images, layer optimization (up to 80% size reduction)
- β‘ Performance Enhancement: Parallel processing, intelligent caching, build context optimization
- π‘οΈ Best Practices Enforcement: Non-root users, specific versions, health checks, proper signal handling
- π Batch Processing: Optimize multiple Dockerfiles simultaneously with performance monitoring
- π Comprehensive Reporting: Detailed explanations, metrics, and security analysis in JSON/YAML/text formats
# Install from PyPI
pip install docker-optimizer-agent
# Install with security scanning support
pip install docker-optimizer-agent[security]
# Install development dependencies
pip install docker-optimizer-agent[dev]# Basic optimization
docker-optimizer --dockerfile Dockerfile --output Dockerfile.optimized
# Security scanning with optimization
docker-optimizer --dockerfile Dockerfile --security-scan --format json
# Multi-stage build generation
docker-optimizer --dockerfile Dockerfile --multistage
# Performance optimization with reporting
docker-optimizer --dockerfile Dockerfile --performance --performance-report
# Batch processing multiple Dockerfiles
docker-optimizer --batch service1/Dockerfile --batch service2/Dockerfile --performancefrom docker_optimizer import DockerfileOptimizer
from docker_optimizer.external_security import ExternalSecurityScanner
# Basic optimization
optimizer = DockerfileOptimizer()
with open('Dockerfile', 'r') as f:
result = optimizer.optimize_dockerfile(f.read())
print(f"Size reduction: {result.original_size} β {result.optimized_size}")
print(f"Explanation: {result.explanation}")
# Security scanning
scanner = ExternalSecurityScanner()
vuln_report = scanner.scan_dockerfile_for_vulnerabilities(dockerfile_content)
security_score = scanner.calculate_security_score(vuln_report)
print(f"Security grade: {security_score.grade}")
# Multi-stage optimization
from docker_optimizer.multistage import MultiStageOptimizer
multistage = MultiStageOptimizer()
ms_result = multistage.generate_multistage_dockerfile(dockerfile_content)
print(ms_result.optimized_dockerfile)- π API Documentation - Comprehensive API reference and method documentation
- π‘ Usage Examples - Real-world examples and use cases
- π― Best Practices Guide - Security, performance, and optimization best practices
- π GitHub Actions Integration - CI/CD workflow examples
- Vulnerability Scanning: Trivy integration with CVE database lookup
- User Security: Non-root user creation and privilege management
- Version Pinning: Specific package versions to prevent supply chain attacks
- Base Image Security: Recommendations for minimal, secure base images
- Multi-Stage Builds: Separate build and runtime environments
- Minimal Base Images: Alpine, distroless, and slim variants
- Layer Optimization: Combined commands and cache cleanup
- Build Context: .dockerignore optimization
- Parallel Processing: Multi-threaded Dockerfile analysis
- Intelligent Caching: LRU cache with TTL for optimization results
- Layer Caching: Optimal instruction ordering for Docker layer cache
- Batch Processing: Process multiple Dockerfiles simultaneously
- Health Checks: Automatic health check generation
- Signal Handling: Proper SIGTERM handling with STOPSIGNAL
- Metadata Labels: Monitoring, security, and compliance labels
- Resource Management: Memory limits and CPU constraints
Before (Vulnerable, 180MB):
FROM ubuntu:latest
RUN apt-get update
RUN apt-get install -y python3 python3-pip curl
COPY requirements.txt .
RUN pip3 install -r requirements.txt
COPY . /app
WORKDIR /app
CMD ["python3", "app.py"]After (Secure, 65MB, A+ Security Grade):
# Multi-stage build for optimal size and security
FROM ubuntu:22.04-slim AS builder
RUN apt-get update && apt-get install -y --no-install-recommends \
python3=3.10.6-1~22.04 \
python3-pip=22.0.2+dfsg-1 && \
apt-get clean && rm -rf /var/lib/apt/lists/*
COPY requirements.txt .
RUN pip3 install --user --no-cache-dir -r requirements.txt
FROM ubuntu:22.04-slim AS runtime
RUN groupadd -r appuser && useradd -r -g appuser appuser
# Copy Python packages from builder
COPY --from=builder /root/.local /home/appuser/.local
COPY --chown=appuser:appuser . /app
USER appuser
WORKDIR /app
ENV PATH=/home/appuser/.local/bin:$PATH
HEALTHCHECK --interval=30s --timeout=3s --retries=3 \
CMD curl -f http://localhost:8000/health || exit 1
CMD ["python3", "app.py"]Improvements:
- β 65% size reduction (180MB β 65MB)
- β Security grade A+ (was F)
- β Multi-stage build separating build and runtime
- β Non-root user for security
- β Specific versions preventing vulnerabilities
- β Health check for monitoring
- β Optimized layers for better caching
docker-optimizer [OPTIONS]
Options:
-f, --dockerfile PATH Path to Dockerfile (default: ./Dockerfile)
-o, --output PATH Output path for optimized Dockerfile
--analysis-only Only analyze without optimizing
--format [text|json|yaml] Output format (default: text)
-v, --verbose Enable verbose output
--multistage Generate multi-stage build optimization
--security-scan Perform external security vulnerability scan
--performance Enable performance optimizations (caching, parallel)
--batch PATH Process multiple Dockerfiles (repeatable)
--performance-report Show performance metrics after optimization
--help Show this message and exit- name: Optimize Dockerfiles
run: |
docker-optimizer --dockerfile Dockerfile --security-scan --format json
if [ "$(jq -r '.security_score.grade' report.json)" = "F" ]; then
echo "β Security grade F - build failed"
exit 1
fi- repo: local
hooks:
- id: dockerfile-optimization
name: Dockerfile Security & Optimization
entry: docker-optimizer --security-scan
language: system
files: Dockerfile.*# Optimize all service Dockerfiles
find . -name "Dockerfile*" -path "*/services/*" | \
xargs -I {} docker-optimizer --dockerfile {} --multistage --performance- 87.45% Test Coverage - Comprehensive test suite
- 115 Passing Tests - Robust validation across all modules
- Sub-second Optimization - Fast analysis and optimization
- Parallel Processing - Multi-threaded batch processing
- Intelligent Caching - LRU cache with TTL reduces duplicate work
# Clone the repository
git clone https://github.com/danieleschmidt/docker-optimizer-agent.git
cd docker-optimizer-agent
# Install development dependencies
pip install -e ".[dev,security]"
# Run tests
pytest tests/ --cov=docker_optimizer --cov-fail-under=85
# Run linting
ruff check src/ tests/
black --check src/ tests/
mypy src/
# Run security scan
bandit -r src/We welcome contributions! Please see our Contributing Guide for details.
- Fork the repository
- Create your feature branch (
git checkout -b feature/amazing-feature) - Run tests and linting (
pytest && ruff check) - Commit your changes (
git commit -m 'Add amazing feature') - Push to the branch (
git push origin feature/amazing-feature) - Open a Pull Request
This project is licensed under the MIT License - see the LICENSE file for details.
- Trivy for vulnerability scanning
- Docker for containerization platform
- Click for CLI framework
- Pydantic for data validation
Made with β€οΈ by the Docker Optimizer Agent team