Dockerfile — Supported format
Dockerfiles are configuration that becomes runtime. Decoder flags the common foot-guns before they hit your registry.
What it is
Static analysis tuned to Dockerfile directives.
Why it's useful
Container security starts at the build — bad bases and root users are the most common issues.
How Decoder implements it
Rules over FROM, RUN, USER, ADD, COPY, ENV; entropy on env values to flag baked secrets.
When to use it
Every container image review.
When NOT to use it
Runtime container scanning — pair with a registry scanner.
Practical example
FROM ubuntu:latest + missing USER directive + ENV API_KEY=... → three findings stacked.
FAQ
Glossary
- Base image
- The FROM line — your container's starting filesystem.
Related
Static malware analysis inspects code and binaries without executing them. Decoder runs it locally on your upload and surfaces suspicious patterns, entropy spikes and known indicators — no API key required.
Supply chain security is about trusting the code you didn't write. Decoder helps inventory and inspect that surface during analysis.
A leaked key is the most common breach vector. Decoder combines provider-specific regex (AWS, GitHub, Stripe…) with entropy to flag secrets that don't belong in code.