Pricing

from $20.00 / 1,000 docker file audit calls

Dockerfile Security & Quality Audit

Hadolint-grade Dockerfile audit, MCP-native. 18+ checks across 5 categories (base image, instructions, security, efficiency, secrets) with severity, line numbers, remediation, and fix snippets. Pay-per-event. Call from Claude Desktop, Cursor, n8n, or any MCP client. Built by Unbearable TechTips.

Pricing

from $20.00 / 1,000 docker file audit calls

Rating

0.0

(0)

Developer

Noel Himer

Actor stats

Bookmarked

Total users

Monthly active users

4 hours ago

Last modified

What it does

Point any MCP-capable client (Claude Desktop, Cursor, n8n, Make, Zapier, custom agents) at this server, hand it a Dockerfile, get back a structured report:

Severity — high / medium / low / info
Line number — exact location in the file
Description — what's wrong and why it matters
Remediation — what to do about it
Fix snippet — Dockerfile syntax you can paste directly

Tools

Tool	Purpose
`audit_dockerfile(dockerfile_content? \| dockerfile_url?, min_severity='low')`	Run all checks
`check_base_image(...)`	FROM/tag/digest/registry checks only
`check_instructions(...)`	CMD form, ADD vs COPY, MAINTAINER, etc.
`check_security(...)`	USER, sudo, chmod 777, curl\|bash, hardcoded secrets, HEALTHCHECK
`check_efficiency(...)`	apt cache hygiene, pip caching
`check_secrets(...)`	ARG with secret-pattern names
`list_checks(category?)`	Browse the full check catalog

Provide exactly one of dockerfile_content (paste the file) or dockerfile_url (HTTPS URL — e.g. GitHub raw).

Check catalog (v1: 18 checks across 5 categories)

ID	Category	Severity	Title
DFA-001	base_image	medium	Image uses :latest tag or no tag
DFA-002	base_image	info	No SHA256 digest pin on FROM
DFA-003	base_image	medium	Untrusted registry
DFA-010	instructions	low	CMD in shell form
DFA-011	instructions	low	ENTRYPOINT in shell form
DFA-012	instructions	info	MAINTAINER instruction is deprecated
DFA-013	instructions	medium	ADD used where COPY would suffice
DFA-020	security	medium	No USER directive (runs as root)
DFA-021	security	high	USER root set explicitly
DFA-022	security	high	sudo invoked in RUN
DFA-023	security	high	chmod 777 in RUN
DFA-024	security	medium	curl\|bash pattern in RUN
DFA-025	security	high	Hardcoded secret in ENV
DFA-027	security	low	No HEALTHCHECK
DFA-030	efficiency	low	apt-get update without install
DFA-031	efficiency	low	apt-get install without --no-install-recommends
DFA-032	efficiency	low	pip install without --no-cache-dir
DFA-040	secrets	medium	ARG with secret-pattern name

Use list_checks to get the canonical, up-to-date catalog.

Pricing

Event	USD
Any audit / check_* tool call	$0.02
`list_checks` discovery	$0.005

Example response (truncated)

{
  "summary": {
    "total_findings": 6,
    "by_severity": {"high": 2, "medium": 2, "low": 2, "info": 0}
  },
  "findings": [
    {
      "id": "DFA-021",
      "category": "security",
      "severity": "high",
      "instruction": "USER",
      "line_number": 3,
      "title": "USER root set explicitly",
      "description": "...",
      "remediation": "Switch to a non-root UID after any root-required RUN steps.",
      "fix_dockerfile_snippet": "USER 10001:10001",
      "references": ["CIS-Docker-4.1"]
    }
  ]
}

Connecting from Claude Desktop

{
  "mcpServers": {
    "dockerfile-audit": {
      "transport": "streamable-http",
      "url": "https://YOUR-ACTOR-URL.apify.actor/mcp"
    }
  }
}

Limits

Dockerfile size: 200 KB cap per audit
URL fetch: 5s timeout, max 3 redirects, HTTPS only
Session timeout: 5 minutes of inactivity

What's NOT covered (yet)

Live image vulnerability scanning (use Trivy / Grype for that)
Multi-stage build optimization analysis (DFA-004 / DFA-005 — roadmapped)
Compose-file audit (separate MCP: docker-compose-audit)

Sibling MCPs from Unbearable TechTips

docker-compose-audit — same pattern for docker-compose.yml
hu-postcode-validator — Hungarian postcode lookup

Source / contact

Issues and ideas: unbearabledev@gmail.com or the GitHub org UnbearableDev.

Semgrep MCP Server

constant_quadruped/semgrep-mcp-server

Cloud-deployed Semgrep static analysis for AI agents. Scan code for security vulnerabilities (SQL injection, XSS, command injection), detect OWASP Top 10 & CWE issues, run custom rules. Supports 30+ languages via MCP.

JSON Content Checker & Validator - API Testing Tool

scrappy_garden/json-content-checker

Validate JSON content, check API responses, monitor data quality, and detect schema changes. Perfect for API testing, data validation, quality assurance, and monitoring JSON endpoints. Supports JSONPath, schema validation, and custom rules.

Bikram Adhikari

Github Code Auditor

devwithbobby/github-code-auditor

GitHub Code Auditor is an AI-powered Apify Actor that analyzes GitHub repositories.

Dev with Bobby

Project Health Scanner - Code Quality Audit

lazymac/project-health-scanner

🔥 7-DAY LAUNCH SPRINT (May 1–8, 2026): First 100 runs free for new users. Scan code repositories for health metrics: outdated dependencies, security vulnerabilities, code quality issues, test coverage, and CI/CD status. Get actionable improvement recommendations.

2x lazymac

Docker Compose Security Audit

unbearable_dev/docker-compose-audit

Audits docker-compose.yml files for security misconfigurations. 25 checks across 9 categories with severity, remediation, and YAML fix snippets. Pay-per-event. MCP-native — call from Claude Desktop, Cursor, n8n, or any MCP client. Built by Unbearable TechTips.

Noel Himer

lead-sniper

signalfoundry/my-actor

SignalFoundry's Lead Sniper: A premium B2B tool for MSPs and Cybersecurity firms. Extracts local business data via Google Maps and performs real-time DMARC/SPF security audits. Identify high-value targets with "High Risk" vulnerabilities to power your sales outreach with technical intent.

Frank Kamu

DEXTools Pair Data Scraper

muhammetakkurtt/dextools-pair-data-scraper

Unlock crypto insights with our DEXTools scraper. Extract real-time pair data—price, liquidity, volume, and full audit reports—from 99+ chains including Solana, Ethereum, and BSC. Perfect for in-depth DeFi market analysis, investment research, and automated crypto portfolio tracking.

Muhammet Akkurt

5.0

(1)

PCAOB Auditor Registry and Inspection Report Scraper

jungle_synthesizer/pcaob-auditor-inspection-crawler

Extract PCAOB-registered audit firm inspection reports. Returns firm name, country, global network (Big-4), inspection year, Part I.A audit-deficiency counts, and PDF links. Built for SEC compliance and audit-quality research.

BowTiedRaccoon

GitHub Repository Security & Maintenance Scorer

ntriqpro/github-repo-intelligence

Rate open source projects on security quality, maintenance status, and vulnerability risk before using them.

daehwan kim

AI Website Analyzer & SEO Auditor

intelligence.house/my-actor

Analyze any website's SEO, Performance, Accessibility, Security, Content Quality, and Mobile-Friendliness. Get scores 0-100 with actionable recommendations.