Summary
Add examples/ai-agent-frameworks/ with minimal, runnable Dockerfiles for popular AI agent stacks so users can scan realistic workloads with DockSec (Hadolint, Trivy, Docker Scout, and optional AI analysis).
Problem Statement
Many teams now ship LLM agents in containers (tool use, RAG, MCP servers, multi-agent orchestration). Generic web examples (python-flask-secure, nodejs-vulnerable) do not reflect agent-specific risks:
API keys and provider tokens in ENV / build args
Over-broad filesystem or network access for tools
docker.sock or host path mounts for "agent tools"Bloated images from ML/agent dependency trees
Sidecar patterns (app + Ollama + MCP server) with weak defaults
Running agents as root in dev-first Dockerfile templates
DockSec already uses LangChain for analysis, but the repo lacks reference Dockerfiles for how to scan agent deployments.
Proposed Solution
Introduce a new examples section with small, educational projects (not production deployments):
Phase 1 (MVP)
Example
Framework
Notes
langchain-fastapi-agent/LangChain + FastAPI
Aligns with DockSec's own stack; minimal HTTP agent API
crewai-worker/CrewAI
Common multi-agent pattern; document env-based API keys
README.mdOverview
Scan commands, learning path, shared anti-patterns checklist
Each subfolder includes:
Dockerfile (and .dockerignore where needed)Minimal app entrypoint
README.md with docksec commands and expected Hadolint/Trivy themes (not exact scores)
Example usage:
docksec examples/ai-agent-frameworks/langchain-fastapi-agent/Dockerfile --scan-only
docker build -t docksec-agent-crewai:local examples/ai-agent-frameworks/crewai-worker
docksec examples/ai-agent-frameworks/crewai-worker/Dockerfile -i docksec-agent-crewai:local --scan-only Phase 2 (follow-up)
mcp-server/ - Model Context Protocol sidecar (Node or Python)langgraph-api/ - LangGraph-style stateful agent serviceollama-sidecar-compose/ - app + local model (document compose scan workflow)
Educational "anti-patterns" to demonstrate (then remediate in docs)
Hardcoded OPENAI_API_KEY / ANTHROPIC_API_KEY in Dockerfile
USER root with no drop privilegesInstalling curl, git, docker-cli unnecessarily in runtime image
No .dockerignore → huge build context / secret leakage risk
Pair with a future hardened variant per framework (similar to nodejs-vulnerable → nodejs-secure in #91 ).
Why this is high value
Timely - agent frameworks are a fast-growing deployment surfaceDifferentiated - few security scanners ship agent-oriented Dockerfile curriculaValidates DockSec AI - rich findings for credentials, supply chain, and privilege issuesOWASP relevance - supports secure-by-default narratives for LLM apps in containersComposable - builds on [FEATURE] Add examples directory and root .dockerignore #90 [FEATURE] Add nodejs-secure example (before/after pair with nodejs-vulnerable) #91
Out of scope (for this issue)
Running live agent inference in CI (too slow/flaky)
Endorsing a single vendor framework as "secure"
Bundling real API keys or paid model access
Use Case
Acceptance Criteria
Phase 1
Testing plan
# Per example< name> /Dockerfile --scan-only
docker build -t docksec-agent-< name> :local examples/ai-agent-frameworks/< name>
docksec examples/ai-agent-frameworks/< name> /Dockerfile -i docksec-agent-< name> :local --scan-onlyOptional: compare --scan-only vs full AI run with Ollama/OpenAI for remediation text quality.
Related Issues
Summary
Add
examples/ai-agent-frameworks/with minimal, runnable Dockerfiles for popular AI agent stacks so users can scan realistic workloads with DockSec (Hadolint, Trivy, Docker Scout, and optional AI analysis).Problem Statement
Many teams now ship LLM agents in containers (tool use, RAG, MCP servers, multi-agent orchestration). Generic web examples (
python-flask-secure,nodejs-vulnerable) do not reflect agent-specific risks:ENV/ build argsdocker.sockor host path mounts for "agent tools"DockSec already uses LangChain for analysis, but the repo lacks reference Dockerfiles for how to scan agent deployments.
Proposed Solution
Introduce a new examples section with small, educational projects (not production deployments):
Phase 1 (MVP)
langchain-fastapi-agent/crewai-worker/README.mdEach subfolder includes:
Dockerfile(and.dockerignorewhere needed)README.mdwithdockseccommands and expected Hadolint/Trivy themes (not exact scores)Example usage:
Phase 2 (follow-up)
mcp-server/- Model Context Protocol sidecar (Node or Python)langgraph-api/- LangGraph-style stateful agent serviceollama-sidecar-compose/- app + local model (document compose scan workflow)Educational "anti-patterns" to demonstrate (then remediate in docs)
OPENAI_API_KEY/ANTHROPIC_API_KEYin DockerfileUSER rootwith no drop privilegescurl,git,docker-cliunnecessarily in runtime image.dockerignore→ huge build context / secret leakage riskPair with a future hardened variant per framework (similar to
nodejs-vulnerable→nodejs-securein #91).Why this is high value
Out of scope (for this issue)
Use Case
Acceptance Criteria
Phase 1
examples/ai-agent-frameworks/README.mdwith learning path and scan commandsdocker builddocksec ... --scan-onlydocumented and verified locally for Dockerfile + imageexamples/README.mdlinks to the new sectionTesting plan
Optional: compare
--scan-onlyvs full AI run with Ollama/OpenAI for remediation text quality.Related Issues