Is Dockerfile Audit free?

Yes, Dockerfile Audit is free to use.

How do I install Dockerfile Audit?

Dockerfile Audit supports both local and remote installation. For local use, install it via the provided package manager and add the configuration to your AI app. For remote access, add the server URL to your MCP configuration.

What AI apps work with Dockerfile Audit?

Dockerfile Audit uses the Model Context Protocol (MCP) and works with any MCP-compatible AI app, including Claude, ChatGPT / Codex, Gemini, Copilot, Cursor, and more.

Back to Browse

Dockerfile Audit MCP Server

by UnbearableDev

Cloud & DevOpsModerate5.2MCP RegistryLocalRemote

Free

Server data from the Official MCP Registry

Hadolint-grade Dockerfile audit — 19 checks: secrets, privileges, supply chain, hygiene.

About

Hadolint-grade Dockerfile audit — 19 checks: secrets, privileges, supply chain, hygiene.

Remote endpoints: streamable-http: https://unbearable-dev--dockerfile-audit.apify.actor/mcp

Security Report

5.2

Moderate5.2Moderate Risk

This MCP server is well-structured with appropriate authentication via Apify Actor billing, proper input validation, and secure handling of user-provided Dockerfiles. The code demonstrates good security practices for a DevOps tool: it validates external URL inputs, sanitizes Dockerfile content via established parsing libraries, and avoids dangerous patterns. Permissions are appropriately scoped to HTTP fetching and file operations matching the server's purpose. Supply chain analysis found 3 known vulnerabilities in dependencies (1 critical, 1 high severity).

7 files analyzed · 8 issues found

Security scores are indicators to help you make informed decisions, not guarantees. Always review permissions before connecting any MCP server.

Permissions Required

This plugin requests these system permissions. Most are normal for its category.

HTTP Network Access

Connects to external APIs or services over the internet.

env_vars

Check that this permission is expected for this type of plugin.

process_spawn

Check that this permission is expected for this type of plugin.

How to Install & Connect

Available as Local & Remote

This plugin can run on your machine or connect to a hosted endpoint. during install.

Documentation

View on GitHub

From the project's GitHub README.

Dockerfile Security & Quality Audit

Hadolint-grade Dockerfile audit as an MCP server. 18+ checks across 5 categories, every finding ships with severity, line number, remediation text, and a copy-paste Dockerfile snippet.

Built by Unbearable Labs. Pay-per-event pricing — only billed when a tool is actually called.

Available on

Apify Actor Store — primary, metered usage (PPE)
MCPize — pending submission
MCP.so — pending submission
PulseMCP — pending submission
Smithery — pending submission
Glama — pending submission

Newsletter: Unbearable TechTips Weekly · All Actors: github.com/UnbearableDev

What it does

Point any MCP-capable client (Claude Desktop, Cursor, n8n, Make, Zapier, custom agents) at this server, hand it a Dockerfile, get back a structured report:

Severity — high / medium / low / info
Line number — exact location in the file
Description — what's wrong and why it matters
Remediation — what to do about it
Fix snippet — Dockerfile syntax you can paste directly

Tools

Tool	Purpose
`audit_dockerfile(dockerfile_content? \| dockerfile_url?, min_severity='low')`	Run all checks
`check_base_image(...)`	FROM/tag/digest/registry checks only
`check_instructions(...)`	CMD form, ADD vs COPY, MAINTAINER, etc.
`check_security(...)`	USER, sudo, chmod 777, curl\|bash, hardcoded secrets, HEALTHCHECK
`check_efficiency(...)`	apt cache hygiene, pip caching
`check_secrets(...)`	ARG with secret-pattern names
`list_checks(category?)`	Browse the full check catalog

Provide exactly one of dockerfile_content (paste the file) or dockerfile_url (HTTPS URL — e.g. GitHub raw).

Check catalog (v1: 18 checks across 5 categories)

ID	Category	Severity	Title
DFA-001	base_image	medium	Image uses :latest tag or no tag
DFA-002	base_image	info	No SHA256 digest pin on FROM
DFA-003	base_image	medium	Untrusted registry
DFA-010	instructions	low	CMD in shell form
DFA-011	instructions	low	ENTRYPOINT in shell form
DFA-012	instructions	info	MAINTAINER instruction is deprecated
DFA-013	instructions	medium	ADD used where COPY would suffice
DFA-020	security	medium	No USER directive (runs as root)
DFA-021	security	high	USER root set explicitly
DFA-022	security	high	sudo invoked in RUN
DFA-023	security	high	chmod 777 in RUN
DFA-024	security	medium	curl\|bash pattern in RUN
DFA-025	security	high	Hardcoded secret in ENV
DFA-027	security	low	No HEALTHCHECK
DFA-030	efficiency	low	apt-get update without install
DFA-031	efficiency	low	apt-get install without --no-install-recommends
DFA-032	efficiency	low	pip install without --no-cache-dir
DFA-040	secrets	medium	ARG with secret-pattern name

Use list_checks to get the canonical, up-to-date catalog.

Pricing

Event	USD
Any audit / check_* tool call	$0.02
`list_checks` discovery	$0.005

Example response (truncated)

{
  "summary": {
    "total_findings": 6,
    "by_severity": {"high": 2, "medium": 2, "low": 2, "info": 0}
  },
  "findings": [
    {
      "id": "DFA-021",
      "category": "security",
      "severity": "high",
      "instruction": "USER",
      "line_number": 3,
      "title": "USER root set explicitly",
      "description": "...",
      "remediation": "Switch to a non-root UID after any root-required RUN steps.",
      "fix_dockerfile_snippet": "USER 10001:10001",
      "references": ["CIS-Docker-4.1"]
    }
  ]
}

Connecting from Claude Desktop

{
  "mcpServers": {
    "dockerfile-audit": {
      "transport": "streamable-http",
      "url": "https://YOUR-ACTOR-URL.apify.actor/mcp"
    }
  }
}

Limits

Dockerfile size: 200 KB cap per audit
URL fetch: 5s timeout, max 3 redirects, HTTPS only
Session timeout: 5 minutes of inactivity

What's NOT covered (yet)

Live image vulnerability scanning (use Trivy / Grype for that)
Multi-stage build optimization analysis (DFA-004 / DFA-005 — roadmapped)
Compose-file audit (separate MCP: docker-compose-audit)

Sibling MCPs from Unbearable Labs

docker-compose-audit — same pattern for docker-compose.yml
hu-postcode-validator — Hungarian postcode lookup

Source / contact

Issues and ideas: unbearabledev@gmail.com or the GitHub org UnbearableDev.

Reviews

No reviews yet

Be the first to review this server!

More Cloud & DevOps MCP Servers

Toleno

Free

by Toleno · Developer Tools

Toleno Network MCP Server — Manage your Toleno mining account with Claude AI using natural language.

mcp-creator-python

Free

by mcp-marketplace · Developer Tools

Create, build, and publish Python MCP servers to PyPI — conversationally.

MarkItDown

Free

by Microsoft · Content & Media

Convert files (PDF, Word, Excel, images, audio) to Markdown for LLM consumption

Dockerfile Audit MCP Server

About

Security Report

Findings (8)Action required

Permissions Required

How to Install & Connect

Documentation

Dockerfile Security & Quality Audit

Available on

What it does

Tools

Check catalog (v1: 18 checks across 5 categories)

Pricing

Example response (truncated)

Connecting from Claude Desktop

Limits

What's NOT covered (yet)

Sibling MCPs from Unbearable Labs

Source / contact

Reviews

No reviews yet

More Cloud & DevOps MCP Servers

Toleno

mcp-creator-python

MarkItDown

mcp-creator-typescript

FinAgent

Google Workspace MCP