Docker Analyzer is a local web dashboard for reproducible Docker image security analysis. It connects policy templates, Docker image digests, readiness checks, Trivy raw scan results, CWE enrichment, vulnerability cache data, and final read-only reports into one workflow identified by a single request_id.
Docker Analyzer is a Docker image analysis workspace built around a fixed pipeline:
policy template → Docker image digest list → readiness checks → Trivy raw scan → CWE mapping → final report
The UI keeps the workflow simple: create or choose a policy template, start an analysis, track live progress, review grouped findings, inspect incomplete vulnerability data, and open the vulnerability cache used for CWE mapping.
Raw scanner output is difficult to reuse when the surrounding context is lost: which template was selected, which images were scanned, which CWE mapping was found, which vulnerabilities match the policy, and where the generated artifacts live. Docker Analyzer keeps that context tied to one request_id, so scan results are easier to review, reproduce, and hand over.
Docker Analyzer reads vulnerability IDs from scanner output and enriches them with CWE data when upstream metadata is available. The resolver supports the following identifier families:
CVE-*— Common Vulnerabilities and Exposures;GHSA-*— GitHub Security Advisories;GO-*— Go Vulnerability Database identifiers;RHSA-*— Red Hat Security Advisories;TEMP-*— Debian temporary security tracker identifiers;OSV-*and other OSV-compatible ecosystem identifiers, such asRUSTSEC-*, through OSV-based lookup.
git clone git@github.com:eZer-Net/docker-analyzer.git
cd docker-analyzer
docker compose up -d --build- App:
http://localhost:3000 - UI API health:
http://localhost:3000/api/healthz - Service A Swagger:
http://localhost:8081/swagger - Service C Swagger:
http://localhost:8082/swagger - Service D Swagger:
http://localhost:8083/swagger - Service E Swagger:
http://localhost:8084/swagger - Service F Swagger:
http://localhost:8085/swagger
The stack uses fixed local ports in docker-compose.yml to keep local startup deterministic.
Documentation is available in two languages and covers functionality, architecture, API, runtime artifacts, and development workflow.
- EN documentation index
- Functionality and purpose
- Project architecture
- API, service contracts, and Swagger
- Data and runtime artifacts
- Development and maintenance
- RU индекс документации
- Функционал и назначение
- Архитектура проекта
- API, контракты сервисов и Swagger
- Данные и runtime-артефакты
- Разработка и сопровождение
docker-analyzer.1.mp4
Made by the Digital Shield community — https://digital-shield.tech