Container Images Skill
Overview
Specialized skill for Docker and OCI container image development, optimization, and security. Provides expert capabilities for building production-ready container images.
Capabilities
Dockerfile Development
- Analyze and optimize existing Dockerfiles
- Create multi-stage build configurations
- Implement build argument patterns
- Design base image hierarchies
- Handle platform-specific builds (multi-arch)
Image Optimization
- Minimize image layer count and size
- Optimize layer caching strategies
- Implement .dockerignore patterns
- Remove unnecessary dependencies
- Use distroless/minimal base images
Security Scanning
- Interpret vulnerability scan results (Trivy, Snyk, Grype)
- Prioritize CVE remediation
- Recommend secure base images
- Implement image signing (Cosign, Notary)
- Configure admission policies
Registry Operations
- Push, pull, and tag images
- Configure registry authentication
- Implement image retention policies
- Handle multi-registry strategies
- Manage image manifests and indexes
Build Integration
- Integrate with CI/CD pipelines
- Configure build caching (BuildKit)
- Implement remote builders
- Handle secrets during builds
- Set up automated builds
Target Processes
container-image-management.js- Container image lifecyclesecurity-scanning.js- Image vulnerability scanningcicd-pipeline-setup.js- Build pipeline configuration
Usage Context
This skill is invoked when processes require:
- Creating optimized Dockerfiles
- Reducing container image sizes
- Addressing security vulnerabilities in images
- Setting up container build pipelines
- Managing container registries
Dependencies
- Docker CLI or compatible (Podman, nerdctl)
- Container registry access
- Vulnerability scanners (Trivy, Snyk)
- BuildKit for advanced builds
Output Formats
- Dockerfile configurations
- Build optimization reports
- Vulnerability analysis reports
- Registry operation logs
- Multi-stage build templates