I created compose-lint, a security linter for Docker Compose files, and pointed it at 6,444 public...
I created compose-lint, a security linter for Docker Compose files, and pointed it at 6,444 public docker-compose.yml and compose.yaml files from GitHub. (More on why below.)
Three numbers stood out:
91% of the files that parse have at least one security finding.
68% have at least one HIGH or CRITICAL finding.
The same three issues top every category I looked at, including the official vendor examples people are told to copy.
DockSec correlates findings from container security scanners and uses AI to generate remediation guidance and exact Dockerfile…
I ran 40 real-world vulnerable patterns through every major ESLint security plugin — from eslint-plugin-security to SonarJS to…
I built a CLI that scans codebases — stack detection, dependency mapping, convention analysis,...
eslint-plugin-security flags one safe pattern for every real vulnerability it catches. Five other security plugins benchmarked…
In November 2025, a team self-hosting Langfuse, an open-source LLM observability platform, on Kubernetes uploaded their…
Browse articles related to Security on the GitLab Blog
Security articles - GitLab Blog
