Scan Docker environments for risky variables.

A lightweight, dependency-free security tool that analyzes Docker containers and images for exposed secrets, tokens, and API keys before they reach production.

Get Started View on GitHub
bash - dockenv scan
~ dockenv scan -c 77ffc1b007cd

Scanning CONTAINER: 77ffc1b007cd
[CRITICAL] Secret exposed -> SECRET=123456
[CRITICAL] Secret exposed -> JJWT=123456

Security Score: 40/100

Why use dockenv?

Rule-Based Analysis Engine

Built-in detection rules easily identify common secret patterns like credentials, tokens, and API keys.

Fast & Lightweight

Written in Go. Runs instantly without agents, sidecars, or external services. No dependencies required.

CI/CD Friendly

Perfect for GitHub Actions, GitLab CI, and Jenkins. Shift-left your security checks easily.

Getting Started

Installation

Install dockenv with a single command:

curl -fsSL https://raw.githubusercontent.com/arasdenizhan/dockenv/master/install.sh | sh

Quick Test

Run a container with intentionally bad environment variables:

docker run -d --name vulnerable \
  -e DB_PASSWORD=admin123 \
  -e AWS_SECRET_ACCESS_KEY=verysecret \
  -e JWT_SECRET=superjwt \
  nginx

Then scan it:

dockenv scan -c vulnerable