Skip to content

Docker Compose Security Checker — Scan docker-compose.yml for Misconfigurations

Paste your docker-compose.yml. Checks every service for critical security issues: Docker socket mounts, privileged containers, host networking, hardcoded secrets, database ports exposed on 0.0.0.0, and missing resource limits.

Paste your docker-compose.yml. Checks every service for common security misconfigurations — exposed Docker socket, privileged containers, ports bound to 0.0.0.0, hardcoded secrets in env vars, and more.

Load example:

What to look for

  • Docker socket mount (Critical): /var/run/docker.sock:/var/run/docker.sock is the most dangerous thing you can put in a Compose file. It gives the container root access to your entire Docker daemon — and your host.
  • Hardcoded secrets (Critical): Anything in docker-compose.yml ends up in git history and docker inspect. Use env_file with a gitignored .env file, or Docker secrets for production.
  • Database ports on 0.0.0.0 (High): "5432:5432" binds to all interfaces. Use "127.0.0.1:5432:5432" for local-only access, or expose: for inter-service access only.
  • Privileged + host network (Critical): Both remove isolation. privileged: true gives near-root host access. network_mode: host removes network isolation entirely.

For Kubernetes YAML, use the K8s Security Linter. For CVE checks on container images, use the Vulnerability Scanner.

Founded

2023 in London, UK

Contact

hello@releaserun.com

</> Embed Docker Compose Security Checker — Scan docker-compose.yml for Misconfigurations

Copy this iframe snippet to embed this tool on your website. The tool runs client-side and includes a "Powered by ReleaseRun" attribution.

Preview: Open embed view