Application security, Container security

Docker security scanner uses AI to help explain, fix vulnerabilities

Glowing server core sits inside transparent cube on circuit board. Digital data streams flow, suggesting network security protection. Futuristic tech concept for system defense.

(Adobe Stock)

Frustrated by vulnerability scanners that routinely return hundreds of common vulnerabilities and exposures (CVEs), Advait Patel created DockSec, an AI-powered tool designed to help developers understand and prioritize security issues in plain English.

Patel, who has a background in cloud security, container security and DevSecOps, said he noticed that developers often struggle to make sense of the overwhelming volume of findings generated by security tools scanning cloud environments, containers, Kubernetes deployments and other infrastructure.

While those tools excel at identifying vulnerabilities, they often leave developers to sort through hundreds of CVEs on their own and determine which flaws pose the greatest risk.

“That’s the gap we saw in the industry, and that’s where DockSec came from,” Patel said.

DockSec builds on existing vulnerability-scanning tools such as Trivy, Hadolint and Docker Scout, which Patel said already do a good job of identifying security issues. The difference is that DockSec uses a large language model (LLM) to summarize findings, prioritize risk and explain remediation steps in a more accessible format.

The platform can also generate reports in HTML, PDF, JSON and Markdown formats. Patel noted that only scan metadata is sent to the LLM, while container image contents remain local.

What began as a personal project shared through GitHub has since gained broader recognition. Earlier this year, DockSec was accepted into the Open Worldwide Application Security Project’s (OWASP) incubator program, a milestone Patel said helped validate the project within the security community.

DockSec has also been invited to appear at multiple international conferences, including the upcoming OWASP Global AppSec EU 2026 event.

The project has attracted roughly 17,000 downloads on PyPI and 187 GitHub stars, and is now used by several companies. According to Patel, many of those users are startups that lack dedicated security teams and need help making vulnerability management more approachable.

One example of a startup that integrated DockSec into their CI/CD pipelines shared with Patel that the number of CVEs reaching production fell from about 22 a month to roughly five, a 78% reduction, while the average time spent triaging a scan report went from about 45 minutes per image to roughly 6 minutes.

Patel said OWASP’s decision to adopt DockSec as an incubator project was particularly important because it provided a level of community trust and credibility.

Ultimately, he said, DockSec is not intended to replace existing security tools. Instead, its goal is to help developers and security teams work together more effectively by turning vulnerability remediation into a practical process rather than an overwhelming one.

For more information on DockSec, please find Advait Patel on GitHub, the DockSec project on GitHub and the OWASP project page.

Stephen Weigand

Stephen Weigand is managing editor and production manager for SC Media. He has worked for news media in Washington, D.C., covering military and defense issues, as well as federal IT. He is based in the Seattle area.

Related

Related Events

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.

Related Terms

Active ContentBannerBrowserCache CrammingCommon Gateway Interface (CGI)ClientCookieDLL InjectionDynamic Link Library

You can skip this ad in 5 seconds