[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"article-docksec-ai-fixes-docker-vulnerability-noise-zh":3,"article-related-docksec-ai-fixes-docker-vulnerability-noise-zh":31,"series-tools-6e5f34fa-f380-422d-895e-5f9b124f6907":78},{"id":4,"slug":5,"title":6,"content":7,"summary":8,"source":9,"source_url":10,"author":11,"image_url":12,"cover_image":12,"category":13,"language":14,"translated_content":11,"related_article_id":15,"keywords":16,"key_takeaways":23,"views":27,"created_at":28,"published_at":29,"topic_cluster_id":30},"6e5f34fa-f380-422d-895e-5f9b124f6907","docksec-ai-fixes-docker-vulnerability-noise-zh","18,000 下載：DockSec 幫 Docker CVE 排雷","\u003Cp data-speakable=\"summary\">DockSec 把本地容器掃描和 AI 排序結合，幫團隊從 \u003Ca href=\"\u002Ftag\u002Fdocker\">Docker\u003C\u002Fa> 漏洞噪音中挑出高風險項目，並直接給出修補建議。\u003C\u002Fp>\u003Cp>18,000 次下載、90 個 pull request 之後，\u003Ca href=\"https:\u002F\u002Fwww.securityweek.com\u002Fopen-source-docksec-uses-ai-to-cut-through-vulnerability-noise-in-docker-images\u002F\" target=\"_blank\" rel=\"noopener\">DockSec\u003C\u002Fa> 已從個人專案走向社群安全工具。這個開源專案由 Advait Patel 主導，並進入 \u003Ca href=\"https:\u002F\u002Fowasp.org\u002F\" target=\"_blank\" rel=\"noopener\">OWASP\u003C\u002Fa> incubator portfolio，目標很直接：把 Docker image 裡真正該修的風險，和掃描器吐出的雜訊分開。\u003C\u002Fp>\u003Cp>Patel 的做法不是再造一個掃描器，而是把現有工具的輸出收斂成可行動的結果。對開發者來說，這意味著少看幾十行 CVE 清單，多看幾條能直接改 Dockerfile 的提示。\u003C\u002Fp>\u003Ctable>\u003Cthead>\u003Ctr>\u003Cth>項目\u003C\u002Fth>\u003Cth>數值\u003C\u002Fth>\u003C\u002Ftr>\u003C\u002Fthead>\u003Ctbody>\u003Ctr>\u003Ctd>Downloads\u003C\u002Ftd>\u003Ctd>18,000\u003C\u002Ftd>\u003C\u002Ftr>\u003Ctr>\u003Ctd>Pull requests\u003C\u002Ftd>\u003Ctd>90\u003C\u002Ftd>\u003C\u002Ftr>\u003Ctr>\u003Ctd>Images scanned in example\u003C\u002Ftd>\u003Ctd>15\u003C\u002Ftd>\u003C\u002Ftr>\u003Ctr>\u003Ctd>High-severity vulnerabilities found\u003C\u002Ftd>\u003Ctd>183\u003C\u002Ftd>\u003C\u002Ftr>\u003Ctr>\u003Ctd>Critical vulnerabilities found\u003C\u002Ftd>\u003Ctd>15\u003C\u002Ftd>\u003C\u002Ftr>\u003Ctr>\u003Ctd>Vulnerabilities in Vault image\u003C\u002Ftd>\u003Ctd>40\u003C\u002Ftd>\u003C\u002Ftr>\u003C\u002Ftbody>\u003C\u002Ftable>\u003Ch2>發生了什麼\u003C\u002Fh2>\u003Cp>DockSec 會先在本地跑 \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Faquasecurity\u002Ftrivy\" target=\"_blank\" rel=\"noopener\">Trivy\u003C\u002Fa>、\u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fhadolint\u002Fhadolint\" target=\"_blank\" rel=\"noopener\">Hadolint\u003C\u002Fa> 和 \u003Ca href=\"https:\u002F\u002Fdocs.docker.com\u002Fscout\u002F\" target=\"_blank\" rel=\"noopener\">Docker Scout\u003C\u002Fa>。接著，它用 \u003Ca href=\"\u002Ftag\u002Fllm\">LLM\u003C\u002Fa> 把結果合併、去重，並依影響程度重新排序。\u003C\u002Fp>\n\u003Cfigure class=\"my-6\">\u003Cimg src=\"https:\u002F\u002Fxxdpdyhzhpamafnrdkyq.supabase.co\u002Fstorage\u002Fv1\u002Fobject\u002Fpublic\u002Fcovers\u002Finline-1780329777912-8l2f.png\" alt=\"18,000 下載：DockSec 幫 Docker CVE 排雷\" class=\"rounded-xl w-full\" loading=\"lazy\" \u002F>\u003C\u002Ffigure>\n\u003Cp>這套流程解決的是安全團隊最常見的痛點：掃描結果太多，但真正需要先修的只有少數幾項。Patel 提到，一次典型掃描可能冒出 200 多個 CVE，開發者很難立刻判斷哪個會真的拖慢上線或造成風險。\u003C\u002Fp>\u003Cp>DockSec 的輸出也不是只有分數或標記。它會用白話說明\u003Ca href=\"\u002Fnews\u002Fwhy-jetbrains-is-right-to-treat-ai-as-an-ide-problem-zh\">問題\u003C\u002Fa>，並提供 Markdown 格式的 Dockerfile 修改建議，讓工程師可以直接複製到工作流裡。\u003C\u002Fp>\u003Cul>\u003Cli>掃描維持在本地執行。\u003C\u002Fli>\u003Cli>只有掃描中繼資料會送進 LLM。\u003C\u002Fli>\u003Cli>可選 OpenAI、Anthropic 或 Google Gemini。\u003C\u002Fli>\u003Cli>也能透過 Ollama 在本地運行。\u003C\u002Fli>\u003C\u002Ful>\u003Cp>這個專案的起點也很務實：Docker image 會把未修補漏洞一起帶進部署流程。Patel 舉例，掃描 15 個 images 時，找出 183 個 high-severity 問題與 15 個 critical 問題，Vault image 內也有 40 個漏洞。\u003C\u002Fp>\u003Ch2>為什麼重要\u003C\u002Fh2>\u003Cp>對開發者來說，DockSec 不是在增加更多警報，而是在縮短「發現問題」到「真的修掉」之間的距離。這對 CI\u002FCD 特別重要，因為 vulnerable image 一旦進入 build 或部署流程，後面補救成本通常更高。\u003C\u002Fp>\n\u003Cfigure class=\"my-6\">\u003Cimg src=\"https:\u002F\u002Fxxdpdyhzhpamafnrdkyq.supabase.co\u002Fstorage\u002Fv1\u002Fobject\u002Fpublic\u002Fcovers\u002Finline-1780329774489-e8dy.png\" alt=\"18,000 下載：DockSec 幫 Docker CVE 排雷\" class=\"rounded-xl w-full\" loading=\"lazy\" \u002F>\u003C\u002Ffigure>\n\u003Cp>對產業來說，這也反映 AI 安全工具的下一步：不只是找 defect，而是幫人判斷哪些 CVE \u003Ca href=\"\u002Fnews\u002F5-ai-agent-tools-for-builders-in-2026-zh\">值得\u003C\u002Fa>先處理，並把修法寫到足夠具體。若工具能在不暴露 image 內容的前提下完成這件事，企業採用門檻會低很多。\u003C\u002Fp>\u003Cp>\u003Ca href=\"https:\u002F\u002Fowasp.org\u002F\" target=\"_blank\" rel=\"noopener\">OWASP\u003C\u002Fa> 的加持也改變了信任結構。Patel 提到，進入 incubator 後，企業關注度和社群貢獻都上來了，同時也讓外界更期待它維持 vendor-neutral、community-first 的路線。\u003C\u002Fp>\u003Cp>問題已經不是掃描器能不能找出更多 CVE，而是團隊能不能在 image 送出前，先把最該修的那幾個處理掉。DockSec 想做的，就是把這一步變\u003Ca href=\"\u002Fnews\u002Fwhy-jared-mccain-fantasy-value-stable-zh\">得更\u003C\u002Fa>快、更短，也更像工程流程，而不是安全報表。\u003C\u002Fp>","DockSec 將本地容器掃描與 AI 結合，幫團隊從 Docker 漏洞噪音中挑出高風險項目，並直接產出可執行的修補建議。","www.securityweek.com","https:\u002F\u002Fwww.securityweek.com\u002Fopen-source-docksec-uses-ai-to-cut-through-vulnerability-noise-in-docker-images\u002F",null,"https:\u002F\u002Fxxdpdyhzhpamafnrdkyq.supabase.co\u002Fstorage\u002Fv1\u002Fobject\u002Fpublic\u002Fcovers\u002Finline-1780329777912-8l2f.png","tools","zh","5dd03e75-4dfc-4a7a-ac13-b4c601149e72",[17,18,19,20,21,22],"DockSec","Docker","CVE","AI 安全","OWASP","容器掃描",[24,25,26],"DockSec 把多個本地掃描器結果交給 LLM 整理，目標是降低 Docker 漏洞噪音。","專案已累積 18,000 次下載與 90 個 pull request，並進入 OWASP incubator portfolio。","它強調本地掃描、只送中繼資料給模型，並提供可直接套用的 Dockerfile 修補建議。",7,"2026-06-01T16:02:28.024944+00:00","2026-06-01T16:02:27.999+00:00","ffaf3af7-3865-46c5-b53f-a45b9342e70c",{"tags":32,"relatedLang":37,"relatedPosts":41},[33,35],{"name":20,"slug":34},"ai-安全",{"name":18,"slug":36},"docker",{"id":15,"slug":38,"title":39,"language":40},"docksec-ai-fixes-docker-vulnerability-noise-en","18,000 downloads: DockSec adds AI fixes for Docker CVEs","en",[42,48,54,60,66,72],{"id":43,"slug":44,"title":45,"cover_image":46,"image_url":46,"created_at":47,"category":13},"300d082a-4df5-4a26-8b5b-7dff73dd0da3","claude-code-rust-native-terminal-interface-zh","Claude Code Rust 把終端機變輕了","https:\u002F\u002Fxxdpdyhzhpamafnrdkyq.supabase.co\u002Fstorage\u002Fv1\u002Fobject\u002Fpublic\u002Fcovers\u002Finline-1781854439295-lkeg.png","2026-06-19T07:33:29.722095+00:00",{"id":49,"slug":50,"title":51,"cover_image":52,"image_url":52,"created_at":53,"category":13},"819930d2-f83c-42e1-be18-fc65eb212184","open-source-tools-vibe-coding-cybersecurity-zh","開源工具把 vibe coding 變安全","https:\u002F\u002Fxxdpdyhzhpamafnrdkyq.supabase.co\u002Fstorage\u002Fv1\u002Fobject\u002Fpublic\u002Fcovers\u002Finline-1781852614083-gnj4.png","2026-06-19T07:03:08.602553+00:00",{"id":55,"slug":56,"title":57,"cover_image":58,"image_url":58,"created_at":59,"category":13},"60a23c5e-d9df-4186-a30e-5d2c123a0ed6","model-triage-coding-tests-cost-win-zh","模型分流把測試成本壓下來","https:\u002F\u002Fxxdpdyhzhpamafnrdkyq.supabase.co\u002Fstorage\u002Fv1\u002Fobject\u002Fpublic\u002Fcovers\u002Finline-1781840895287-vp1r.png","2026-06-19T03:47:51.801299+00:00",{"id":61,"slug":62,"title":63,"cover_image":64,"image_url":64,"created_at":65,"category":13},"79548e00-424f-482a-81c2-4a64d29e011c","fine-tuning-llms-locally-sft-lora-dpo-zh","本地微調 LLM：SFT、LoRA、DPO","https:\u002F\u002Fxxdpdyhzhpamafnrdkyq.supabase.co\u002Fstorage\u002Fv1\u002Fobject\u002Fpublic\u002Fcovers\u002Finline-1781839069344-gzrv.png","2026-06-19T03:17:21.792772+00:00",{"id":67,"slug":68,"title":69,"cover_image":70,"image_url":70,"created_at":71,"category":13},"fa5c39c9-8213-4432-a19d-fd67f085fdca","vercel-eve-agents-as-directories-zh","把 agents 變成目錄","https:\u002F\u002Fxxdpdyhzhpamafnrdkyq.supabase.co\u002Fstorage\u002Fv1\u002Fobject\u002Fpublic\u002Fcovers\u002Finline-1781828288993-qss6.png","2026-06-19T00:17:45.298522+00:00",{"id":73,"slug":74,"title":75,"cover_image":76,"image_url":76,"created_at":77,"category":13},"9b1f12ac-11db-4323-ac80-9c370270f135","obscura-rust-headless-browser-ai-agents-zh","Obscura：Rust 無頭瀏覽器攻 AI 代理","https:\u002F\u002Fxxdpdyhzhpamafnrdkyq.supabase.co\u002Fstorage\u002Fv1\u002Fobject\u002Fpublic\u002Fcovers\u002Finline-1781825571598-gkt5.png","2026-06-18T23:32:23.366976+00:00",[79,84,89,94,99,104,109,114,119,124],{"id":80,"slug":81,"title":82,"created_at":83},"855cd52f-6fab-46cc-a7c1-42195e8a0de4","surepath-real-time-mcp-policy-controls-zh","SurePath 推出即時 MCP 政策控管","2026-03-26T07:57:40.77233+00:00",{"id":85,"slug":86,"title":87,"created_at":88},"9b19ab54-edef-4dbd-9ce4-a51e4bae4ebb","mcp-in-2026-the-ai-tool-layer-teams-use-zh","2026 年 MCP：團隊真的在用的 AI 工具層","2026-03-26T08:01:46.589694+00:00",{"id":90,"slug":91,"title":92,"created_at":93},"af9c46c3-7a28-410b-9f04-32b3de30a68c","prompting-in-2026-what-actually-works-zh","2026 提示工程，真正有用的是什麼","2026-03-26T08:08:12.453028+00:00",{"id":95,"slug":96,"title":97,"created_at":98},"05553086-6ed0-4758-81fd-6cab24b575e0","garry-tan-open-sources-claude-code-toolkit-zh","Garry Tan 開源 Claude Code 工具包","2026-03-26T08:26:20.068737+00:00",{"id":100,"slug":101,"title":102,"created_at":103},"042a73a2-18a2-433d-9e8f-9802b9559aac","github-ai-projects-to-watch-in-2026-zh","2026 必看 20 個 GitHub AI 專案","2026-03-26T08:28:09.619964+00:00",{"id":105,"slug":106,"title":107,"created_at":108},"a5f94120-ac0d-4483-9a8b-63590071ac6a","claude-code-vs-cursor-2026-zh","Claude Code 與 Cursor 深度對比：202…","2026-03-26T13:27:14.279193+00:00",{"id":110,"slug":111,"title":112,"created_at":113},"0975afa1-e0c7-4130-a20d-d890eaed995e","practical-github-guide-learning-ml-2026-zh","2026 機器學習入門 GitHub 實用指南","2026-03-27T01:16:49.712576+00:00",{"id":115,"slug":116,"title":117,"created_at":118},"bfdb467a-290f-4a80-b3a9-6f081afb6dff","aiml-2026-student-ai-ml-lab-repo-review-zh","AIML-2026：像課綱的學生實驗 Repo","2026-03-27T01:21:51.467798+00:00",{"id":120,"slug":121,"title":122,"created_at":123},"80cabc3e-09fc-4ff5-8f07-b8d68f5ae545","ai-trending-github-repos-and-research-feeds-zh","AI Trending：把 AI 資源收成一張表","2026-03-27T01:31:35.262183+00:00",{"id":125,"slug":126,"title":127,"created_at":128},"3ce6e6e2-bac5-463e-9f8d-45caabcc61f7","awesome-ai-for-science-research-tools-map-zh","AI 科研工具清單，開始像地圖了","2026-03-27T01:46:50.521945+00:00"]