[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"article-docksec-ai-fixes-docker-vulnerability-noise-zh":3,"article-related-docksec-ai-fixes-docker-vulnerability-noise-zh":31,"series-tools-6e5f34fa-f380-422d-895e-5f9b124f6907":78},{"id":4,"slug":5,"title":6,"content":7,"summary":8,"source":9,"source_url":10,"author":11,"image_url":12,"cover_image":12,"category":13,"language":14,"translated_content":11,"related_article_id":15,"keywords":16,"key_takeaways":23,"views":27,"created_at":28,"published_at":29,"topic_cluster_id":30},"6e5f34fa-f380-422d-895e-5f9b124f6907","docksec-ai-fixes-docker-vulnerability-noise-zh","18,000 下載：DockSec 幫 Docker CVE 排雷","\u003Cp data-speakable=\"summary\">DockSec 把本地容器掃描和 AI 排序結合，幫團隊從 \u003Ca href=\"\u002Ftag\u002Fdocker\">Docker\u003C\u002Fa> 漏洞噪音中挑出高風險項目，並直接給出修補建議。\u003C\u002Fp>\u003Cp>18,000 次下載、90 個 pull request 之後，\u003Ca href=\"https:\u002F\u002Fwww.securityweek.com\u002Fopen-source-docksec-uses-ai-to-cut-through-vulnerability-noise-in-docker-images\u002F\" target=\"_blank\" rel=\"noopener\">DockSec\u003C\u002Fa> 已從個人專案走向社群安全工具。這個開源專案由 Advait Patel 主導，並進入 \u003Ca href=\"https:\u002F\u002Fowasp.org\u002F\" target=\"_blank\" rel=\"noopener\">OWASP\u003C\u002Fa> incubator portfolio，目標很直接：把 Docker image 裡真正該修的風險，和掃描器吐出的雜訊分開。\u003C\u002Fp>\u003Cp>Patel 的做法不是再造一個掃描器，而是把現有工具的輸出收斂成可行動的結果。對開發者來說，這意味著少看幾十行 CVE 清單，多看幾條能直接改 Dockerfile 的提示。\u003C\u002Fp>\u003Ctable>\u003Cthead>\u003Ctr>\u003Cth>項目\u003C\u002Fth>\u003Cth>數值\u003C\u002Fth>\u003C\u002Ftr>\u003C\u002Fthead>\u003Ctbody>\u003Ctr>\u003Ctd>Downloads\u003C\u002Ftd>\u003Ctd>18,000\u003C\u002Ftd>\u003C\u002Ftr>\u003Ctr>\u003Ctd>Pull requests\u003C\u002Ftd>\u003Ctd>90\u003C\u002Ftd>\u003C\u002Ftr>\u003Ctr>\u003Ctd>Images scanned in example\u003C\u002Ftd>\u003Ctd>15\u003C\u002Ftd>\u003C\u002Ftr>\u003Ctr>\u003Ctd>High-severity vulnerabilities found\u003C\u002Ftd>\u003Ctd>183\u003C\u002Ftd>\u003C\u002Ftr>\u003Ctr>\u003Ctd>Critical vulnerabilities found\u003C\u002Ftd>\u003Ctd>15\u003C\u002Ftd>\u003C\u002Ftr>\u003Ctr>\u003Ctd>Vulnerabilities in Vault image\u003C\u002Ftd>\u003Ctd>40\u003C\u002Ftd>\u003C\u002Ftr>\u003C\u002Ftbody>\u003C\u002Ftable>\u003Ch2>發生了什麼\u003C\u002Fh2>\u003Cp>DockSec 會先在本地跑 \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Faquasecurity\u002Ftrivy\" target=\"_blank\" rel=\"noopener\">Trivy\u003C\u002Fa>、\u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fhadolint\u002Fhadolint\" target=\"_blank\" rel=\"noopener\">Hadolint\u003C\u002Fa> 和 \u003Ca href=\"https:\u002F\u002Fdocs.docker.com\u002Fscout\u002F\" target=\"_blank\" rel=\"noopener\">Docker Scout\u003C\u002Fa>。接著，它用 \u003Ca href=\"\u002Ftag\u002Fllm\">LLM\u003C\u002Fa> 把結果合併、去重，並依影響程度重新排序。\u003C\u002Fp>\n\u003Cfigure class=\"my-6\">\u003Cimg src=\"https:\u002F\u002Fxxdpdyhzhpamafnrdkyq.supabase.co\u002Fstorage\u002Fv1\u002Fobject\u002Fpublic\u002Fcovers\u002Finline-1780329777912-8l2f.png\" alt=\"18,000 下載：DockSec 幫 Docker CVE 排雷\" class=\"rounded-xl w-full\" loading=\"lazy\" \u002F>\u003C\u002Ffigure>\n\u003Cp>這套流程解決的是安全團隊最常見的痛點：掃描結果太多，但真正需要先修的只有少數幾項。Patel 提到，一次典型掃描可能冒出 200 多個 CVE，開發者很難立刻判斷哪個會真的拖慢上線或造成風險。\u003C\u002Fp>\u003Cp>DockSec 的輸出也不是只有分數或標記。它會用白話說明\u003Ca href=\"\u002Fnews\u002Fwhy-jetbrains-is-right-to-treat-ai-as-an-ide-problem-zh\">問題\u003C\u002Fa>，並提供 Markdown 格式的 Dockerfile 修改建議，讓工程師可以直接複製到工作流裡。\u003C\u002Fp>\u003Cul>\u003Cli>掃描維持在本地執行。\u003C\u002Fli>\u003Cli>只有掃描中繼資料會送進 LLM。\u003C\u002Fli>\u003Cli>可選 OpenAI、Anthropic 或 Google Gemini。\u003C\u002Fli>\u003Cli>也能透過 Ollama 在本地運行。\u003C\u002Fli>\u003C\u002Ful>\u003Cp>這個專案的起點也很務實：Docker image 會把未修補漏洞一起帶進部署流程。Patel 舉例，掃描 15 個 images 時，找出 183 個 high-severity 問題與 15 個 critical 問題，Vault image 內也有 40 個漏洞。\u003C\u002Fp>\u003Ch2>為什麼重要\u003C\u002Fh2>\u003Cp>對開發者來說，DockSec 不是在增加更多警報，而是在縮短「發現問題」到「真的修掉」之間的距離。這對 CI\u002FCD 特別重要，因為 vulnerable image 一旦進入 build 或部署流程，後面補救成本通常更高。\u003C\u002Fp>\n\u003Cfigure class=\"my-6\">\u003Cimg src=\"https:\u002F\u002Fxxdpdyhzhpamafnrdkyq.supabase.co\u002Fstorage\u002Fv1\u002Fobject\u002Fpublic\u002Fcovers\u002Finline-1780329774489-e8dy.png\" alt=\"18,000 下載：DockSec 幫 Docker CVE 排雷\" class=\"rounded-xl w-full\" loading=\"lazy\" \u002F>\u003C\u002Ffigure>\n\u003Cp>對產業來說，這也反映 AI 安全工具的下一步：不只是找 defect，而是幫人判斷哪些 CVE \u003Ca href=\"\u002Fnews\u002F5-ai-agent-tools-for-builders-in-2026-zh\">值得\u003C\u002Fa>先處理，並把修法寫到足夠具體。若工具能在不暴露 image 內容的前提下完成這件事，企業採用門檻會低很多。\u003C\u002Fp>\u003Cp>\u003Ca href=\"https:\u002F\u002Fowasp.org\u002F\" target=\"_blank\" rel=\"noopener\">OWASP\u003C\u002Fa> 的加持也改變了信任結構。Patel 提到，進入 incubator 後，企業關注度和社群貢獻都上來了，同時也讓外界更期待它維持 vendor-neutral、community-first 的路線。\u003C\u002Fp>\u003Cp>問題已經不是掃描器能不能找出更多 CVE，而是團隊能不能在 image 送出前，先把最該修的那幾個處理掉。DockSec 想做的，就是把這一步變\u003Ca href=\"\u002Fnews\u002Fwhy-jared-mccain-fantasy-value-stable-zh\">得更\u003C\u002Fa>快、更短，也更像工程流程，而不是安全報表。\u003C\u002Fp>","DockSec 將本地容器掃描與 AI 結合，幫團隊從 Docker 漏洞噪音中挑出高風險項目，並直接產出可執行的修補建議。","www.securityweek.com","https:\u002F\u002Fwww.securityweek.com\u002Fopen-source-docksec-uses-ai-to-cut-through-vulnerability-noise-in-docker-images\u002F",null,"https:\u002F\u002Fxxdpdyhzhpamafnrdkyq.supabase.co\u002Fstorage\u002Fv1\u002Fobject\u002Fpublic\u002Fcovers\u002Finline-1780329777912-8l2f.png","tools","zh","5dd03e75-4dfc-4a7a-ac13-b4c601149e72",[17,18,19,20,21,22],"DockSec","Docker","CVE","AI 安全","OWASP","容器掃描",[24,25,26],"DockSec 把多個本地掃描器結果交給 LLM 整理，目標是降低 Docker 漏洞噪音。","專案已累積 18,000 次下載與 90 個 pull request，並進入 OWASP incubator portfolio。","它強調本地掃描、只送中繼資料給模型，並提供可直接套用的 Dockerfile 修補建議。",9,"2026-06-01T16:02:28.024944+00:00","2026-06-01T16:02:27.999+00:00","ffaf3af7-3865-46c5-b53f-a45b9342e70c",{"tags":32,"relatedLang":37,"relatedPosts":41},[33,35],{"name":20,"slug":34},"ai-安全",{"name":18,"slug":36},"docker",{"id":15,"slug":38,"title":39,"language":40},"docksec-ai-fixes-docker-vulnerability-noise-en","18,000 downloads: DockSec adds AI fixes for Docker CVEs","en",[42,48,54,60,66,72],{"id":43,"slug":44,"title":45,"cover_image":46,"image_url":46,"created_at":47,"category":13},"769444fb-48a3-41d5-8383-f6867ff53232","openclaw-v2026-7-1-control-ui-workspace-zh","OpenClaw v2026.7.1 把控制台變工作區","https:\u002F\u002Fxxdpdyhzhpamafnrdkyq.supabase.co\u002Fstorage\u002Fv1\u002Fobject\u002Fpublic\u002Fcovers\u002Finline-1784358229254-0dil.png","2026-07-18T07:03:25.506405+00:00",{"id":49,"slug":50,"title":51,"cover_image":52,"image_url":52,"created_at":53,"category":13},"7bed70e8-39cf-45bb-8f71-6ddd31ad2317","openai-screenless-speaker-turns-chatgpt-companion-zh","OpenAI 無螢幕喇叭把 ChatGPT 變陪伴","https:\u002F\u002Fxxdpdyhzhpamafnrdkyq.supabase.co\u002Fstorage\u002Fv1\u002Fobject\u002Fpublic\u002Fcovers\u002Finline-1784289800548-z10g.png","2026-07-17T12:02:53.189236+00:00",{"id":55,"slug":56,"title":57,"cover_image":58,"image_url":58,"created_at":59,"category":13},"2151fdfb-10ca-419c-b4f6-ce36d6ff435f","scale-turns-cuda-code-into-portable-gpu-builds-zh","SCALE 讓 CUDA 變可攜 GPU 編譯","https:\u002F\u002Fxxdpdyhzhpamafnrdkyq.supabase.co\u002Fstorage\u002Fv1\u002Fobject\u002Fpublic\u002Fcovers\u002Finline-1784210602836-wqlf.png","2026-07-16T14:02:55.366575+00:00",{"id":61,"slug":62,"title":63,"cover_image":64,"image_url":64,"created_at":65,"category":13},"194cb6f2-9263-4fe4-93f5-20f44ca1bdeb","2027-ai-ml-internship-jobs-daily-zh","2027 AI\u002FML 實習職缺每天更新","https:\u002F\u002Fxxdpdyhzhpamafnrdkyq.supabase.co\u002Fstorage\u002Fv1\u002Fobject\u002Fpublic\u002Fcovers\u002Finline-1784192579088-va17.png","2026-07-16T09:02:31.951176+00:00",{"id":67,"slug":68,"title":69,"cover_image":70,"image_url":70,"created_at":71,"category":13},"a4781236-56a1-4b87-b223-df328fd3a0e9","mimo-code-free-trial-not-production-ready-zh","MiMo Code 免費不等於生產力：先試用，再決定是否上車","https:\u002F\u002Fxxdpdyhzhpamafnrdkyq.supabase.co\u002Fstorage\u002Fv1\u002Fobject\u002Fpublic\u002Fcovers\u002Finline-1784169179259-qkyr.png","2026-07-16T02:32:25.375192+00:00",{"id":73,"slug":74,"title":75,"cover_image":76,"image_url":76,"created_at":77,"category":13},"44eead66-c13e-48e9-919e-2dede91d44aa","ollama-raises-65m-14-people-8-9m-users-zh","Ollama 拿下 6500 萬美元，14 人撐起 890 萬用戶","https:\u002F\u002Fxxdpdyhzhpamafnrdkyq.supabase.co\u002Fstorage\u002Fv1\u002Fobject\u002Fpublic\u002Fcovers\u002Finline-1784167385501-huif.png","2026-07-16T02:02:29.250726+00:00",[79,84,89,94,99,104,109,114,119,124],{"id":80,"slug":81,"title":82,"created_at":83},"855cd52f-6fab-46cc-a7c1-42195e8a0de4","surepath-real-time-mcp-policy-controls-zh","SurePath 推出即時 MCP 政策控管","2026-03-26T07:57:40.77233+00:00",{"id":85,"slug":86,"title":87,"created_at":88},"9b19ab54-edef-4dbd-9ce4-a51e4bae4ebb","mcp-in-2026-the-ai-tool-layer-teams-use-zh","2026 年 MCP：團隊真的在用的 AI 工具層","2026-03-26T08:01:46.589694+00:00",{"id":90,"slug":91,"title":92,"created_at":93},"af9c46c3-7a28-410b-9f04-32b3de30a68c","prompting-in-2026-what-actually-works-zh","2026 提示工程，真正有用的是什麼","2026-03-26T08:08:12.453028+00:00",{"id":95,"slug":96,"title":97,"created_at":98},"05553086-6ed0-4758-81fd-6cab24b575e0","garry-tan-open-sources-claude-code-toolkit-zh","Garry Tan 開源 Claude Code 工具包","2026-03-26T08:26:20.068737+00:00",{"id":100,"slug":101,"title":102,"created_at":103},"042a73a2-18a2-433d-9e8f-9802b9559aac","github-ai-projects-to-watch-in-2026-zh","2026 必看 20 個 GitHub AI 專案","2026-03-26T08:28:09.619964+00:00",{"id":105,"slug":106,"title":107,"created_at":108},"a5f94120-ac0d-4483-9a8b-63590071ac6a","claude-code-vs-cursor-2026-zh","Claude Code 與 Cursor 深度對比：202…","2026-03-26T13:27:14.279193+00:00",{"id":110,"slug":111,"title":112,"created_at":113},"0975afa1-e0c7-4130-a20d-d890eaed995e","practical-github-guide-learning-ml-2026-zh","2026 機器學習入門 GitHub 實用指南","2026-03-27T01:16:49.712576+00:00",{"id":115,"slug":116,"title":117,"created_at":118},"bfdb467a-290f-4a80-b3a9-6f081afb6dff","aiml-2026-student-ai-ml-lab-repo-review-zh","AIML-2026：像課綱的學生實驗 Repo","2026-03-27T01:21:51.467798+00:00",{"id":120,"slug":121,"title":122,"created_at":123},"80cabc3e-09fc-4ff5-8f07-b8d68f5ae545","ai-trending-github-repos-and-research-feeds-zh","AI Trending：把 AI 資源收成一張表","2026-03-27T01:31:35.262183+00:00",{"id":125,"slug":126,"title":127,"created_at":128},"3ce6e6e2-bac5-463e-9f8d-45caabcc61f7","awesome-ai-for-science-research-tools-map-zh","AI 科研工具清單，開始像地圖了","2026-03-27T01:46:50.521945+00:00"]