Vulnerabilities Open Source DockSec Uses AI to Cut Through Vulnerability Noise in Docker Images DockSec, an OWASP incubator project, correlates findings from multiple container security scanners and uses AI to generate plain-English remediation guidance and exact Dockerfile fixes. By Mike Lennon | May 26, 2026 (6:45 AM ET) Flipboard Reddit Whatsapp Whatsapp Email DockSec is an open source security tool born out of frustration and raised by Advait Patel. The frustration originates in the growing recognition that AI is excellent at finding vulnerabilities, but poor at explaining how to fix them. “On a typical day I would scan a container image and get back 200+ CVEs. Most were noise, a few were real, but there was no easy way to tell a developer ‘fix these three lines and you are good’. Security tools are great at finding problems but bad at helping people fix them.” Perhaps because of this difficulty in fixing known vulnerabilities in a timely fashion, software images are entering Docker still containing unfixed vulnerabilities. “I scanned 15 images and found 183 vulnerabilities rated with high severity and a further 15 rated as critical,” he continues. “For example, HashiCorp Vault – a tool built specifically to secure secrets – shipped with 40 vulnerabilities in its own image.” The threat is that when vulnerabilities are included within the images, they may automatically be run by Docker and even included within the CI/CD pipeline. This is a threat Patel set himself to solve by developing an open source tool he calls DockSec (recently adopted by OWASP into its official project portfolio). The difficulty is not in finding the vulnerabilities, but in helping developers fix them. DockSec includes no new vulnerability scanner, but simply runs Trivy, Hadolint, and Docker Scout locally. Then comes the new functionality: an LLM correlates the findings across all three to remove duplicates and rank by real impact. The scanning is done locally, and only the scan metadata goes to the LLM – never the image content. Everything is done locally. The LLM used can be selected from OpenAI, Anthropic, and Google Gemini, and run locally through Ollama. Its function is to generate plain-English explanations and exact Dockerfile fixes delivered via Markdown, the lingua franca for developers. DockSec closes the gap between vulnerability detection and vulnerability fixing. Patel is the architect and lead developer of DockSec. But the project itself has grown beyond just himself. “OWASP recognition and adoption as an OWASP incubator project was a turning point,” he explains. “Before that it was a personal project people found through GitHub . After OWASP, enterprise teams started taking it seriously because it now sits inside a trusted, vetted ecosystem. Contributions also picked up, more pull requests, better issue quality, and security folks started suggesting features instead of just filing bugs. With OWASP comes a responsibility to keep it open, vendor-neutral, and useful for the community first. That is a good constraint to design under.” Advertisement. Scroll to continue reading. It is now community-driven open source, with Patel at the forefront. Downloads are approaching 18,000, and pull requests stand at 90. And it is an example of the purity of open source development. Patel conceived and created it in his own spare time. It is free to download and free to use; and he makes no money from it. But it is more than just a single project. It is a design methodology that can be adapted to other areas where AI finds the problems but doesn’t help in fixing them. “DockSec can definitely be adapted. It is not just a security scanner that scans your code, that scans your architecture and scans your infrastructure. It is a bridge between finding and fixing. We have tons and tons of tools in the market that act as a scanner, as a tool that will detect the gaps; but there are few that will lead you toward the remediation part, toward fixing that gap”, explains Patel. “DockSec is one of them. If people, or the industry, or a company wants to adapt DockSec into their SOC automation, they can definitely do so. Using the findings of their scanners, the DockSec methodology could be used to fix the findings in a timely fashion.” Related : From Trivy to Broad OSS Compromise: TeamPCP Hits Docker Hub, VS Code, PyPI Related : DockerDash Flaw in Docker AI Assistant Leads to RCE, Data Theft Related : Docker Makes 1,000 Hardened Images Free and Open Source Related : Exposed Docker APIs Likely Exploited to Build Botnet Written By Mike Lennon For more than 15 years, Mike Lennon has been closely monitoring the threat landscape and analyzing trends in the National Security and enterprise cybersecurity space. In his role at SecurityWeek, he oversees the editorial direction of the publication and is founder and director of several leading cybersecurity industry conferences around the world. Daily Briefing Newsletter Subscribe to the SecurityWeek Email Briefing for the latest cybersecurity threats, trends, and expert insights. More from Mike Lennon Cisco Moves to Acquire Astrix Security to Tackle Non-Human Identity Risks Iran-Linked Hackers Disrupt US Critical Infrastructure via PLC Attacks Senate Confirms Joshua Rudd to Lead NSA and US Cyber Command US Cyber Strategy Targets Adversaries, Critical Infrastructure, and Emerging Technologies Zscaler Acquires Browser Security Firm SquareX CrowdStrike to Acquire Browser Security Firm Seraphic for $420 Million Tim Kosiba Named NSA Deputy Director CrowdStrike to Buy Identity Security Firm SGNL for $740 Million in Cash Latest News Lithuania Suspects Foreign Involvement in Data Leak of Over 600,000 National Register Entries Admins of Bulletproof Hosting Service Used by Russian Hackers Arrested in Netherlands Ghost CMS Vulnerability Exploited to Hack Over 700 Websites Oncology Institute Discloses Data Breach 266,000 Affected by Data Breach at Radiology Associates of Richmond Anthropic: Mythos Detected 23,000 Potential Vulnerabilities Across 1,000 OSS Projects Laravel-Lang Packages Poisoned for Malware Delivery DocketWise Data Breach Impacts 143,000 Trending Daily Briefing Newsletter Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts. Virtual Event: Threat Detection and Incident Response Summit May 20, 2026 Delve into big-picture strategies to reduce attack surfaces, improve patch management, conduct post-incident forensics, and tools and tricks needed in a modern organization. Register Webinar: Third-Party Risk in Practice June 4, 2026 Organizations are investing heavily in third-party risk management, but breaches, delays, and blind spots continue to persist. Join this live webinar as we examine the gap between how organizations think their third-party risk programs are performing and what’s actually happening in practice. Register People on the Move Joe Chen has become Chief Technology Officer at Trellix. Usercentrics has named Pawan Hegde as COO and Elena Ignatova as CPTO. SecureAuth has named Mark van Oppen as Chief Revenue Officer. More People On The Move Expert Insights Caught Off Guard: Securing AI After It Hits Production As enterprises rush AI projects into production, security teams are increasingly being forced into reactive mode. (Joshua Goldfarb) Cyber Resilience is the New Business Continuity Plan The organizations best prepared to face disruption are those that align security, continuity and risk management around what the business cannot afford to lose. (Steve Durbin) Enhancing Data Center Security Without Sacrificing Performance For AI data centers, where the stakes are the highest and performance constraints are the tightest, security and performance are no longer a zero-sum game. (Nadir Izrael) Is the SOC Obsolete, and We Just Haven’t Admitted It Yet? Many AI-first enterprises have already embraced sovereign architectures for general AI initiatives; cybersecurity—and the SOC—should be next. (Danelle Au) The Mythos Moment: Enterprises Must Fight Agents with Agents Only with the right platform and an agentic, AI-driven defense, will enterprises be able to protect themselves in the agentic era. (Etay Maor) Flipboard Reddit Whatsapp Whatsapp Email