OWASP Incubator Project DockSec Uses AI to Filter Vulnerability Noise and Generate Dockerfile Fixes
The open-source tool DockSec, now an OWASP incubator project, correlates findings from Trivy, Hadolint, and Docker Scout and uses an LLM to produce plain-English remediation and exact Dockerfile patches.
A new open-source security tool called DockSec aims to solve a persistent problem in container security: the gap between detecting vulnerabilities and actually fixing them. Developed by Advait Patel and recently adopted as an OWASP incubator project, DockSec does not add yet another scanner. Instead, it runs three existing tools — Trivy, Hadolint, and Docker Scout — locally and then uses a chosen large language model (LLM) to correlate their findings, remove duplicates, rank issues by real impact, and generate plain-English explanations along with exact Dockerfile fixes.
The motivation behind DockSec stems from Patel's own experience. “On a typical day I would scan a container image and get back 200+ CVEs. Most were noise, a few were real, but there was no easy way to tell a developer ‘fix these three lines and you are good’,” he told SecurityWeek. The problem is reflected in the state of images on Docker Hub: Patel reported scanning 15 images and finding 183 high-severity vulnerabilities and 15 critical ones. Even HashiCorp Vault, a tool built specifically for securing secrets, shipped with 40 vulnerabilities in its own image.
The threat is that these vulnerabilities can be automatically executed by Docker and propagate through CI/CD pipelines. DockSec tackles this by keeping all image scanning local; only the metadata from the scan results is sent to the LLM, never the image content itself. Users can select from OpenAI, Anthropic, Google Gemini, or run a model locally via Ollama. The output is delivered in Markdown, providing developers with both a human-readable explanation and the exact lines to change in their Dockerfile.
Since its OWASP adoption, DockSec has seen a surge in interest. Downloads are approaching 18,000, and the project has 90 pull requests. Patel noted that enterprise teams now take the tool seriously because it sits inside a trusted, vetted ecosystem. The OWASP status also imposes a responsibility to keep the project open, vendor-neutral, and community-driven, which Patel describes as “a good constraint to design under.”
The project is entirely free and Patel receives no financial compensation for it. But he sees DockSec as more than a single tool — it represents a design methodology that could be applied to other security domains. “DockSec can definitely be adapted. It is not just a security scanner that scans your code, your architecture, your infrastructure. It is a bridge between finding and fixing,” he explained. He envisions organizations adapting the methodology into their SOC automation to remediate findings from their existing scanners in a timely fashion.
DockSec's approach addresses a widely recognized pain point in the security industry: AI tools have become highly effective at finding vulnerabilities but remain poor at guiding developers to fix them. By packaging the correlation and remediation step into a free, OWASP-backed tool, DockSec offers a practical way for development teams to reduce their vulnerability backlog without overhauling their existing scanning stack. The project is available on GitHub and continues to evolve under community contributions.
As container adoption continues to grow, the ability to quickly and accurately fix vulnerabilities in Docker images becomes increasingly critical. DockSec represents a community-driven attempt to close the loop between detection and remediation, making container security more actionable for developers.