Docker Compose Audit

Name: Docker Compose Audit
Author: UnbearableDev

UnbearableDev/docker-compose-audit

Run a structured security review on docker-compose.yml from the agent before you ship self-hosted or dockerized stacks.

Overview

io.github.UnbearableDev/docker-compose-audit is a Ship-phase MCP server that security-audits docker-compose.yml with 25 checks via an Apify streamable-http endpoint.

What is this MCP server?

25 automated checks across docker-compose.yml security topics
Covers secrets, privileges, networking, volumes, and images
Hosted streamable-http MCP on Apify actor infrastructure
Requires Apify Bearer token in Authorization header
25 security checks
docker-compose.yml scope
Remote MCP v1.0.0 on Apify actor

Compatible agents: Claude Code, Cursor, Codex, any compatible agent

What problem does it solve?

You are about to deploy from docker-compose but cannot quickly tell if secrets, privileges, or networks in the file are unsafe.

Who is it for?

Indie devs self-hosting with Docker Compose who want agent-driven static audits before merge or deploy.

Skip if: Kubernetes-only deployments, runtime intrusion testing, or teams without an Apify account and compose-based workflow.

What do I get? / Deliverables

After registering the Apify MCP remote with your API token, the agent can return a structured pass/fail style review across 25 compose security checks.

Security audit results against 25 compose checks (secrets, privileges, network, volumes, images)
Actionable findings the agent can turn into compose fixes before ship

Recommended MCP Servers

1Claw Vault1clawAI/1claw-mcp

1Claw Vault exposes a stdio MCP server (@1claw/mcp) that connects AI agents to HSM-backed secret storage with just-in-ti…2 stars

1passwordCakeRepository/1Password-MCP

The 1Password MCP server lets solo builders wire service-account access into Claude Code, Cursor, or other stdio MCP hos…16 stars

402sentinel Mcpkaditang/402sentinel-mcp

402 Sentinel MCP gives solo builders and agent authors a pre-flight check before honoring x402 payment flows on Base. In…1 stars

A2adependencyinspector Mcpclauxel/a2a-dependency-inspector-mcp

A2A Dependency Inspector MCP is a hosted Clauxel server for builders shipping agent-to-agent (A2A) workflows who must pr…

A2a Governance Bridge Mcp

A2A Governance Bridge is a Model Context Protocol server that exposes governance-oriented tools for multi-agent setups: …

A2aidentitytoll Mcpclauxel/a2a-identity-toll-mcp

A2A Identity Toll MCP is a Clauxel-hosted remote MCP server that acts as an identity and policy toll booth for agent-to-…

Journey fit

Primary fit

Compose files gate production deployments; auditing them belongs in Ship when hardening and pre-release checks happen. Security subphase covers static configuration review for secrets, privileges, and network exposure in compose definitions.

How it compares

Specialized docker-compose security audit MCP, not a general Dockerfile linter or infrastructure provisioning skill.

Common Questions / FAQ

Who is io.github.UnbearableDev/docker-compose-audit for?

Solo builders and small teams shipping Docker Compose stacks who want MCP-triggered security review from their coding agent.

When should I use io.github.UnbearableDev/docker-compose-audit?

Use it in Ship before production deploy or after meaningful compose edits affecting secrets, ports, volumes, or image sources.

How do I add io.github.UnbearableDev/docker-compose-audit to my agent?

Configure the Apify actor streamable-http MCP URL and set Authorization to Bearer plus your Apify API token from account integrations.

Docker Compose Audit

UnbearableDev/docker-compose-audit

Run a structured security review on docker-compose.yml from the agent before you ship self-hosted or dockerized stacks.

Overview

io.github.UnbearableDev/docker-compose-audit is a Ship-phase MCP server that security-audits docker-compose.yml with 25 checks via an Apify streamable-http endpoint.

What is this MCP server?

25 automated checks across docker-compose.yml security topics
Covers secrets, privileges, networking, volumes, and images
Hosted streamable-http MCP on Apify actor infrastructure
Requires Apify Bearer token in Authorization header
25 security checks
docker-compose.yml scope
Remote MCP v1.0.0 on Apify actor

Compatible agents: Claude Code, Cursor, Codex, any compatible agent

What problem does it solve?

You are about to deploy from docker-compose but cannot quickly tell if secrets, privileges, or networks in the file are unsafe.

Who is it for?

Indie devs self-hosting with Docker Compose who want agent-driven static audits before merge or deploy.

Skip if: Kubernetes-only deployments, runtime intrusion testing, or teams without an Apify account and compose-based workflow.

What do I get? / Deliverables

After registering the Apify MCP remote with your API token, the agent can return a structured pass/fail style review across 25 compose security checks.

Security audit results against 25 compose checks (secrets, privileges, network, volumes, images)
Actionable findings the agent can turn into compose fixes before ship

Recommended MCP Servers

1Claw Vault1clawAI/1claw-mcp

1Claw Vault exposes a stdio MCP server (@1claw/mcp) that connects AI agents to HSM-backed secret storage with just-in-ti…2 stars

1passwordCakeRepository/1Password-MCP

The 1Password MCP server lets solo builders wire service-account access into Claude Code, Cursor, or other stdio MCP hos…16 stars

402sentinel Mcpkaditang/402sentinel-mcp

402 Sentinel MCP gives solo builders and agent authors a pre-flight check before honoring x402 payment flows on Base. In…1 stars

A2adependencyinspector Mcpclauxel/a2a-dependency-inspector-mcp

A2A Dependency Inspector MCP is a hosted Clauxel server for builders shipping agent-to-agent (A2A) workflows who must pr…

A2a Governance Bridge Mcp

A2A Governance Bridge is a Model Context Protocol server that exposes governance-oriented tools for multi-agent setups: …

A2aidentitytoll Mcpclauxel/a2a-identity-toll-mcp

A2A Identity Toll MCP is a Clauxel-hosted remote MCP server that acts as an identity and policy toll booth for agent-to-…

Journey fit

Primary fit

How it compares

Specialized docker-compose security audit MCP, not a general Dockerfile linter or infrastructure provisioning skill.

Common Questions / FAQ

Who is io.github.UnbearableDev/docker-compose-audit for?

Solo builders and small teams shipping Docker Compose stacks who want MCP-triggered security review from their coding agent.

When should I use io.github.UnbearableDev/docker-compose-audit?

Use it in Ship before production deploy or after meaningful compose edits affecting secrets, ports, volumes, or image sources.

How do I add io.github.UnbearableDev/docker-compose-audit to my agent?

Configure the Apify actor streamable-http MCP URL and set Authorization to Bearer plus your Apify API token from account integrations.

Overview

What is this MCP server?

What problem does it solve?

Who is it for?

What do I get? / Deliverables

Recommended MCP Servers

Journey fit

Who is io.github.UnbearableDev/docker-compose-audit for?

When should I use io.github.UnbearableDev/docker-compose-audit?

How do I add io.github.UnbearableDev/docker-compose-audit to my agent?

This week for builders

Overview

What is this MCP server?

What problem does it solve?

Who is it for?

What do I get? / Deliverables

Recommended MCP Servers

Journey fit

Who is io.github.UnbearableDev/docker-compose-audit for?

When should I use io.github.UnbearableDev/docker-compose-audit?

How do I add io.github.UnbearableDev/docker-compose-audit to my agent?