nixopus/dockerignore-generation
skills/dockerignore-generation/SKILL.md
Generate ecosystem-specific .dockerignore files to reduce build context size and prevent secret leaks. Use when no .dockerignore exists, when the build context is large, or when secrets may be leaking into images.
$ install --global
skillsauthnpx skillsauth add nixopus/agent dockerignore-generationInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
VirusTotalMulti-engine malware detection
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: Apr 22, 2026, 11:53 PM183.0s1 file scanned
SKILL.md
- name:
- dockerignore-generation
- description:
- Generate ecosystem-specific .dockerignore files to reduce build context size and prevent secret leaks. Use when no .dockerignore exists, when the build context is large, or when secrets may be leaking into images.
- version:
- 1.0
.dockerignore Generation
Why It Matters
Without a .dockerignore:
- Build context includes
node_modules(hundreds of MB),.githistory, and local env files - Secrets in
.envfiles get copied into the image and are extractable - Build is slow because Docker sends the entire directory to the daemon
Base Template (all ecosystems)
Every .dockerignore should include:
.git
.gitignore
.env
.env.*
!.env.example
!.env.sample
*.md
!README.md
LICENSE
docker-compose*.yml
.dockerignore
Dockerfile
.vscode
.idea
.cursor
Ecosystem-Specific Entries
Node.js
node_modules
.next
.nuxt
.output
dist
build
.cache
coverage
.nyc_output
*.log
npm-debug.log*
yarn-debug.log*
yarn-error.log*
.pnpm-debug.log*
.turbo
.vercel
.netlify
storybook-static
Python
__pycache__
*.pyc
*.pyo
*.egg-info
.eggs
.venv
venv
env
.tox
.pytest_cache
.mypy_cache
.ruff_cache
htmlcov
*.cover
Go
vendor/
*.test
*.out
bin/
tmp/
Rust
target/
*.rs.bk
Java
target/
build/
.gradle/
*.class
*.jar
!*.jar # if copying JARs intentionally, remove this line
.settings/
.classpath
.project
Ruby
vendor/bundle
.bundle
log/
tmp/
coverage/
spec/reports
PHP
vendor/
storage/logs/
storage/framework/cache/
storage/framework/sessions/
storage/framework/views/
bootstrap/cache/
Elixir
_build/
deps/
.elixir_ls/
cover/
.NET
bin/
obj/
*.user
*.suo
packages/
Generation Logic
- Start with the base template
- Detect ecosystem from the project (check for
package.json,go.mod,requirements.txt, etc.) - Append the matching ecosystem entries
- If
test/ortests/or__tests__/exists: add test directories - If
.github/exists: add.github/ - Write to
.dockerignoreat the project root
Gotchas
!.env.examplenegates the.env.*exclusion — keep example env files so Dockerfile can reference them- Monorepos:
.dockerignoreis relative to the build context root, not the Dockerfile location - Docker Compose
build.contextchanges what.dockerignoreapplies to — if context is., the root.dockerignoreapplies - Don't ignore
prisma/if Prisma is used —prisma/schema.prismais needed forpostinstall - Don't ignore lockfiles (
package-lock.json,yarn.lock, etc.) — they're essential for reproducible builds
Related Skills
pre-deploy-checklist— Checks for.dockerignoreexistence and flags missing onesdockerfile-generation— Generate.dockerignorealongside the Dockerfile
Related Skills
nixopus/api-catalog
tools
VerifiedTrustedCommunity
Compressed catalog of all Nixopus API operations for the nixopus_api() tool
1SKILL.mdUpdated Apr 26, 2026
nixopus/static-deploy
development
VerifiedTrustedCommunity
Deploy static file sites — Caddy/nginx serving, Staticfile config, and Dockerfile patterns. Use when deploying a static HTML site with no server-side runtime, or when index.html or a Staticfile is detected at the project root.
1SKILL.mdUpdated Apr 22, 2026
nixopus/shell-deploy
devops
VerifiedTrustedCommunity
Deploy shell script applications — interpreter detection, setup scripts, and Dockerfile patterns. Use when deploying a shell script project, or when start.sh is detected.
1SKILL.mdUpdated Apr 22, 2026
nixopus/self-heal
development
VerifiedTrustedCommunity
Self-healing loop for failed deployments — diagnose, fix, redeploy up to 3 attempts, then escalate or rollback. Load when a deployment fails or build errors occur.
1SKILL.mdUpdated Apr 22, 2026