Will It Vibe logoWill It Vibe?
COMPOSE-002High severity-15 points

Docker socket mounted into a container

Part of Security, which counts for 30% of the overall score. When this check fires it deducts 15 points from that category, once per scan, no matter how many places it turns up.

What it detects

Mounting /var/run/docker.sock hands the container full control of the host Docker daemon, which is equivalent to root on the host.

Why it matters

Mounting /var/run/docker.sock lets the container talk to the host Docker daemon, which can start new containers, mount the host filesystem, and run code as root on the host. Anyone who compromises that container effectively owns the host. This is one of the most common container escape paths in real breaches.

How to fix it

Remove the docker.sock bind mount unless the service truly must manage containers. If it does (a CI runner or reverse proxy), put it behind a scoped socket proxy such as tecnativa/docker-socket-proxy that exposes only the specific API endpoints needed, and mount the socket read-only where possible. Never expose the raw socket to an internet-facing service.

The paid report includes a ready-to-paste prompt for your AI coding agent for every check it finds, pointed at the exact findings from your scan. See pricing

Does your repo trip this check?

Paste a GitHub URL or drop a project folder. Scans run in your browser and take seconds.

Scan your repo

Related Security checks