Missing .dockerignore
Part of Dependencies & Hygiene, which counts for 10% of the overall score. When this check fires it deducts 8 points from that category, once per scan, no matter how many places it turns up.
What it detects
A Dockerfile exists but there's no .dockerignore, risking secrets/bloat being copied into the image build context.
Why it matters
Without a .dockerignore, docker build ships your entire directory to the daemon as build context, and any COPY . . drags node_modules, .git, and local .env files into the image. That means slower builds, bloated images, and in the worst case real secrets baked into layers that anyone who pulls the image can extract. A .dockerignore is one small file that closes all three problems.
How to fix it
Create a .dockerignore next to the Dockerfile listing at minimum: .git, .env and .env.*, node_modules, dist or build outputs, __pycache__, .venv, coverage folders, and log files. Rebuild and compare: the "transferring context" size in the build output should drop sharply. If your build needs one of the ignored paths (say, a prebuilt dist), whitelist it explicitly with a ! negation line rather than leaving the ignore file loose.
The paid report includes a ready-to-paste prompt for your AI coding agent for every check it finds, pointed at the exact findings from your scan. See pricing
Does your repo trip this check?
Paste a GitHub URL or drop a project folder. Scans run in your browser and take seconds.
Scan your repo