Will It Vibe?
DEP-009Medium severity-8 points

Missing .dockerignore

Part of Dependencies & Hygiene, which counts for 10% of the overall score. When this check fires it deducts 8 points from that category, once per scan, no matter how many places it turns up.

What it detects

A Dockerfile exists but there's no .dockerignore, risking secrets/bloat being copied into the image build context.

Why it matters

Without a .dockerignore, docker build ships your entire directory to the daemon as build context, and any COPY . . drags node_modules, .git, and local .env files into the image. That means slower builds, bloated images, and in the worst case real secrets baked into layers that anyone who pulls the image can extract. A .dockerignore is one small file that closes all three problems.

How to fix it

Create a .dockerignore next to the Dockerfile listing at minimum: .git, .env and .env.*, node_modules, dist or build outputs, __pycache__, .venv, coverage folders, and log files. Rebuild and compare: the "transferring context" size in the build output should drop sharply. If your build needs one of the ignored paths (say, a prebuilt dist), whitelist it explicitly with a ! negation line rather than leaving the ignore file loose.

The paid report includes a ready-to-paste prompt for your AI coding agent for every check it finds, pointed at the exact findings from your scan. See pricing

Does your repo trip this check?

Paste a GitHub URL or drop a project folder. Scans run in your browser and take seconds.

Scan your repo

Related Dependencies & Hygiene checks