Will It Vibe logoWill It Vibe?
DOCKER-010Low severity-4 points

No .dockerignore file

Part of Architecture & Best Practices, which counts for 15% of the overall score. When this check fires it deducts 4 points from that category, once per scan, no matter how many places it turns up.

What it detects

A Dockerfile exists but the repo has no .dockerignore, so the whole working tree (including .git, node_modules, secrets, and build junk) is sent to the daemon and can leak into the image.

Why it matters

With no .dockerignore, docker build sends the entire working tree to the daemon as the build context. That slows builds and, more importantly, risks copying .git, node_modules, local .env files, and other secrets into the image if a COPY . is present.

How to fix it

Add a .dockerignore at the build-context root listing things that should never enter the image: .git, node_modules, dist/build output, local env files, and editor/OS junk. Mirror the intent of your .gitignore, then verify no sensitive path is being copied in.

The paid report includes a ready-to-paste prompt for your AI coding agent for every check it finds, pointed at the exact findings from your scan. See pricing

Does your repo trip this check?

Paste a GitHub URL or drop a project folder. Scans run in your browser and take seconds.

Scan your repo

Related Architecture & Best Practices checks