Check and configure Dockerfile for FVH standards (minimal Alpine/slim, non-root, multi-stage)
Validates Dockerfiles against FVH security standards for minimal images, non-root users, and multi-stage builds.
/plugin marketplace add laurigates/claude-plugins/plugin install configure-plugin@lgates-claude-plugins[--check-only] [--fix] [--type <frontend|python|go|rust>]configure/Check and configure Dockerfile against FVH (Forum Virium Helsinki) standards with emphasis on minimal images, non-root users, and multi-stage builds.
This command validates Dockerfile configuration for Node.js frontend, Python, Go, and Rust service projects.
Skills referenced: container-development
CRITICAL: Before flagging outdated base images, verify latest versions:
Use WebSearch or WebFetch to verify current base image versions before reporting outdated images.
Non-negotiable security standards:
Frontend (Node.js) Standards:
| Check | Standard | Severity |
|---|---|---|
| Build base | node:22-alpine (LTS) | WARN if other |
| Runtime base | nginx:1.27-alpine | WARN if other |
| Multi-stage | Required | FAIL if missing |
| HEALTHCHECK | Required | FAIL if missing |
| Build caching | --mount=type=cache recommended | INFO |
| EXPOSE | Should match nginx port | INFO |
Python Service Standards:
| Check | Standard | Severity |
|---|---|---|
| Base image | python:3.12-slim | WARN if other |
| Multi-stage | Required for production | FAIL if missing |
| HEALTHCHECK | Required | FAIL if missing |
| Non-root user | Recommended | WARN if missing |
| Poetry/uv | Modern package manager | INFO |
FVH Dockerfile Compliance Report
================================
Project Type: frontend (detected)
Dockerfile: ./Dockerfile (found)
Configuration Checks:
Build base node:24-alpine ⚠️ WARN (standard: node:22-alpine)
Runtime base nginx:1.27-alpine ✅ PASS
Multi-stage 2 stages ✅ PASS
HEALTHCHECK Present ✅ PASS
Build caching npm cache ✅ PASS
EXPOSE 80 ✅ PASS
Recommendations:
- Consider using Node 22 LTS for stability
If --fix flag or user confirms:
HEALTHCHECK Template (nginx):
HEALTHCHECK --interval=30s --timeout=3s --start-period=5s --retries=3 \
CMD wget --no-verbose --tries=1 --spider http://localhost/health || exit 1
Update .fvh-standards.yaml:
components:
dockerfile: "2025.1"
FROM node:22-alpine AS build
ARG SENTRY_AUTH_TOKEN
ARG VITE_SENTRY_DSN
WORKDIR /app
COPY package*.json ./
RUN --mount=type=cache,target=/root/.npm npm ci
COPY . .
RUN --mount=type=cache,target=/root/.npm \
--mount=type=cache,target=/app/node_modules/.vite \
npm run build
FROM nginx:1.27-alpine
COPY --from=build /app/dist /usr/share/nginx/html
COPY nginx/default.conf.template /etc/nginx/templates/
EXPOSE 80
HEALTHCHECK --interval=30s --timeout=3s --start-period=5s --retries=3 \
CMD wget --no-verbose --tries=1 --spider http://localhost/health || exit 1
FROM python:3.12-slim AS builder
WORKDIR /app
COPY pyproject.toml uv.lock ./
RUN pip install uv && uv sync --frozen --no-dev
FROM python:3.12-slim
RUN useradd --create-home appuser
USER appuser
WORKDIR /app
COPY --from=builder /app/.venv /app/.venv
COPY --chown=appuser:appuser . .
ENV PATH="/app/.venv/bin:$PATH"
EXPOSE 8000
HEALTHCHECK --interval=30s --timeout=3s --start-period=10s --retries=3 \
CMD curl -f http://localhost:8000/health || exit 1
CMD ["uvicorn", "app.main:app", "--host", "0.0.0.0", "--port", "8000"]
| Flag | Description |
|---|---|
--check-only | Report status without offering fixes |
--fix | Apply fixes automatically |
--type <type> | Override project type (frontend, python) |
/configure:skaffold - Kubernetes development configuration/configure:all - Run all FVH compliance checkscontainer-development skill - Container best practices