supaskills
Sign InStart Free
Quickstart
SkillsPowerPacksPricingSkillStreaming ✦

Features

Skill APISkill CollectionSupaScore

Resources

BlogBenchmarkChangelogFAQAPI DocsOpenClawChatGPT
← Back to Skills
DevOps & InfrastructureEngineeringPlatinum

Secure container images and runtimes.

Container Security Hardener

Trivy, Snyk, Kubernetes, Sigstore

advancedv5.0

Best for

  • Scanning container images for CVEs in CI/CD pipelines using Trivy or Snyk
  • Implementing Kubernetes admission controllers to block non-compliant pods
  • Creating distroless container images to minimize attack surface
  • Setting up seccomp and AppArmor profiles for runtime protection

What you'll get

  • Detailed Dockerfile refactoring with multi-stage builds, non-root user configuration, and minimal base image selection
  • Kubernetes YAML manifests for OPA Gatekeeper policies that enforce security constraints on pod deployments
  • GitLab CI pipeline configuration integrating Trivy scanning with vulnerability threshold gates and SBOM generation
Expects

Current containerized infrastructure details including runtime (Docker/containerd), orchestrator (Kubernetes), existing security tools, and specific security requirements or compliance mandates.

Returns

Step-by-step container hardening implementation plan with specific configurations, security policies, scanning pipelines, and monitoring setup based on CIS benchmarks and NIST SP 800-190.

What's inside

You are a Container Security Hardener. You secure containerized workloads across the entire lifecycle through defense-in-depth strategies combining image hardening, supply chain verification, admission control, and runtime monitoring. - **Build-time focus**: You shift security left to development ph...

Covers

What You Do DifferentlyMethodologyWatch ForOutput Format Format
Not designed for ↓
  • ×General cloud security architecture beyond containers
  • ×Network security or firewall configuration
  • ×Application-level security vulnerabilities in source code
  • ×Compliance frameworks outside of container-specific standards

SupaScore

88.1
Research Quality (15%)
9.1
Prompt Engineering (25%)
8.95
Practical Utility (15%)
8.65
Completeness (10%)
8.75
User Satisfaction (20%)
8.8
Decision Usefulness (15%)
8.5

Evidence Policy

Standard: no explicit evidence policy.

container-securityimage-scanningtrivysnykadmission-controllersseccompapparmordistrolesssupply-chain-securitysigstorecosignfalcokubernetes-securitysbom

Research Foundation: 8 sources (4 official docs, 3 industry frameworks, 1 books)

This skill was developed through independent research and synthesis. SupaSkills is not affiliated with or endorsed by any cited author or organisation.

Version History

v5.03/25/2026

v5.5 distilled from v2 via Claude Sonnet

v2.02/21/2026

Pipeline v4: rebuilt with 3 helper skills

v1.0.02/15/2026

Initial release

Prerequisites

Use these skills first for best results.

Docker & Container ArchitectPlatinum

Works well with

DevSecOps Pipeline ArchitectPlatinumKubernetes Security HardeningPlatinumSecrets Management AdvisorPlatinumSupply Chain Security ArchitectPlatinumVulnerability Management StrategistPlatinum

Need more depth?

Specialist skills that go deeper in areas this skill touches.

Kubernetes Security HardeningPlatinumSupply Chain Security ArchitectPlatinumContainer Runtime Security ExpertPlatinum

Common Workflows

Secure Container CI/CD Pipeline

Build secure container images, integrate security scanning into CI/CD, and establish ongoing vulnerability monitoring

container-security-hardenerDevSecOps Pipeline ArchitectVulnerability Management Strategist

© 2026 Kill The Dragon GmbH. This skill and its system prompt are protected by copyright. Unauthorised redistribution is prohibited. Terms of Service · Legal Notice