← All tools
Scan Dockerfiles for hardcoded secrets
Secrets baked into image layers or compose files ship to every environment and stay in history forever. GhostCred detects hardcoded credentials in your Dockerfiles and docker-compose configs.
Scan my Dockerfile — freeWhat this checks
- ✓ENV and ARG values containing secrets
- ✓Credentials baked into image layers
- ✓API keys and tokens in docker-compose files
- ✓Registry and cloud credentials in build context
Why it matters
Anyone who pulls the image can extract baked-in secrets. Catch them before they ship.
Free first scan. No signup. Results in ~60 seconds.
Scan my Dockerfile — free