Docker Compose Linter is a skill that scans docker-compose.yml and compose.yaml files for misconfigurations that can lead to security vulnerabilities, performance bottlenecks, and deployment failures. It runs a 14-point quality gate that goes beyond basic YAML syntax validation.
On the security side, the skill detects hardcoded secrets, privileged mode usage, dangerous Linux capabilities, and exposed database ports. For reliability, it checks that healthchecks are defined, restart policies are set, and resource limits are present to prevent host exhaustion. Architecturally, it flags backend services that are not isolated to internal networks and images that use floating tags such as :latest rather than pinned versions. It also identifies deprecated version fields and recommends service_healthy dependency conditions in line with current Docker Compose standards.
The output is a categorized report using CRITICAL, WARNING, and PASS indicators. Each finding includes a line-specific location in the file and a clear remediation step, so the agent or developer can act on results without further investigation.
This skill is most useful when Compose files are part of a CI pipeline review, a pre-deployment gate, or an infrastructure-as-code audit workflow. It is not a runtime monitoring tool and does not interact with a running Docker daemon or deployed containers.