DevOps Audit
CI/CD pipeline, Docker configuration, and infrastructure analysis for DevOps best practices.
4-Step Workflow
This tool completes in 4 steps, focusing on Docker, CI/CD, dependencies, and infrastructure.
Overview
The devops_audit tool analyzes DevOps configurations for security, efficiency, and best practices. It reviews Dockerfiles, GitHub Actions workflows, dependency manifests, and infrastructure as code.
Workflow Steps
1
Dockerfile Analysis
Base image security, multi-stage builds, layer optimization, and container security.
2
CI/CD Pipeline Review
GitHub Actions, GitLab CI, workflow permissions, secrets handling, and pipeline security.
3
Dependency Management
Package manifests, lock files, vulnerability scanning, and dependency pinning.
4
Infrastructure & Final Assessment
Infrastructure as code, Kubernetes manifests, Terraform configurations, and summary.
Parameters
| Parameter | Type | Required | Description |
|---|---|---|---|
| step_number integer |
Required | Current step number (1-4) | |
| next_step_required boolean |
Required | Set to false on step 4 |
|
| files_examined array[string] |
Required | DevOps files examined | |
| confidence string |
Required | Confidence level | |
| continuation_id string |
After step 1 | UUID from step 1 response | |
| devops_issues_found array[object] |
Optional | DevOps issues found | |
| devops_assessments object |
Optional | Positive observations | |
| artifacts_analyzed object |
Optional | Tracking analyzed vs omitted files | |
Issue Format
json
{
"category": "dockerfile",
"severity": "high",
"description": "Running container as root user",
"affected_files": ["Dockerfile"],
"remediation": "Add USER directive with non-root user",
"line_numbers": [15]
}Categories
- dockerfile - Container image issues
- cicd - CI/CD pipeline issues
- dependency - Dependency management issues
Common Issues Detected
Dockerfile Issues
| Issue | Severity | Description |
|---|---|---|
| Root user | High | Container runs as root |
| Unpinned base | Medium | Using :latest tag |
| No multi-stage | Low | Build artifacts in final image |
| Secrets in build | Critical | Secrets passed as build args |
CI/CD Issues
| Issue | Severity | Description |
|---|---|---|
| Excessive permissions | High | permissions: write-all |
| Unpinned actions | Medium | Using @main instead of SHA |
| No timeout | Low | Jobs can run indefinitely |
| Secrets in logs | Critical | Secrets printed to output |
Example Usage
MCP Tool Call
devops_audit(
step_number=1,
next_step_required=true,
files_examined=["Dockerfile", "docker-compose.yml"],
confidence="medium",
project_root_path="/path/to/project",
devops_issues_found=[
{
"category": "dockerfile",
"severity": "high",
"description": "Container runs as root user",
"affected_files": ["Dockerfile"],
"remediation": "Add 'USER node' after installing dependencies",
"line_numbers": [1, 25]
}
],
devops_assessments={
"Docker": "Uses multi-stage builds for smaller images"
},
artifacts_analyzed={
"dockerfiles": {
"analyzed": ["Dockerfile"],
"omitted": ["Dockerfile.dev"]
}
}
)Output
Generates reports/NNN_DEVOPS_AUDIT_REPORT.md with:
- Summary of all DevOps artifacts analyzed
- Issues by category (Docker, CI/CD, Dependencies)
- Severity breakdown
- Best practices recommendations