1 free analysis, no signup required

Catch config mistakes before they ship.

Paste a Dockerfile, a docker-compose.yml, or a .env file. Get a security and best-practice review with concrete fixes and a hardened rewrite you can copy straight back into your repo.

SlimDocker · Dockerfile
Security score58/100
criticalruns-as-root

No USER directive. Container runs as root.

majorlatest-tag

FROM node:latest is unpinned and non-reproducible.

minorno-cache-clean

apt cache not cleaned, image larger than needed.

Deterministic plus AI

Regex and parser checks run first, then the AI explains the why and writes the fix. Fewer false positives.

Nothing is stored

Your files are analyzed in the request and discarded. We never persist your configs or secrets.

Copy-ready output

Every finding ships with a concrete fix, plus a full hardened rewrite of the file you pasted.

Questions or feedback?

Reach out anytime — we usually reply within one business day. Happy to help with billing, a tool result, or a feature request.

contact@devopsfriend.com

Frequently asked questions

Everything engineers usually ask before pasting their first config into DevopsFriend.

What kinds of files can DevopsFriend analyze?

DevopsFriend reviews Dockerfiles, docker-compose.yml files, and .env files. It flags insecure defaults, missing USER directives, pinned-versus-latest image tags, exposed secrets, overly broad port mappings, and other production risks. Each finding comes with a severity, a plain-English explanation of why it matters, and a concrete fix.

How does it differ from a plain linter or ChatGPT?

Deterministic regex and parser checks run first, so the obvious issues are caught reliably with no hallucination. The AI layer then explains the reasoning behind each finding and writes a hardened rewrite of your file. You get the precision of a linter with the context of an experienced reviewer, and far fewer false positives.

Are my configuration files or secrets stored?

No. Your files are analyzed during the request and then discarded. We never persist your configs, environment variables, or secrets, and nothing is used to train any model. You can safely review production files.

Do I need an account to try it?

No. Your first analysis is free with no signup required. Paste a file, get a full report with a copy-ready hardened rewrite, and only create an account if you want to run more analyses or keep a history.

How is pricing structured?

DevopsFriend uses simple pay-as-you-go credits rather than a recurring subscription. You buy a pack of analysis credits and they do not expire monthly, so you only pay for what you actually use. See the pricing page for current credit packs.

Ship safer configs.

Run your first analysis free, no signup needed.

Analyze a file free