About the Role
The DockSec project, an OWASP Incubator initiative, is seeking skilled contributors to help advance an open-source AI-powered Docker security scanner. This role involves working on a Python‑based tool that unites three established container vulnerability scanners – Trivy, Hadolint, and Docker Scout – with a language-model interpretation layer. The position offers a unique opportunity to shape how developers detect and fix security flaws in Dockerfiles, while directly collaborating with the creator, Advait Patel, and the broader OWASP community.
Key Responsibilities
- Enhance the DockSec Python codebase to integrate and correlate findings from Trivy, Hadolint, and Docker Scout.
- Expand the language‑model layer, supporting backends like OpenAI, Anthropic, Google Gemini, and local models for contextual vulnerability explanations.
- Implement and refine the 0‑100 security scoring algorithm, ensuring accuracy and actionable output.
- Develop line‑specific remediation proposals that help developers patch Dockerfile vulnerabilities quickly.
- Contribute to documentation and community guides, making the tool accessible to both security professionals and DevOps teams.
- Collaborate on CI/CD pipeline integrations and compatibility testing with Python 3.12 environments.
- Participate in OWASP project reviews and security best‑practice discussions to keep DockSec aligned with industry standards.
Requirements
- Proficiency in Python 3.12 and experience with containerization technologies, especially Docker.
- Hands‑on familiarity with one or more of the core scanners: Trivy, Hadolint, or Docker Scout.
- Understanding of language model APIs (OpenAI, Anthropic, Google Gemini) and local model serving architectures.
- Solid grasp of software supply‑chain security, OWASP Top‑10 for containers, and secure coding principles.
- Comfort working in an open‑source, distributed team – using Git, issue trackers, and collaborative code review.
- Strong communication skills for writing technical documentation and engaging with a diverse developer community.
Compensation & Benefits
- Flexible, remote‑first contribution model – work from anywhere on a schedule that suits you.
- Direct mentorship from the project’s creator and close interaction with the OWASP security network.
- Recognition as a contributor to an official OWASP Incubator Project, valuable for personal branding and career growth.
- Opportunity to work with cutting‑edge AI integration in application security, bridging traditional scanning with LLM‑powered analysis.
- All project code is MIT‑licensed, ensuring your contributions remain open and accessible to the wider community.
How to Apply
Interested candidates can apply directly via the Apply Now button above. Visit the original listing for full application details and to learn more about the DockSec project’s roadmap. For those exploring similar security‑focused open‑source roles, the Let’s Encrypt Post-Quantum Cryptography Developer Role may also be of interest, while developers who enjoy bridging tools with AI might check out the GitHub Seeks Software Engineer for New Copilot Desktop App opportunity.