Dockier
Security

Articles in Security.

Every Dockier blog post tagged Security.

All articles
Why we pin every GitHub Action by SHA
Security24 May 20261 min read

Why we pin every GitHub Action by SHA

Tag-based action references are a supply-chain footgun. We pin every third-party action to a full commit SHA and let Renovate keep them current. Here is the policy, the rationale, and the migration script we used to convert 140+ workflows.

Detecting sensitive data without an LLM
Security12 Apr 20267 min read

Detecting sensitive data without an LLM

A 320-line schema parser beats GPT-4o on PII classification — 12× faster, zero per-scan cost, no hallucinated labels. We still ship the model as a tie-breaker. Here's the breakdown of when each one wins.

OSV.dev: the dependency scanner you already have
Security31 Mar 20266 min read

OSV.dev: the dependency scanner you already have

Google's open vulnerability database covers more ecosystems than Snyk's free tier, ships under Apache 2.0, and needs no API key. A tour of the OSV ecosystem and the four sharp edges we hit integrating it.