Dockier
Blog

Notes from the platform.

Engineering deep-dives, security research, and product updates.

OSV.dev: the dependency scanner you already have
Security31 Mar 20266 min read

OSV.dev: the dependency scanner you already have

Google's open vulnerability database covers more ecosystems than Snyk's free tier, ships under Apache 2.0, and needs no API key. A tour of the OSV ecosystem and the four sharp edges we hit integrating it.

The AI-fix PR is the wrong primitive
Product16 Mar 20265 min read

The AI-fix PR is the wrong primitive

Auto-generated fix PRs demo beautifully and pile up unread in production. After three months of watching them go stale, we replaced them with something more boring — and saw remediation rates triple.