Docker Compose Auditor — Healthchecks, Secrets, Ports

Paste your compose file. Audit healthchecks, secrets, port collisions and env vars instantly.

🔒 Runs 100% in your browser — your files never leave your device

🕐 Cron Builder & Visualiser Visualize job overlaps 🔒 SSL Checker Check cert expiry 🐳 Docker Auditor Audit compose files 🛡️ Firewall Auditor Audit UFW rules 🔀 Reverse Proxy Mapper Map routing & audit 🤖 robots.txt Audit crawl & AI bots

1. Healthcheck completeness

Paste a compose file and click Audit

2. Env var bridge map

Paste a compose file and click Audit

3. Port collision grid

Paste a compose file and click Audit

4. Secrets Scan

Paste a compose file and click Audit

5. Image Tag Checker

Paste a compose file and click Audit

How It Works

1. Paste

Paste your docker-compose.yml — optionally add your .env file for full variable bridging.

2. Audit

Click Audit. The tool scans all services for missing healthchecks, hardcoded secrets, port collisions and missing env vars.

3. Fix

Each finding includes an explanation and a suggested fix. Nothing leaves your browser.

Frequently Asked Questions

What does the Docker Compose Auditor check?

It scans your compose file for missing healthchecks, hardcoded secrets in environment blocks, port collisions, services bound to 0.0.0.0, and missing restart policies.

What is a hardcoded secret in Docker?

A hardcoded secret is when you write a literal value like PASSWORD=mysecret directly in your compose file instead of using a variable reference like PASSWORD=${MY_SECRET}. Hardcoded secrets can be accidentally committed to version control.

Does this tool send my compose file anywhere?

No. Parsing happens entirely in your browser. Your compose file never leaves your machine.

What is a port collision?

A port collision is when two services in the same compose file map to the same host port. Only one service can bind to a host port at a time — the second one will fail to start.

Does it support Docker Swarm or Kubernetes?

This tool is designed for docker-compose.yml files only. It does not support Swarm deploy configs or Kubernetes manifests.

How does the Image Tag Checker work?

For each image in your compose file, the tool queries the Docker Hub public API to find the latest available tag and compares it against your pinned version. It flags services using :latest (unpredictable builds), outdated tags (newer version available), and rewards digest-pinned images (most stable). Private registry images are skipped. All requests go directly from your browser to Docker Hub — no proxy involved.

What does the Healthcheck Injector do?

When healthcheck issues are found, click "Inject Fixes" to generate a fixed version of your compose file with healthchecks automatically added for each service that is missing one. Templates are matched by image name — postgres, mysql, redis, nginx, rabbitmq, elasticsearch, and mongodb all get the correct production-ready healthcheck command. Unknown images get a safe default. Copy the result and paste it into your project.

Does it detect NVIDIA GPU misconfigurations?

Yes. If your compose file uses runtime: nvidia, deploy.resources.reservations.devices, or NVIDIA_ environment variables, panel 6 appears with GPU-specific checks: deprecated runtime syntax, missing NVIDIA_VISIBLE_DEVICES, missing driver capabilities, conflicting count and device_ids, and missing nvidia-container-runtime daemon config.