FROM python:3.11-slim
ENV PYTHONUNBUFFERED=1
# Install system dependencies
RUN apt-get update \
&& apt-get install -y --no-install-recommends \
build-essential \
libssl-dev \
libffi-dev \
ca-certificates \
git \
&& rm -rf /var/lib/apt/lists/*
# Install Python dependencies used by cipherscan
RUN python -m pip install --no-cache-dir tlslite-ng ecdsa
# Create application directory
WORKDIR /opt/cipherscan
# Copy repository into the image
COPY . .
# Default command to show help (smoke test should be able to run without network)
CMD ["bash", "-lc", "python3 cscan.py --help"]
# Ignore VCS and common local dirs .git __pycache__/ *.pyc *.pyo *.swp node_modules/ dist/ build/ .env .env.production
Concerns: Default CMD uses bash -lc, but the base image (python:3.11-slim) may not have bash installed. This can causeContainer startup to fail unless bash is installed or CMD is simplified to a direct Python invocation., The CMD assumes a file named cscan.py at the repo root. If the repository uses a different entry point (e.g., cipherscan.py or a package entry point), the image may fail to start., COPY . . copies the entire build context into the image; if there are large or unnecessary files, this can bloat the image. Consider using a .dockerignore to exclude development files, tests, and caches. Smoke [PASS]: test -f /opt/cipherscan/cscan.py Smoke [PASS]: python3 /opt/cipherscan/cscan.py --help