Docker Compose Auditor — Healthchecks, Secrets, Ports

Paste your compose file. Audit healthchecks, secrets, port collisions and env vars instantly.

🕐 Cron Builder & Visualiser Visualize job overlaps 🔒 SSL Checker Check cert expiry 🐳 Docker Auditor Audit compose files 🛡️ Firewall Auditor Audit UFW rules 🔀 Reverse Proxy Mapper Map routing & audit

1. Healthcheck completeness

Paste a compose file and click Audit

2. Env var bridge map

Paste a compose file and click Audit

3. Port collision grid

Paste a compose file and click Audit

4. Secrets Scan

Paste a compose file and click Audit

How It Works

1. Paste

Paste your docker-compose.yml — optionally add your .env file for full variable bridging.

2. Audit

Click Audit. The tool scans all services for missing healthchecks, hardcoded secrets, port collisions and missing env vars.

3. Fix

Each finding includes an explanation and a suggested fix. Nothing leaves your browser.

Frequently Asked Questions

What does the Docker Compose Auditor check?

It scans your compose file for missing healthchecks, hardcoded secrets in environment blocks, port collisions, services bound to 0.0.0.0, and missing restart policies.

What is a hardcoded secret in Docker?

A hardcoded secret is when you write a literal value like PASSWORD=mysecret directly in your compose file instead of using a variable reference like PASSWORD=${MY_SECRET}. Hardcoded secrets can be accidentally committed to version control.

Does this tool send my compose file anywhere?

No. Parsing happens entirely in your browser. Your compose file never leaves your machine.

What is a port collision?

A port collision is when two services in the same compose file map to the same host port. Only one service can bind to a host port at a time — the second one will fail to start.

Does it support Docker Swarm or Kubernetes?

This tool is designed for docker-compose.yml files only. It does not support Swarm deploy configs or Kubernetes manifests.