QODRYX is an AI-powered DevOps platform that provides comprehensive security scanning, automated testing, one-click deployment, and real-time performance monitoring. It's designed to help development teams ship secure, tested code faster.

How does QODRYX secure AI-generated code?

QODRYX uses multiple security scanning tools including SAST (Static Application Security Testing), secret detection, dependency scanning, and AI-specific vulnerability patterns to identify security issues in AI-generated code before it reaches production.

What deployment platforms does QODRYX support?

QODRYX supports deployment to Vercel, Railway, Docker containers, and any VPS via SSH. It provides one-click deployment with automatic rollback capabilities.

Does QODRYX offer a free plan?

Yes, QODRYX offers a free plan that includes 50 security scans per month, 1 AI provider integration, and 3 deployments per month. Perfect for individual developers and small projects.

How does QODRYX compare to other DevOps tools?

Unlike single-purpose tools, QODRYX provides an all-in-one solution covering security, testing, deployment, and monitoring. It's specifically designed for AI-assisted development workflows and includes features like AI code review, cost tracking, and compliance automation.

Docker Deployment | QODRYX Documentation

Overview

Docker containers provide a consistent, portable way to deploy applications anywhere. QODRYX enhances Docker workflows with automated builds, security scanning, and multi-registry support.

Container Security

QODRYX scans container images for vulnerabilities before pushing to registries, ensuring only secure images are deployed.

Prerequisites

A Dockerfile in your repository
Access to a container registry (Docker Hub, ECR, GCR, etc.)
Registry credentials configured in QODRYX

Supported Registries

Docker Hub

docker.io

Amazon ECR

xxx.dkr.ecr.region.amazonaws.com

Google Container Registry

gcr.io / artifact registry

GitHub Container Registry

ghcr.io

Azure Container Registry

xxx.azurecr.io

Self-Hosted Registry

Any Docker v2 compatible registry

Step 1: Configure Registry

Add your container registry credentials to QODRYX:

Go to Settings → Integrations
Select your registry provider
Enter your credentials (username/password or service account)
Test the connection

Terminal (Alternative: CLI)

# Add Docker Hub credentials
qodryx secrets set DOCKER_USERNAME myusername
qodryx secrets set DOCKER_PASSWORD mypassword

# Add AWS ECR (uses AWS credentials)
qodryx secrets set AWS_ACCESS_KEY_ID xxx
qodryx secrets set AWS_SECRET_ACCESS_KEY xxx

# Add GCR (uses service account JSON)
qodryx secrets set GCP_SERVICE_ACCOUNT '{"type":"service_account",...}'

Step 2: Basic Configuration

Configure Docker builds in your QODRYX config:

qodryx.config.yaml

docker:
  # Registry configuration
  registry: docker.io
  repository: myorg/myapp
  
  # Build configuration
  build:
    dockerfile: Dockerfile
    context: .
    
    # Build arguments
    args:
      NODE_ENV: production
      
    # Target stage for multi-stage builds
    target: production
    
  # Tagging strategy
  tags:
    - latest
    - "{{git.sha}}"
    - "{{git.branch}}"
    - "v{{semver}}"
    
  # Security scanning
  scan:
    enabled: true
    fail_on: critical  # critical, high, medium, low
    
  # Push settings
  push:
    enabled: true
    on_success_only: true

Step 3: Optimized Dockerfile

Example production-ready Dockerfile with multi-stage builds:

Dockerfile

# Stage 1: Dependencies
FROM node:20-alpine AS deps
WORKDIR /app
COPY package*.json ./
RUN npm ci --only=production

# Stage 2: Build
FROM node:20-alpine AS builder
WORKDIR /app
COPY --from=deps /app/node_modules ./node_modules
COPY . .
RUN npm run build

# Stage 3: Production
FROM node:20-alpine AS production
WORKDIR /app

# Create non-root user
RUN addgroup -g 1001 -S nodejs
RUN adduser -S nextjs -u 1001

# Copy built assets
COPY --from=builder --chown=nextjs:nodejs /app/.next ./.next
COPY --from=builder /app/node_modules ./node_modules
COPY --from=builder /app/package.json ./package.json
COPY --from=builder /app/public ./public

USER nextjs

EXPOSE 3000
ENV PORT 3000
ENV NODE_ENV production

CMD ["npm", "start"]

Multi-Stage Benefits

Multi-stage builds reduce final image size by 50-80%, improve security by excluding build tools, and speed up deployments.

Container Security Scanning

QODRYX scans container images for vulnerabilities before pushing:

qodryx.config.yaml

docker:
  scan:
    enabled: true
    
    # Fail build if vulnerabilities found
    fail_on: high  # critical, high, medium, low
    
    # Ignore specific CVEs
    ignore:
      - CVE-2023-12345  # Known false positive
      
    # Scan base image too
    scan_base_image: true
    
    # Generate SBOM (Software Bill of Materials)
    sbom:
      enabled: true
      format: spdx  # spdx or cyclonedx

Scan Results

View scan results in the QODRYX dashboard or CLI:

Terminal

$ qodryx docker scan myapp:latest

Scanning image myapp:latest...

╭──────────────────────────────────────────────────────────╮
│ VULNERABILITY SCAN RESULTS                                │
├──────────────────────────────────────────────────────────┤
│ Total: 12 | Critical: 0 | High: 2 | Medium: 8 | Low: 2   │
╰──────────────────────────────────────────────────────────╯

HIGH VULNERABILITIES:
┌────────────────┬─────────────┬────────────────────────────┐
│ CVE            │ Package     │ Fix Version                │
├────────────────┼─────────────┼────────────────────────────┤
│ CVE-2024-1234  │ openssl     │ 3.0.13                     │
│ CVE-2024-5678  │ libcurl     │ 8.6.0                      │
└────────────────┴─────────────┴────────────────────────────┘

✓ SBOM generated: sbom.spdx.json

Build & Push Commands

Build and push images using the QODRYX CLI:

Terminal

# Build image locally
qodryx docker build

# Build and push to registry
qodryx docker build --push

# Build with specific tag
qodryx docker build --tag v1.2.3 --push

# Build for multiple platforms
qodryx docker build --platform linux/amd64,linux/arm64 --push

# Build without cache
qodryx docker build --no-cache --push

# View build logs
qodryx docker logs --build-id abc123

Multi-Platform Builds

Build images for multiple architectures:

qodryx.config.yaml

docker:
  build:
    platforms:
      - linux/amd64
      - linux/arm64
      - linux/arm/v7
      
    # Use BuildKit for faster builds
    buildkit: true

CI/CD Integration

Integrate Docker builds into your CI/CD pipeline:

.github/workflows/docker.yml

name: Docker Build

on:
  push:
    branches: [main]
  pull_request:
    branches: [main]

jobs:
  build:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
      
      - name: Install QODRYX CLI
        run: curl -fsSL https://get.qodryx.com | bash
        
      - name: Build and Push
        run: qodryx docker build --push
        env:
          QODRYX_API_KEY: ${{ secrets.QODRYX_API_KEY }}

Key Features

Security Scanning

Scan for CVEs before pushing

Multi-Platform

Build for AMD64 and ARM64

SBOM Generation

Software bill of materials

Layer Caching

Faster rebuilds with caching

Troubleshooting

Authentication Errors

Verify registry credentials are correct
Check if credentials have expired (AWS ECR tokens expire)
Ensure the repository exists in the registry

Build Failures

Check Dockerfile syntax and base image availability
Verify build context includes all required files
Review build logs for specific error messages

Image Size

Large images slow down deployments. Use multi-stage builds and Alpine base images to minimize image size.