Why does this produce a .dockerignore too?

A missing or incomplete .dockerignore often results in accidentally copying .env files, node_modules, or .git history into the image. Claude generates both files together to prevent this common mistake.

Can I use this to generate Dockerfiles for monorepos?

Yes. Add the monorepo structure to additional_requirements and specify which workspace/service you are containerising. Claude will generate COPY commands with the correct relative paths.

Does Claude understand Trivy security scanning output?

Yes. Paste a Trivy JSON or table output into a follow-up message and ask Claude to update the Dockerfile to fix the flagged vulnerabilities. It understands Trivy's vulnerability format well.

Why does this produce a .dockerignore too?

A missing or incomplete .dockerignore often results in accidentally copying .env files, node_modules, or .git history into the image. Claude generates both files together to prevent this common mistake.

Can I use this to generate Dockerfiles for monorepos?

Yes. Add the monorepo structure to additional_requirements and specify which workspace/service you are containerising. Claude will generate COPY commands with the correct relative paths.

Does Claude understand Trivy security scanning output?

Yes. Paste a Trivy JSON or table output into a follow-up message and ask Claude to update the Dockerfile to fix the flagged vulnerabilities. It understands Trivy's vulnerability format well.

devopsClaude

Dockerfile Generation Prompt (Claude)

This Claude-optimised variant uses XML output tags to produce a structured response containing four artefacts: the Dockerfile, .dockerignore, build/run commands, and security notes. The XML structure makes it easy to extract individual sections programmatically, which is valuable if you are building a tool that auto-generates Dockerfiles from project metadata.

Prompt Template

<role>You are a senior DevOps engineer and container security specialist. You follow Docker best practices and always generate production-ready configurations.</role>

<task>Generate a production-ready Dockerfile and companion documentation for the application described below.</task>

<application>
  <type>{{app_type}}</type>
  <runtime>{{runtime}} {{runtime_version}}</runtime>
  <build_command>{{build_command}}</build_command>
  <start_command>{{start_command}}</start_command>
  <port>{{port}}</port>
  <env_vars>{{env_vars}}</env_vars>
  <additional_requirements>{{additional_requirements}}</additional_requirements>
</application>

<requirements>
  <must_have>multi-stage build, non-root user, specific image tag, HEALTHCHECK, dependency-layer caching</must_have>
</requirements>

<output_format>
Provide your response in this structure:
<dockerfile>
[the complete Dockerfile]
</dockerfile>
<dockerignore>
[recommended .dockerignore entries]
</dockerignore>
<build_run_commands>
[docker build and run commands for local testing]
</build_run_commands>
<security_notes>
[3-5 security considerations for this specific application type]
</security_notes>
</output_format>

Variables

{{app_type}}Application type, e.g., "REST API", "static website", "background worker"

{{runtime}}Runtime, e.g., Node.js, Python, Go

{{runtime_version}}Specific version, e.g., 20.11, 3.12

{{build_command}}Build command or "None"

{{start_command}}Start command

{{port}}Exposed port

{{env_vars}}Required environment variable names

{{additional_requirements}}Extra requirements or "None"

Example

Input

app_type: Python FastAPI service
runtime: Python
runtime_version: 3.12
build_command: None
start_command: uvicorn app.main:app --host 0.0.0.0 --port 8000
port: 8000
env_vars: DATABASE_URL, SECRET_KEY, ALLOWED_ORIGINS
additional_requirements: Must pass security scanning with Trivy

Output

<dockerfile>
FROM python:3.12-slim AS base
WORKDIR /app
COPY requirements.txt .
RUN pip install --no-cache-dir -r requirements.txt

FROM base AS runner
RUN useradd -m -u 1000 appuser
COPY --chown=appuser:appuser . .
USER appuser
EXPOSE 8000
HEALTHCHECK --interval=30s --timeout=5s CMD curl -f http://localhost:8000/health || exit 1
CMD ["uvicorn", "app.main:app", "--host", "0.0.0.0", "--port", "8000"]
</dockerfile>
<security_notes>
1. Use python:3.12-slim to minimise attack surface; avoid python:3.12 (includes build tools)
2. Never bake DATABASE_URL or SECRET_KEY into the image; inject at runtime
3. Pin requirements.txt versions to prevent dependency confusion attacks
</security_notes>

FAQ

Why does this produce a .dockerignore too?: A missing or incomplete .dockerignore often results in accidentally copying .env files, node_modules, or .git history into the image. Claude generates both files together to prevent this common mistake.
Can I use this to generate Dockerfiles for monorepos?: Yes. Add the monorepo structure to additional_requirements and specify which workspace/service you are containerising. Claude will generate COPY commands with the correct relative paths.
Does Claude understand Trivy security scanning output?: Yes. Paste a Trivy JSON or table output into a follow-up message and ask Claude to update the Dockerfile to fix the flagged vulnerabilities. It understands Trivy's vulnerability format well.

Related Prompts

Dockerfile Generation Prompt

Dockerfiles generated without guidance often use :latest tags, run as root, and copy the e...

CI/CD Pipeline Configuration Prompt

CI/CD configurations involve many interdependent jobs and conditional triggers that are ea...

Kubernetes Manifest Generation Prompt

Kubernetes manifests have many interacting fields that are easy to misconfigure. This prom...

Dockerfile Generation Prompt (Claude)

Variables

Example

Related Tools

FAQ

Related Prompts