Now live as a GitHub App ยท Free forever

Your PR gets reviewed
like a senior DevOps engineer.

DevDoctor automatically scans every pull request for infrastructure issues โ€” and writes the fix for you. No setup. No configuration. No missed mistakes.

Start scanning PRs in 30 seconds โ†’ View on GitHub
โœ“ Works with any GitHub repo โœ“ Zero configuration โœ“ AI-powered fixes โœ“ Free to use
devdoctor scan ./api-service
$ devdoctor scan .
๐Ÿ” Scanning /api-service โ€” found Dockerfile, docker-compose.yml
๐Ÿ“„ Dockerfile Score: 40/100
โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€
โŒ ERROR  HARDCODED_SECRET (line 3)
ENV API_KEY=sk-prod-abc... detected in image layer
Fix โ†’ Remove from Dockerfile, inject at runtime: docker run -e API_KEY=$KEY
โš  WARNING  NO_USER
Container runs as root โ€” reduces attack surface
Fix โ†’ RUN useradd -r -s /bin/false appuser && USER appuser
โš  WARNING  NO_DOCKERIGNORE
Build context contains .env, .git, node_modules
๐Ÿค– AI Summary โ€” Fix secrets + USER first. Critical security issues.
โŒ Overall: 40/100 โ–ˆโ–ˆโ–ˆโ–ˆโ–‘โ–‘โ–‘โ–‘โ–‘โ–‘
๐Ÿ”Œ Works with any GitHub repo
โšก Triggers on every PR automatically
๐Ÿ”’ No code leaves your repo
๐Ÿค– Powered by Gemini 2.5 Flash
๐Ÿ†“ Free to use
// The problem

Infrastructure bugs reach production because nobody reviews Dockerfiles.

Code reviewers focus on logic. DevOps issues slip through. DevDoctor fills that gap automatically.

โœ— Without DevDoctor
๐Ÿ˜ฐ
Manual, inconsistent reviewsDockerfile checks depend on reviewer experience. Easy to miss on busy PRs.
๐Ÿ”‘
Secrets baked into imagesAPI keys in ENV or ARG get committed, layered, and exposed in image history.
๐Ÿšข
Issues reach productionRunning containers as root. No healthchecks. Bloated images. All avoidable.
โฑ
Slowdown during incidentsHours debugging issues that a 30-second scan would have caught at PR time.
โœ“ With DevDoctor
๐Ÿค–
Automated PR-level scanningEvery PR with infrastructure changes gets a full analysis. Zero manual effort.
๐Ÿ›ก๏ธ
Secrets caught before mergeHardcoded secrets flagged at line level with exact remediation steps.
โœ…
AI writes the fix for youNot just "this is wrong" โ€” specific, copy-pasteable fixes generated by AI.
๐Ÿ“Š
Health score per PRTrack infrastructure quality over time. Block merges below a threshold with CI mode.
// How it works

Three steps.
Zero configuration.

Install once, forget about it. DevDoctor runs silently in the background on every relevant PR.

01
๐Ÿ”Œ
Install the GitHub App

One-click install from the GitHub Marketplace. Select which repos to monitor. Takes under 30 seconds. No YAML config, no token setup.

02
๐Ÿ”€
Open a pull request

Any PR that modifies a Dockerfile, docker-compose.yml, or Kubernetes manifest automatically triggers a DevDoctor scan.

03
๐Ÿ’Š
Get the diagnosis

DevDoctor posts a structured comment with a health score, issue table, severity levels, and AI-generated fix for every problem found.

// Features

Not a linter.
A DevOps co-pilot.

DevDoctor doesn't just detect problems. It understands context and writes the fix โ€” like pairing with a senior engineer on every PR.

๐Ÿณ
Deep Dockerfile Analysis

9 rules covering security, performance, and reliability. Catches hardcoded secrets, root execution, unpinned images, layer bloat, and missing runtime safety nets.

secretssecurityperformance9 rules
๐Ÿค–
AI Fix Suggestions

Powered by Gemini 2.5 Flash. Every issue includes a specific, copy-pasteable fix โ€” not generic advice. Context-aware suggestions that understand your actual file.

Gemini 2.5 Flashcontext-awareactionable
๐Ÿ“ฆ
Multi-layer Infrastructure Scanning

Analyzes Dockerfiles and docker-compose together. Catches cross-service issues like unpinned service images, open port bindings, and missing healthchecks.

docker-composenetworking5 rules
โšก
Zero Configuration Setup

No YAML files, no tokens, no CLI setup required for teams. Install the GitHub App once and every eligible PR gets scanned automatically. It just works.

plug-and-playGitHub App30 second setup
// What your team sees

A full DevOps report,
right inside the PR.

No dashboards to check. No tools to run. DevDoctor posts directly to GitHub โ€” exactly where your team already works.

DD
devdoctor-io bot 2 minutes ago
๐Ÿฉบ DevDoctor Report
Overall: 40/100 โš ๏ธ

๐Ÿ“„ Dockerfile โ€” 40/100
SeverityRuleIssue
โŒ ErrorHARDCODED_SECRETAPI key found in ENV instruction (line 3)
โš  WarningNO_USERContainer executes as root
โš  WarningNO_DOCKERIGNORESensitive files included in build context
โ„น InfoNO_HEALTHCHECKDocker cannot detect unhealthy container
๐Ÿค– AI Summary: This Dockerfile has two critical security vulnerabilities. The hardcoded secret will be permanently embedded in image layer history, and root execution increases the blast radius of any container escape. Resolve both before merging to any non-local environment.
Powered by DevDoctor โ€” AI-powered DevOps health checker devdoctor-io โœ“
9+
Dockerfile rules
5+
Compose rules
30s
Setup time
โˆž
Repos supported
// Roadmap

Actively built.
Rapidly expanding.

DevDoctor ships weekly. Here's what's live and what's coming next.

โœ“
โœ“ SHIPPED
Dockerfile Analyzer

9 rules โ€” secrets, pinned images, USER, HEALTHCHECK, layer optimization, .dockerignore.

โœ“
โœ“ SHIPPED
GitHub App

Automatic PR scanning with inline comment reports and commit status checks.

โœ“
โœ“ SHIPPED
Gemini AI Fixes

Context-aware fix suggestions for every issue. Specific, not generic.

โ†’ IN PROGRESS
Kubernetes Analyzer

Resource limits, liveness probes, security contexts, namespace enforcement.

โ†’ COMING SOON
GitHub Actions Checker

Pinned action versions, secret exposure, missing job timeouts, runner security.

โ—ฆ PLANNED
CI Mode + HTML Reports

Exit with code 1 below score threshold. Shareable HTML report export with --report flag.

// Get started

Catch infra issues before
they reach production.

Install the GitHub App in 30 seconds. Your next PR gets a full infrastructure health report โ€” automatically.

โ†’ github.com/apps/devdoctor-io/installations/new
Install GitHub App โ€” Free โ†’ View Source on GitHub
Aryan Shaw
// About the builder

Aryan Shaw

Backend engineer building developer tools and AI-powered products.

Currently working at TCS. Previously at DailyPe (YC W23). I build things that solve real developer problems โ€” DevDoctor is one of them.

LinkedIn GitHub X / Twitter