Gomboc Demo Cases
Gomboc demo cases are community-ready, repeatable scenarios that show how to go from findings to safe, reviewable, and deterministic fixes quickly, using realistic code. Each demo is repeatable and designed to mirror what teams actually deploy.
What you’ll learn
How Gomboc scans and prioritizes issues in real repos
How policies map to findings and generate actionable fixes
How to apply fixes (IDE and/or other dev workflows) and validate results
Choose a demo case
1) Terraform with DolphinScheduler
Make an open-source Terraform deployment production-ready. You’ll scan a real deployment, prioritize high-impact cloud issues (public exposure, IAM, encryption, metadata hardening, backups/monitoring), and apply fixes in a repeatable flow. ➡️ Go to: Demo Case: Terraform with DolphinScheduler
2) Dockerfile Fixes
Eliminate Docker security maintenance toil with automated, PR-ready fixes. You’ll scan Dockerfiles and apply best-practice remediations, like ensuring OS package upgrades happen during builds, pinning base images, running as a non-root user, improving package hygiene, and preventing common secret-handling mistakes. ➡️ Go to: Demo Case: Dockerfile Hardening
3) Java with DolphinScheduler - Log4Shell
Gomboc expands beyond IaC with ORL: deliver deterministic remediation across cloud and code. You’ll scan a real Java project in your IDE, identify a vulnerable logging dependency chain, then use the Gomboc Webview Reviewer to preview and apply policy-aligned, repeatable dependency fixes. ➡️ Go to: Demo Case: Java with DolphinScheduler - Log4Shell
Feedback
Found a gap, false positive, or improvement idea? Leave feedback via our Discussions channel.
Include: demo case name, repo link/commit, finding ID, expected vs actual, and screenshots/logs where possible.
Last updated