# Gomboc Demo Cases Gomboc demo cases are community-ready, repeatable scenarios that show how to go from findings to safe, reviewable, and deterministic fixes quickly, using realistic code. Each demo is repeatable and designed to mirror what teams actually deploy. *** ### What you’ll learn * How Gomboc scans and prioritizes issues in real repos * How policies map to findings and generate actionable fixes * How to apply fixes (IDE and/or other dev workflows) and validate results *** ### Choose a demo case #### 1) Terraform with DolphinScheduler **Make an open-source Terraform deployment production-ready.**\ You’ll scan a real deployment, prioritize high-impact cloud issues (public exposure, IAM, encryption, metadata hardening, backups/monitoring), and apply fixes in a repeatable flow.\ ➡️ Go to: [Demo Case: Terraform with DolphinScheduler](https://docs.gomboc.ai/getting-started-ce/gomboc-demo-cases/demo-case-terraform-with-dolphinscheduler) #### 2) Dockerfile Fixes **Eliminate Docker security maintenance toil with automated, PR-ready fixes.**\ You’ll scan Dockerfiles and apply best-practice remediations, like ensuring OS package upgrades happen during builds, pinning base images, running as a non-root user, improving package hygiene, and preventing common secret-handling mistakes.\ ➡️ Go to: Demo Case: Dockerfile Hardening #### 3) Java with DolphinScheduler - Log4Shell **Gomboc expands beyond IaC with ORL: deliver deterministic remediation across cloud and code.**\ You’ll scan a real Java project in your IDE, identify a vulnerable logging dependency chain, then use the Gomboc Webview Reviewer to preview and apply policy-aligned, repeatable dependency fixes.\ ➡️ Go to: [Demo Case: Java with DolphinScheduler - Log4Shell](https://docs.gomboc.ai/getting-started-ce/gomboc-demo-cases/demo-case-java-with-dolphinscheduler-log4shell) *** ### Feedback Found a gap, false positive, or improvement idea? Leave feedback via our [Discussions channel.](https://github.com/Gomboc-AI/gomboc-ai-feedback/discussions/2) * Include: demo case name, repo link/commit, finding ID, expected vs actual, and screenshots/logs where possible.