Sign Up

Dockerfile & Trickest YAML Configuration

In this section, we will guide you through the main principles of creating and building Dockerfiles that can be integrated into the Trickest platform.

Each tool will typically consist of files organized in a specific structure to ensure compatibility with Trickest's system.

Tool File Structure Overview

├── Dockerfile
├── trickest.yaml
└── (optional, only if needed)


This is the file that will be used to generate the Docker image of the tool. If you are unfamiliar with the Docker and its concepts, you can learn more on this link.

To create efficient and light Docker images, follow best practices. But do keep in mind that although having small (in size) images (which means faster startup time) is essential, it is even more critical to have stable images. It's all about finding a compromise here, but pick stability if you have to choose.

Downloading the tool

Use one of the methods listed in versioning conventions to download a specific version of the tool into the docker image.

Example Dockerfile

FROM golang:1.17.3-alpine AS build-env 
RUN apk add --no-cache git
RUN go install -v
FROM alpine:3.15.0
RUN apk -U upgrade --no-cache \
&& apk add --no-cache bind-tools ca-certificates
COPY --from=build-env /go/bin/tool-name /usr/local/bin/
ENTRYPOINT ["tool-name"]

If the tool you use only supports stdin as an input, check out Parameterizing stdin/stdout where you will learn how to create and configure the tool to be compatible with Trickest platform. It is important to remember to copy it to your Docker image and configure it as the image ENTRYPOINT

ADD /app/ 
RUN chmod +x /app/
RUN apk add bash
ENTRYPOINT ["/app/"]

Input/output folders

You need to create two folders: /hive/in and /hive/out in the final image. These will be used by the platform to store and manage the tool's input/output.

RUN mkdir -p /hive/in /hive/out

Tips for better docker images

Compiled languages (e.g. golang)

  • Use multi-stage builds to reduce the final image size
  • Use -alpine images when possible


  • You should almost always use python:<version>-slim. This is a variant that has less packages installed, resulting in a smaller image.
  • If you run into any problems with -slim, the official image should be your second choice.
  • Try to stay away from alpine, because it might cause some unexpected issues.


Remeber to always tag your images properly according to the versioning guide.

trickest.yaml Configuration File

The trickest.yaml file is essential for integrating tools into the Trickest platform, specifically designed for the Workflow Editor. This YAML file contains all the necessary data for the tool to be displayed appropriately and configured within the platform.

Overview of trickest.yaml Structure

The YAML file is structured to provide comprehensive details about the tool, including its functionality, usage, and output handling. Below is a detailed explanation of each field in the trickest.yaml file:


This is an example of YAML Structure

name: my-private-tool
description: This is an example of a private tool
category: Recon
docker_image: user/image:tag
output_parameter: -o
output_type: file
  name: MIT
    command: -d
    description: This is description of input parameter
    order: 0
    visible: true
    type: string

Tool Identification and Description

nameName of the toolYesamass
descriptionShort description of the tool. The "About" section of GitHub is an excellent starting point if availableYesThe OWASP Amass Project performs network mapping of attack surfaces and external asset discovery using open source information gathering and active reconnaissance techniques.
categoryHigh-level category of the toolNoRecon
source_urlOriginal repository's URLYes

Docker Image and Command Execution

docker_imageDocker image URL. We use for hosting
commandCommand that should be executed on the container when the node runsYes/bin/amass enum
output_parameterCommand line parameter that designates the tool's output pathYes-o
output_typeOutput type (file or folder)Yesfile
license_info.nameName of the tool's licenseYesApache 2.0
license_info.urlURL of the tool's licenseYes

Versioning Note

The docker_image value should always use a Versioning Conventions. Never use :latest.


The parameters structure is as follows:

commandCommand line parameter used by the tool-d
nameName to identify the parameter in the nodedomain
parameter_typeType of the parameter (string, file, folder, or boolean)string
descriptionShort description of the parameterDomain names separated by commas
orderThe index of the parameter. The order is followed when building the final command0

Next up: Versioning Conventions