Securing Asgard: Why I Built a Card Game Suite for Docker Security
This is a submission for the DEV April Fools Challenge What I Built What do you do when you have a series of narrative-driven Docker security workshops featuring 10 elite "Commandos" fighting CVE monsters in Asgard? You could write more documentation. You could add more tests. Or, you could do the most "anti-value" thing possible: Build a full-featured arcade suite where these security characters play Blackjack and Swiss Jass. Presenting the Asgard Arcade : A collection of four utterly useless but technically over-engineered games designed to distract developers from actual security work while simultaneously drilling "Security Metaphors" into their brains. The Lore: Docker Commandos Black Forest Shadow The Docker Commandos are a team of 10 elite specialists, each representing a core Docker
This is a submission for the DEV April Fools Challenge
What I Built
What do you do when you have a series of narrative-driven Docker security workshops featuring 10 elite "Commandos" fighting CVE monsters in Asgard?
You could write more documentation. You could add more tests. Or, you could do the most "anti-value" thing possible: Build a full-featured arcade suite where these security characters play Blackjack and Swiss Jass.
Presenting the Asgard Arcade: A collection of four utterly useless but technically over-engineered games designed to distract developers from actual security work while simultaneously drilling "Security Metaphors" into their brains.
The Lore: Docker Commandos & Black Forest Shadow
The Docker Commandos are a team of 10 elite specialists, each representing a core Docker security feature (e.g., Gord is docker init, Jack is docker scout). Their journey began in the Black Forest Shadow universe—a dark fantasy retelling of container security where warriors fight shadowy monsters called CVEs in the year 1865.
From the 19th-century Black Forest to the futuristic golden districts of Asgard, these characters teach DevSecOps through immersive storytelling.
Black Forest Shadow — A Dark Fantasy Guide to Docker and Kubernetes Security - Docker and Kubernetes Security - Docker and Kubernetes Security
A dark fantasy novel set in the Black Forest of 1865 that teaches Docker and Kubernetes security through narrative — covering CVE hunting, SBOM generation, runtime hardening, and container security.
dockersecurity.io
The Games:
-
Asgard Siege (Tactical Defense): A game where you must counter CVE threats (like "The Supply Chain Hydra") by deploying the correct Commando. Choose wrong, and Asgard's security level crashes.
-
Blackjack with Jack: Standard Blackjack, but against Angra (the shadow villain). If you are dealt Jack (the Cyborg Commando), you get a "Scout Bonus" to see the dealer's hidden card.
-
Asgardian Jass (Schieber): A 4-player Swiss trick-taking game. We replaced standard suits with Shields, Attestations, Hardened Images, and Signatures. Jack is the "Bure" (highest trump).
-
The Reference Deck: A simple card-comparison game to learn the "Power," "Stealth," and "Legacy" stats of each character.
Demo
You can experience the arcade yourself at dockersecurity.io/commandos (scroll down to the "Asgard Arcade") or jump directly into a game below:
The Tactical Siege
Docker and Kubernetes Security
From supply chain to runtime: build safer images, lock down clusters, instrument logging & audit trails, and stay ahead of emerging threats. The comprehensive guide by Mohammad-Ali A'râbi.
dockersecurity.io
Blackjack with Jack
Docker and Kubernetes Security
From supply chain to runtime: build safer images, lock down clusters, instrument logging & audit trails, and stay ahead of emerging threats. The comprehensive guide by Mohammad-Ali A'râbi.
dockersecurity.io
Asgardian Jass
Docker and Kubernetes Security
From supply chain to runtime: build safer images, lock down clusters, instrument logging & audit trails, and stay ahead of emerging threats. The comprehensive guide by Mohammad-Ali A'râbi.
dockersecurity.io
Code
The project is built within the official DockerSecurity.io website repository.
How I Built It
Full Disclosure: Every single game in this arcade, the UI components, the AI logic, and even this very blog post were entirely developed and written by Gemini CLI, an interactive agent. I simply provided the "utterly useless" vision, and the agent executed the over-engineering.
Built with Next.js 14, Tailwind CSS, and Radix UI.
-
The Jass Engine: Features a heuristic AI for your partner (Evie) and opponents (Angra & Jack the Miner) that follows suit rules, handles trump logic, and manages complex turn states.
-
Dynamic State: Utilizes React state machines to manage trick resolution, "Zero-Day Exploit" dealer logic in Blackjack, and the deteriorating security level of Asgard during sieges.
-
Accessible Visuals: Custom character portraits with responsive aspect ratios and high-visibility suit indicators (e.g., Shields for SBOMs, Fingerprints for Identity).
Prize Category
I am submitting this for the Community Favorite category.
While it solves exactly zero real-world security vulnerabilities, it turns the grueling task of learning supply-chain security (SBOMs, Provenance, VEX) into a series of addictive arcade games. It’s the ultimate "Anti-Value" tool: it encourages developers to spend their "Build Time" playing cards with a cyborg cowboy instead of fixing their Dockerfile.
Created by Mohammad-Ali A'râbi (Docker Captain) & Gemini CLI
DEV Community
https://dev.to/aerabi/securing-asgard-why-i-built-a-card-game-suite-for-docker-security-32hnSign in to highlight and annotate this article
Conversation starters
Daily AI Digest
Get the top 5 AI stories delivered to your inbox every morning.
More about
geminifeaturecomponent
God Mode is Boring: Musings on Interestingness
(Crossposted from my Substack ) There is a preference that I think most people have, but which is extremely underdescribed. It is underdescribed because it is not very legible. But I believe that once I point it out, you will be able to easily recognize it. In a sense, I am doing something sinful here. A real description of interestingness should probably be done through song, or dance, or poetry. But I lack every artistic talent that would do the job justice. What I can do is analyze systems and write prose. Hopefully at least the LLMs will appreciate it. I am writing this with some anxiety. If it is a small sin to create an analytical post about interestingness, it is a cardinal sin to create a boring analytical post about interestingness. It is impossible to really cage within language,
You test your code. Why aren’t you testing your AI instructions?
You test your code. Why aren't you testing your AI instructions? Why instruction quality matters more than model choice, and a tool to measure it. Every team using AI coding tools writes instruction files. CLAUDE.md for Claude Code, AGENTS.md for Codex, copilot-instructions.md for GitHub Copilot, .cursorrules for Cursor. You spend time crafting these files, change a paragraph, push it, and hope for the best. Your codebase has tests. Your APIs have contracts. Your AI instructions have hope. I built agenteval to fix that. The variable nobody is testing A recent study tested three agent frameworks running the same model on 731 coding problems. Same model. Same tasks. The only difference was the instruction scaffolding. The spread was 17 points. We obsess over which model to use. Sonnet vs Opu
FinancialClaw: haciendo útil a OpenClaw para finanzas personales
Muchas veces hablamos de agentes de IA como si su mayor valor estuviera en entender lenguaje natural. Pero entender no basta. Un agente empieza a ser realmente útil cuando puede ayudar con tareas concretas, reducir fricción y hacerlo de forma consistente. FinancialClaw nació justo de esa idea. Quería que OpenClaw no solo pudiera conversar sobre finanzas personales, sino ayudarme a gestionarlas: registrar gastos, guardar ingresos, manejar pagos recurrentes y consultar resúmenes sin depender de memoria, notas sueltas o pasos manuales repetitivos. Desde el principio, el proyecto tomó una dirección clara: una herramienta personal, con persistencia local, pensada para el uso diario y con soporte multi-moneda. Lo interesante es que esa utilidad no apareció simplemente por añadir nuevas funciones
Knowledge Map
Connected Articles — Knowledge Graph
This article is connected to other articles through shared AI topics and tags.
More in Products
God Mode is Boring: Musings on Interestingness
(Crossposted from my Substack ) There is a preference that I think most people have, but which is extremely underdescribed. It is underdescribed because it is not very legible. But I believe that once I point it out, you will be able to easily recognize it. In a sense, I am doing something sinful here. A real description of interestingness should probably be done through song, or dance, or poetry. But I lack every artistic talent that would do the job justice. What I can do is analyze systems and write prose. Hopefully at least the LLMs will appreciate it. I am writing this with some anxiety. If it is a small sin to create an analytical post about interestingness, it is a cardinal sin to create a boring analytical post about interestingness. It is impossible to really cage within language,
Discussion
Sign in to join the discussion
No comments yet — be the first to share your thoughts!