Hadolint is a command-line utility designed to inspect Dockerfiles for common mistakes, inefficient instructions, and best practice violations. It helps maintain cleaner and more secure container images by highlighting potential issues and offering recommendations. Executing Hadolint inside a Docker container removes the need for local installation, keeps tool versions consistent across development environments, and simplifies dependency management.
Create a simple Dockerfile:
FROM ubuntu
RUN apt-get update && apt-get install -y curlTo validate the Dockerfile with Hadolint running inside a container, execute the following command:
docker run -it --rm -v ./:/code pipelinecomponents/hadolint hadolint DockerfileExplanation of the command:
docker run- launches a new container.-it- enables interactive terminal mode.--rm- removes the container automatically after execution.-v ./:/code- maps the current directory to/codeinside the container so the Dockerfile can be accessed.pipelinecomponents/hadolint- defines the Docker image containing Hadolint.hadolint Dockerfile- launches the linter against the specified Dockerfile.
After execution, Hadolint scans the file and reports warnings together with optimization suggestions:
Dockerfile:1 DL3006 warning: Always tag the version of an image explicitly
Dockerfile:3 DL3008 warning: Pin versions in apt get install. Instead of `apt-get install <package>` use `apt-get install <package>=<version>`
Dockerfile:3 DL3015 info: Avoid additional packages by specifying `--no-install-recommends`
Dockerfile:3 DL3009 info: Delete the apt-get lists after installing something
Leave a Comment
Cancel reply