hadolint

hadolint documentation

Version in Mega-Linter: 2.6.0
Visit Official Web Site
See How to configure hadolint rules
- If custom .hadolint.yml config file is not found, .hadolint.yml will be used
See How to disable hadolint rules in files
See Index of problems detected by hadolint

Configuration in Mega-Linter

Enable hadolint by adding DOCKERFILE_HADOLINT in ENABLE_LINTERS variable
Disable hadolint by adding DOCKERFILE_HADOLINT in DISABLE_LINTERS variable

Variable	Description	Default value
DOCKERFILE_HADOLINT_ARGUMENTS	User custom arguments to add in linter CLI call Ex: `-s --foo "bar"`
DOCKERFILE_HADOLINT_FILTER_REGEX_INCLUDE	Custom regex including filter Ex: `(src\\|lib)`	Include every file
DOCKERFILE_HADOLINT_FILTER_REGEX_EXCLUDE	Custom regex excluding filter Ex: `(test\\|examples)`	Exclude no file
DOCKERFILE_HADOLINT_FILE_EXTENSIONS	Allowed file extensions. `"*"` matches any extension, `""` matches empty extension. Empty list excludes all files Ex: `[".py", ""]`	Exclude every file
DOCKERFILE_HADOLINT_FILE_NAMES_REGEX	File name regex filters. Regular expression list for filtering files by their base names using regex full match. Empty list includes all files Ex: `["Dockerfile(-.+)?", "Jenkinsfile"]`	`["Dockerfile"]`
DOCKERFILE_HADOLINT_CONFIG_FILE	hadolint configuration file name Use `LINTER_DEFAULT` to let the linter find it	`.hadolint.yml`
DOCKERFILE_HADOLINT_RULES_PATH	Path where to find linter configuration file	Workspace folder, then Mega-Linter default rules
DOCKERFILE_HADOLINT_DISABLE_ERRORS	Run linter but consider errors as warnings	`false`
DOCKERFILE_HADOLINT_DISABLE_ERRORS_IF_LESS_THAN	Maximum number of errors allowed	`0`

IDE Integration

Use hadolint in your favorite IDE to catch errors before Mega-Linter !

	IDE	Extension Name	Install
	Atom	linter-hadolint	Visit Web Site
	Visual Studio Code	hadolint

Mega-Linter Flavours

This linter is available in the following flavours

Flavor	Description	Embedded linters
all	Default Mega-Linter Flavor	91
ci_light	Optimized for CI items (Dockerfile, Jenkinsfile, JSON/YAML schemas,XML	13
dart	Optimized for DART based projects	39
documentation	Mega-Linter for documentation projects	38
dotnet	Optimized for C, C++, C# or VB based projects	44
go	Optimized for GO based projects	40
java	Optimized for JAVA based projects	39
javascript	Optimized for JAVASCRIPT or TYPESCRIPT based projects	47
php	Optimized for PHP based projects	42
python	Optimized for PYTHON based projects	47
ruby	Optimized for RUBY based projects	39
rust	Optimized for RUST based projects	39
salesforce	Optimized for Salesforce based projects	41
scala	Optimized for SCALA based projects	39
swift	Optimized for SWIFT based projects	39
terraform	Optimized for TERRAFORM based projects	43

Behind the scenes

How are identified applicable files

File names (regex): Dockerfile

Example calls

hadolint Dockerfile

hadolint --config .hadolint.yml Dockerfile

Help content

hadolint - Dockerfile Linter written in Haskell

Usage: hadolint [-v|--version] [--no-fail] [--no-color] [-c|--config FILENAME]
                [-V|--verbose] [-f|--format ARG] [DOCKERFILE...]
                [--error RULECODE] [--warning RULECODE] [--info RULECODE]
                [--style RULECODE] [--ignore RULECODE]
                [--trusted-registry REGISTRY (e.g. docker.io)]
                [--require-label LABELSCHEMA (e.g. maintainer:text)]
                [--strict-labels] [-t|--failure-threshold THRESHOLD]
                [--file-path-in-report FILEPATHINREPORT]
  Lint Dockerfile for errors and best practices

Available options:
  -h,--help                Show this help text
  -v,--version             Show version
  --no-fail                Don't exit with a failure status code when any rule
                           is violated
  --no-color               Don't colorize output
  -c,--config FILENAME     Path to the configuration file
  -V,--verbose             Enables verbose logging of hadolint's output to
                           stderr
  -f,--format ARG          The output format for the results [tty | json |
                           checkstyle | codeclimate | gitlab_codeclimate |
                           codacy | sonarqube] (default: tty)
  --error RULECODE         Make the rule `RULECODE` have the level `error`
  --warning RULECODE       Make the rule `RULECODE` have the level `warning`
  --info RULECODE          Make the rule `RULECODE` have the level `info`
  --style RULECODE         Make the rule `RULECODE` have the level `style`
  --ignore RULECODE        A rule to ignore. If present, the ignore list in the
                           config file is ignored
  --trusted-registry REGISTRY (e.g. docker.io)
                           A docker registry to allow to appear in FROM
                           instructions
  --require-label LABELSCHEMA (e.g. maintainer:text)
                           The option --require-label=label:format makes
                           Hadolint check that the label `label` conforms to
                           format requirement `format`
  --strict-labels          Do not permit labels other than specified in
                           `label-schema`
  -t,--failure-threshold THRESHOLD
                           Exit with failure code only when rules with a
                           severity equal to or above THRESHOLD are violated.
                           Accepted values: [error | warning | info | style |
                           ignore | none] (default: info)
  --file-path-in-report FILEPATHINREPORT
                           The file path referenced in the generated report.
                           This only applies for the 'checkstyle' format and is
                           useful when running Hadolint with Docker to set the
                           correct file path.

Installation on mega-linter Docker image

Dockerfile commands :

FROM hadolint/hadolint:latest-alpine as hadolint
COPY --from=hadolint /bin/hadolint /usr/bin/hadolint

Example success log

Results of hadolint linter (version 1.19.0)
See documentation on https://nvuillam.github.io/mega-linter/descriptors/dockerfile_hadolint/
-----------------------------------------------

[SUCCESS] .automation/test/docker/good/Dockerfile


[SUCCESS] .automation/test/docker/good/Dockerfile.dev

Example error log

Results of hadolint linter (version 1.19.0)
See documentation on https://nvuillam.github.io/mega-linter/descriptors/dockerfile_hadolint/
-----------------------------------------------

[ERROR] .automation/test/docker/bad/Dockerfile
    .automation/test/docker/bad/Dockerfile:1 DL3007 Using latest is prone to errors if the image will ever update. Pin the version explicitly to a release tag
    .automation/test/docker/bad/Dockerfile:8 DL3021 COPY with more than 2 arguments requires the last argument to end with /
    .automation/test/docker/bad/Dockerfile:9 DL3004 Do not use sudo as it leads to unpredictable behavior. Use a tool like gosu to enforce root
    .automation/test/docker/bad/Dockerfile:11 DL3020 Use COPY instead of ADD for files and folders
    .automation/test/docker/bad/Dockerfile:14 DL3025 Use arguments JSON notation for CMD and ENTRYPOINT arguments