hadolint
Dockerfile linter that parses Dockerfiles into AST and checks against best practices, integrating with ShellCheck for RUN instructions.
Hadolint is a specialized linter for Dockerfiles that analyzes Docker build files for adherence to best practices and common issues. It parses Dockerfiles into an Abstract Syntax Tree (AST) and applies rules to detect problems like security vulnerabilities, performance issues, and style violations. The tool integrates with ShellCheck to lint Bash code within RUN instructions, providing comprehensive analysis of both Dockerfile syntax and embedded shell commands.
The linter supports multiple output formats including JSON, checkstyle, and various CI/CD platform formats like GitLab CodeClimate and SonarQube. It can be configured to ignore specific rules, set custom severity levels, enforce trusted Docker registries, and require specific labels. Hadolint offers flexible configuration through YAML files and environment variables, allowing teams to customize rules for their specific Docker image standards.
Hadolint runs as a standalone binary, Docker container, or through various integrations with editors and CI systems. It provides an online version for quick testing and supports both global and project-specific configuration. The tool is particularly useful for DevOps engineers, platform teams, and developers who need to enforce Docker best practices across container builds.
Installation
# via Homebrew
brew install hadolint
# via Docker
docker pull hadolint/hadolint
# via Scoop
scoop install hadolint
