Facilitating the Spread of Knowledge and Innovation in Professional Software Development

Write for InfoQ


Choose your language

InfoQ Homepage News Dockerfile Linter Hadolint Brings Fixes and Improvements, and Support for ARM64 Binaries

Dockerfile Linter Hadolint Brings Fixes and Improvements, and Support for ARM64 Binaries

This item in japanese

Lire ce contenu en français

After a long wait, recent Hadolint releases have brought a number of fixes, improvements, and support for ARM64 binaries.

Hadolint is a tool written in Haskell that helps developers enforce the official best practices for writing Dockerfiles. Besides suffering from performance and maintenance issues, non-optimal Dockerfiles can be more vulnerable to attacks.

Hadolint builds an AST by parsing the Dockerfile and runs a number of rules on top of it to detect any bad usage. Hadolint relies on SpellCheck for linting Bash code used inside RUN statements.

Hadolint provides a CLI tool that naturally lends itself to integration with a CI/CD pipeline. You can easily run Hadolint like in the following example:

hadolint Dockerfile

The output provides a list of messages corresponding to rule violations. For each of them, hadolint specifies the line number where it occurs as well as the rule id, e.g. DL4000: error: MAINTAINER is deprecated. Violations are classified into six categories of distinct severity: error, warning, info, style, ignore, and none. Violations can refer either to Hadolint rules, with a DL prefix, or to SpellCheck rules, prefixed with SL.

Hadolint CLI supports a number of options to ignore specific rules, i.e., --ignore; to change the severity threshold, which determines which severity levels cause a failure, --failure-threshold; and to override the default severity for a given rule, e.g. --error or --info. Alternatively, you can store all options you require into a YAML configuration file.

Hadolint does not only come ready for integration through the command line. Most notably, it can be easily integrated with Visual Studio Code or GitHub Actions.

Hadolint can be installed locally using brew on macOS or scoop on Windows and is also available as a Docker image. For a quick check of your Dockerfiles, or to try the tool out without any hassle, you can use the online version of Hadolint.

About the Author

Rate this Article