About Dockerfile Linter

Check Dockerfiles against common best practices. Part of the DevTools Surf developer suite. Browse more tools in the API / Config collection.

Use Cases

• Validate Dockerfiles before building production images
• Catch security issues like running containers as root
• Optimize Docker layer caching for faster CI/CD builds
• Enforce Dockerfile standards across engineering teams

Tips

• Paste your Dockerfile to check against best practice rules
• Fix common issues like missing USER directives
• Identify inefficient layer ordering that slows builds

Fun Facts

• Docker was released as open source by Solomon Hykes on March 13, 2013, and reached 1 billion container pulls on Docker Hub within two years.
• Each RUN instruction in a Dockerfile creates a new layer; combining commands with && can reduce image size by hundreds of megabytes.
• The Hadolint Dockerfile linter, inspired by ShellCheck, has over 80 rules and parses the Dockerfile AST for structural analysis.

FAQ

What rules does it check?

Hadolint's rule set: use ADD only for URLs, prefer COPY, pin image tags, avoid cd (use WORKDIR), don't run apt-get update alone, no sudo, proper layer caching.

Is it production-grade?

Coverage is comparable to Hadolint's major rules. For comprehensive auditing on a large codebase, run Hadolint in CI — this tool is for quick one-off checks.

Does it check for security?

Yes — running as root, installing unnecessary packages, ADD with URL (vs verified download), and exposing unnecessary ports all get warnings.

Can I ignore specific rules?

Yes — comments like `# hadolint ignore=DL3008` suppress specific rules. The tool respects these as Hadolint would.