A smarter Dockerfile linter that helps you build best practice Docker images by parsing the Dockerfile AST and linting inline bash.
Hadolint is a Dockerfile linter written in Haskell that analyzes Dockerfiles for errors and best practices. It parses the Dockerfile into an Abstract Syntax Tree (AST) and applies a comprehensive set of rules to ensure secure, efficient, and maintainable container images. It also integrates ShellCheck to lint the Bash code inside `RUN` instructions.
DevOps engineers, platform engineers, and developers who build Docker images and want to enforce best practices, improve security, and maintain consistency across their containerized applications.
Developers choose Hadolint for its deep AST-based analysis, integration with ShellCheck for bash linting, and extensive rule set that goes beyond simple syntax checking to enforce Docker best practices. Its flexibility with configuration and output formats makes it ideal for CI/CD pipelines.
Dockerfile linter, validate inline bash, written in Haskell
Open-Awesome is built by the community, for the community. Submit a project, suggest an awesome list, or help improve the catalog on GitHub.
Parses Dockerfiles into an Abstract Syntax Tree for accurate rule application, catching structural errors that simpler linters miss, as highlighted in the README's description of AST-based linting.
Leverages ShellCheck to lint Bash code inside RUN instructions, providing comprehensive shell script error checking beyond Docker syntax, which is a core feature mentioned in the philosophy.
Enforces hundreds of rules covering security, efficiency, and Docker conventions, such as version pinning (DL3006) and avoiding root user (DL3002), detailed in the rules table.
Supports config files, environment variables, and inline pragmas for customizing rules, making it adaptable to team workflows, as shown in the Configure and Ignoring Rules sections.
Primarily targets Posix shells; non-standard shells like PowerShell require manual configuration via pragmas (# hadolint shell=powershell), adding complexity for Windows-based images.
Local installation from source requires Haskell and cabal, which can be a barrier compared to simpler tools, though Docker images mitigate this for some users.
The comprehensive rule set may flag legitimate use cases, necessitating frequent ignores or overrides in config files, which can clutter Dockerfiles with pragmas.