DevSecOps
Dockerfile Linter
Paste a Dockerfile to check for common issues that cause security vulnerabilities and build reproducibility problems: :latest base image tags, missing non-root USER instructions, missing HEALTHCHECK, and apt-get without --no-install-recommends.
No data is transmitted β everything runs locallyTool
About this tool
Dockerfile Linter
The Dockerfile Linter checks for :latest base image tags, missing non-root USER instructions, missing HEALTHCHECK, and other common Dockerfile security and reproducibility issues.
β’ Validate a Dockerfile before a PR review
β’ Enforce container security standards in a CI pipeline
β’ Check a third-party Dockerfile before using it as a base
β’ Document which Dockerfile checks pass for a compliance audit
Affiliate disclosure
Credential and secrets management for teams. 1Password provides enterprise password management and secrets infrastructure for development teams.
View secrets with 1Password
External site Β· Independent provider Β· We may receive a commission Β· Not a recommendation
FAQ
What does this tool tell you?
The Dockerfile Linter checks for :latest base image tags, missing non-root USER instructions, missing HEALTHCHECK, and other common Dockerfile security and reproducibility issues.
What affects the result most?
FROM :latest tag (non-reproducible builds). Missing USER instruction (running as root). Missing HEALTHCHECK (orchestrator cannot detect failure).
How should I use the result?
Treat the tool's output as a first-pass check, not a proof of correctness. A clean pass means no issues in the patterns this tool recognizes; a failure points to a specific problem you can investigate in your source. The underlying spec is the authoritative source for edge cases.
Related tools