Skip to content

hadolint

GitHub stars sarif GitHub release (latest SemVer) GitHub last commit GitHub commit activity GitHub contributors

hadolint documentation

hadolint - GitHub

Configuration in MegaLinter

Variable Description Default value
DOCKERFILE_HADOLINT_ARGUMENTS User custom arguments to add in linter CLI call
Ex: -s --foo "bar"
DOCKERFILE_HADOLINT_COMMAND_REMOVE_ARGUMENTS User custom arguments to remove from command line before calling the linter
Ex: -s --foo "bar"
DOCKERFILE_HADOLINT_FILTER_REGEX_INCLUDE Custom regex including filter
Ex: (src\|lib)
Include every file
DOCKERFILE_HADOLINT_FILTER_REGEX_EXCLUDE Custom regex excluding filter
Ex: (test\|examples)
Exclude no file
DOCKERFILE_HADOLINT_CLI_LINT_MODE Override default CLI lint mode
- file: Calls the linter for each file
- list_of_files: Call the linter with the list of files as argument
- project: Call the linter from the root of the project
list_of_files
DOCKERFILE_HADOLINT_FILE_EXTENSIONS Allowed file extensions. "*" matches any extension, "" matches empty extension. Empty list excludes all files
Ex: [".py", ""]
Exclude every file
DOCKERFILE_HADOLINT_FILE_NAMES_REGEX File name regex filters. Regular expression list for filtering files by their base names using regex full match. Empty list includes all files
Ex: ["Dockerfile(-.+)?", "Jenkinsfile"]
["Containerfile", "Dockerfile"]
DOCKERFILE_HADOLINT_PRE_COMMANDS List of bash commands to run before the linter None
DOCKERFILE_HADOLINT_POST_COMMANDS List of bash commands to run after the linter None
DOCKERFILE_HADOLINT_UNSECURED_ENV_VARIABLES List of env variables explicitly not filtered before calling DOCKERFILE_HADOLINT and its pre/post commands None
DOCKERFILE_HADOLINT_CONFIG_FILE hadolint configuration file nameUse LINTER_DEFAULT to let the linter find it .hadolint.yaml
DOCKERFILE_HADOLINT_RULES_PATH Path where to find linter configuration file Workspace folder, then MegaLinter default rules
DOCKERFILE_HADOLINT_DISABLE_ERRORS Run linter but consider errors as warnings false
DOCKERFILE_HADOLINT_DISABLE_ERRORS_IF_LESS_THAN Maximum number of errors allowed 0
DOCKERFILE_HADOLINT_CLI_EXECUTABLE Override CLI executable ['hadolint']

IDE Integration

Use hadolint in your favorite IDE to catch errors before MegaLinter !

IDE Extension Name Install
Atom linter-hadolint Visit Web Site
Visual Studio Code hadolint Install in VSCode

MegaLinter Flavors

This linter is available in the following flavors

Flavor Description Embedded linters Info
all Default MegaLinter Flavor 124 Docker Image Size (tag) Docker Pulls
c_cpp Optimized for pure C/C++ projects 54 Docker Image Size (tag) Docker Pulls
ci_light Optimized for CI items (Dockerfile, Jenkinsfile, JSON/YAML schemas,XML 21 Docker Image Size (tag) Docker Pulls
cupcake MegaLinter for the most commonly used languages 83 Docker Image Size (tag) Docker Pulls
documentation MegaLinter for documentation projects 49 Docker Image Size (tag) Docker Pulls
dotnet Optimized for C, C++, C# or VB based projects 62 Docker Image Size (tag) Docker Pulls
dotnetweb Optimized for C, C++, C# or VB based projects with JS/TS 71 Docker Image Size (tag) Docker Pulls
go Optimized for GO based projects 51 Docker Image Size (tag) Docker Pulls
java Optimized for JAVA based projects 52 Docker Image Size (tag) Docker Pulls
javascript Optimized for JAVASCRIPT or TYPESCRIPT based projects 59 Docker Image Size (tag) Docker Pulls
php Optimized for PHP based projects 54 Docker Image Size (tag) Docker Pulls
python Optimized for PYTHON based projects 62 Docker Image Size (tag) Docker Pulls
ruby Optimized for RUBY based projects 50 Docker Image Size (tag) Docker Pulls
rust Optimized for RUST based projects 50 Docker Image Size (tag) Docker Pulls
salesforce Optimized for Salesforce based projects 54 Docker Image Size (tag) Docker Pulls
security Optimized for security 24 Docker Image Size (tag) Docker Pulls
swift Optimized for SWIFT based projects 50 Docker Image Size (tag) Docker Pulls
terraform Optimized for TERRAFORM based projects 54 Docker Image Size (tag) Docker Pulls

Behind the scenes

How are identified applicable files

  • File names (regex): Containerfile, Dockerfile

How the linting is performed

  • hadolint is called once with the list of files as arguments (list_of_files CLI lint mode)

Example calls

hadolint Dockerfile
hadolint --config .hadolint.yml Dockerfile

Help content

hadolint - Dockerfile Linter written in Haskell

Usage: hadolint [-v|--version] [-c|--config FILENAME] [DOCKERFILE...]
                [--file-path-in-report FILEPATHINREPORT] [--no-fail]
                [--no-color] [-V|--verbose] [-f|--format ARG] [--error RULECODE]
                [--warning RULECODE] [--info RULECODE] [--style RULECODE]
                [--ignore RULECODE]
                [--trusted-registry REGISTRY (e.g. docker.io)]
                [--require-label LABELSCHEMA (e.g. maintainer:text)]
                [--strict-labels] [--disable-ignore-pragma]
                [-t|--failure-threshold THRESHOLD]

  Lint Dockerfile for errors and best practices

Available options:
  -h,--help                Show this help text
  -v,--version             Show version
  -c,--config FILENAME     Path to the configuration file
  --file-path-in-report FILEPATHINREPORT
                           The file path referenced in the generated report.
                           This only applies for the 'checkstyle' format and is
                           useful when running Hadolint with Docker to set the
                           correct file path.
  --no-fail                Don't exit with a failure status code when any rule
                           is violated
  --no-color               Don't colorize output
  -V,--verbose             Enables verbose logging of hadolint's output to
                           stderr
  -f,--format ARG          The output format for the results [tty | json |
                           checkstyle | codeclimate | gitlab_codeclimate | gnu |
                           codacy | sonarqube | sarif] (default: tty)
  --error RULECODE         Make the rule `RULECODE` have the level `error`
  --warning RULECODE       Make the rule `RULECODE` have the level `warning`
  --info RULECODE          Make the rule `RULECODE` have the level `info`
  --style RULECODE         Make the rule `RULECODE` have the level `style`
  --ignore RULECODE        A rule to ignore. If present, the ignore list in the
                           config file is ignored
  --trusted-registry REGISTRY (e.g. docker.io)
                           A docker registry to allow to appear in FROM
                           instructions
  --require-label LABELSCHEMA (e.g. maintainer:text)
                           The option --require-label=label:format makes
                           Hadolint check that the label `label` conforms to
                           format requirement `format`
  --strict-labels          Do not permit labels other than specified in
                           `label-schema`
  --disable-ignore-pragma  Disable inline ignore pragmas `# hadolint
                           ignore=DLxxxx`
  -t,--failure-threshold THRESHOLD
                           Exit with failure code only when rules with a
                           severity equal to or above THRESHOLD are violated.
                           Accepted values: [error | warning | info | style |
                           ignore | none] (default: info)

Installation on mega-linter Docker image

  • Dockerfile commands :
# renovate: datasource=docker depName=hadolint/hadolint
ARG DOCKERFILE_HADOLINT_VERSION=v2.12.0-alpine
FROM hadolint/hadolint:${DOCKERFILE_HADOLINT_VERSION} AS hadolint
COPY --link --from=hadolint /bin/hadolint /usr/bin/hadolint