hadolint
hadolint documentation
- Version in MegaLinter: 2.12.0
- Visit Official Web Site
- See How to configure hadolint rules
- If custom
.hadolint.yaml
config file isn't found, .hadolint.yaml will be used
- If custom
- See How to disable hadolint rules in files
- See Index of problems detected by hadolint
Configuration in MegaLinter
- Enable hadolint by adding
DOCKERFILE_HADOLINT
in ENABLE_LINTERS variable - Disable hadolint by adding
DOCKERFILE_HADOLINT
in DISABLE_LINTERS variable
Variable | Description | Default value |
---|---|---|
DOCKERFILE_HADOLINT_ARGUMENTS | User custom arguments to add in linter CLI call Ex: -s --foo "bar" |
|
DOCKERFILE_HADOLINT_COMMAND_REMOVE_ARGUMENTS | User custom arguments to remove from command line before calling the linter Ex: -s --foo "bar" |
|
DOCKERFILE_HADOLINT_FILTER_REGEX_INCLUDE | Custom regex including filter Ex: (src\|lib) |
Include every file |
DOCKERFILE_HADOLINT_FILTER_REGEX_EXCLUDE | Custom regex excluding filter Ex: (test\|examples) |
Exclude no file |
DOCKERFILE_HADOLINT_CLI_LINT_MODE | Override default CLI lint mode - file : Calls the linter for each file- list_of_files : Call the linter with the list of files as argument- project : Call the linter from the root of the project |
list_of_files |
DOCKERFILE_HADOLINT_FILE_EXTENSIONS | Allowed file extensions. "*" matches any extension, "" matches empty extension. Empty list excludes all filesEx: [".py", ""] |
Exclude every file |
DOCKERFILE_HADOLINT_FILE_NAMES_REGEX | File name regex filters. Regular expression list for filtering files by their base names using regex full match. Empty list includes all files Ex: ["Dockerfile(-.+)?", "Jenkinsfile"] |
["Containerfile", "Dockerfile"] |
DOCKERFILE_HADOLINT_PRE_COMMANDS | List of bash commands to run before the linter | None |
DOCKERFILE_HADOLINT_POST_COMMANDS | List of bash commands to run after the linter | None |
DOCKERFILE_HADOLINT_UNSECURED_ENV_VARIABLES | List of env variables explicitly not filtered before calling DOCKERFILE_HADOLINT and its pre/post commands | None |
DOCKERFILE_HADOLINT_CONFIG_FILE | hadolint configuration file nameUse LINTER_DEFAULT to let the linter find it |
.hadolint.yaml |
DOCKERFILE_HADOLINT_RULES_PATH | Path where to find linter configuration file | Workspace folder, then MegaLinter default rules |
DOCKERFILE_HADOLINT_DISABLE_ERRORS | Run linter but consider errors as warnings | false |
DOCKERFILE_HADOLINT_DISABLE_ERRORS_IF_LESS_THAN | Maximum number of errors allowed | 0 |
DOCKERFILE_HADOLINT_CLI_EXECUTABLE | Override CLI executable | ['hadolint'] |
IDE Integration
Use hadolint in your favorite IDE to catch errors before MegaLinter !
IDE | Extension Name | Install | |
---|---|---|---|
Atom | linter-hadolint | Visit Web Site | |
Visual Studio Code | hadolint |
MegaLinter Flavors
This linter is available in the following flavors
Flavor | Description | Embedded linters | Info | |
---|---|---|---|---|
all | Default MegaLinter Flavor | 124 | ||
c_cpp | Optimized for pure C/C++ projects | 54 | ||
ci_light | Optimized for CI items (Dockerfile, Jenkinsfile, JSON/YAML schemas,XML | 21 | ||
cupcake | MegaLinter for the most commonly used languages | 84 | ||
documentation | MegaLinter for documentation projects | 49 | ||
dotnet | Optimized for C, C++, C# or VB based projects | 62 | ||
dotnetweb | Optimized for C, C++, C# or VB based projects with JS/TS | 71 | ||
go | Optimized for GO based projects | 51 | ||
java | Optimized for JAVA based projects | 53 | ||
javascript | Optimized for JAVASCRIPT or TYPESCRIPT based projects | 59 | ||
php | Optimized for PHP based projects | 54 | ||
python | Optimized for PYTHON based projects | 62 | ||
ruby | Optimized for RUBY based projects | 50 | ||
rust | Optimized for RUST based projects | 50 | ||
salesforce | Optimized for Salesforce based projects | 54 | ||
security | Optimized for security | 24 | ||
swift | Optimized for SWIFT based projects | 50 | ||
terraform | Optimized for TERRAFORM based projects | 54 |
Behind the scenes
How are identified applicable files
- File names (regex):
Containerfile
,Dockerfile
How the linting is performed
- hadolint is called once with the list of files as arguments (
list_of_files
CLI lint mode)
Example calls
hadolint Dockerfile
hadolint --config .hadolint.yml Dockerfile
Help content
hadolint - Dockerfile Linter written in Haskell
Usage: hadolint [-v|--version] [-c|--config FILENAME] [DOCKERFILE...]
[--file-path-in-report FILEPATHINREPORT] [--no-fail]
[--no-color] [-V|--verbose] [-f|--format ARG] [--error RULECODE]
[--warning RULECODE] [--info RULECODE] [--style RULECODE]
[--ignore RULECODE]
[--trusted-registry REGISTRY (e.g. docker.io)]
[--require-label LABELSCHEMA (e.g. maintainer:text)]
[--strict-labels] [--disable-ignore-pragma]
[-t|--failure-threshold THRESHOLD]
Lint Dockerfile for errors and best practices
Available options:
-h,--help Show this help text
-v,--version Show version
-c,--config FILENAME Path to the configuration file
--file-path-in-report FILEPATHINREPORT
The file path referenced in the generated report.
This only applies for the 'checkstyle' format and is
useful when running Hadolint with Docker to set the
correct file path.
--no-fail Don't exit with a failure status code when any rule
is violated
--no-color Don't colorize output
-V,--verbose Enables verbose logging of hadolint's output to
stderr
-f,--format ARG The output format for the results [tty | json |
checkstyle | codeclimate | gitlab_codeclimate | gnu |
codacy | sonarqube | sarif] (default: tty)
--error RULECODE Make the rule `RULECODE` have the level `error`
--warning RULECODE Make the rule `RULECODE` have the level `warning`
--info RULECODE Make the rule `RULECODE` have the level `info`
--style RULECODE Make the rule `RULECODE` have the level `style`
--ignore RULECODE A rule to ignore. If present, the ignore list in the
config file is ignored
--trusted-registry REGISTRY (e.g. docker.io)
A docker registry to allow to appear in FROM
instructions
--require-label LABELSCHEMA (e.g. maintainer:text)
The option --require-label=label:format makes
Hadolint check that the label `label` conforms to
format requirement `format`
--strict-labels Do not permit labels other than specified in
`label-schema`
--disable-ignore-pragma Disable inline ignore pragmas `# hadolint
ignore=DLxxxx`
-t,--failure-threshold THRESHOLD
Exit with failure code only when rules with a
severity equal to or above THRESHOLD are violated.
Accepted values: [error | warning | info | style |
ignore | none] (default: info)
Installation on mega-linter Docker image
- Dockerfile commands :
# renovate: datasource=docker depName=hadolint/hadolint
ARG DOCKERFILE_HADOLINT_VERSION=v2.12.0-alpine
FROM hadolint/hadolint:${DOCKERFILE_HADOLINT_VERSION} AS hadolint
COPY --link --from=hadolint /bin/hadolint /usr/bin/hadolint