GENERAL RULES
- Comments must start with #
- FROM must be the first non-comment instruction
PARSER DIRECTIVES
- Should be a comment
- Format must be in a key-value format (directive=value)
- Cannot appear after a comment or another builder
- Cannot have line continuation
FROM
- Allow FROM scratch
- Allow FROM with tag
- Allow FROM with digest
- Allow multiple FROM occurrences
- Allow optional tag
- Allow optional digest
- Warn if tag equals to
latest - Warn if missing tag or digest
MAINTAINER
- Optional
RUN
- Allow RUN in shell form:
RUN <command> - Allow RUN in exec form:
RUN ["executable", "param1", "param2"] - Allow RUN in shell form with multiple lines
- Deny RUN in exec form with single quotes
- Deny RUN in exec form with unescaped back lashes
- Warn RUN in exec form with an invalid JSON, where the command is treated as shell form
- Warn RUN in shell form with a long line of commands
- Warn RUN in shell form if arguments aren't sorted alphanumerically
CMD
- Allow CMD in exec form:
CMD ["executable","param1","param2"] - Warn if CMD shell form is used, since is the preferred form:
CMD command param1 param2 - Deny CMD in exec form with single quotes
- Warn if multiple CMD entries
LABEL
- Allow single line label
- Allow multiple labels in the same line
- Allow labels with multiple lines
- Allow labels values with multiple values
- Allow multiple labels in the same Dockerfile
- Warn if more than one LABEl directive is found