{"id":13393370,"url":"https://github.com/projectatomic/dockerfile_lint","last_synced_at":"2026-04-04T12:57:46.405Z","repository":{"id":21536840,"uuid":"24856350","full_name":"projectatomic/dockerfile_lint","owner":"projectatomic","description":null,"archived":false,"fork":false,"pushed_at":"2022-11-01T15:33:15.000Z","size":262,"stargazers_count":93,"open_issues_count":48,"forks_count":11,"subscribers_count":7,"default_branch":"master","last_synced_at":"2026-01-14T13:39:18.298Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"JavaScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/projectatomic.png","metadata":{"files":{"readme":"README.md","changelog":"changelog.txt","contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2014-10-06T17:34:25.000Z","updated_at":"2025-10-06T22:22:14.000Z","dependencies_parsed_at":"2023-01-11T21:15:27.158Z","dependency_job_id":null,"html_url":"https://github.com/projectatomic/dockerfile_lint","commit_stats":null,"previous_names":["redhataccess/dockerfile_lint"],"tags_count":17,"template":false,"template_full_name":null,"purl":"pkg:github/projectatomic/dockerfile_lint","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/projectatomic%2Fdockerfile_lint","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/projectatomic%2Fdockerfile_lint/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/projectatomic%2Fdockerfile_lint/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/projectatomic%2Fdockerfile_lint/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/projectatomic","download_url":"https://codeload.github.com/projectatomic/dockerfile_lint/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/projectatomic%2Fdockerfile_lint/sbom","scorecard":{"id":746404,"data":{"date":"2025-08-11","repo":{"name":"github.com/projectatomic/dockerfile_lint","commit":"9dd5e91491599fd4fcf57622c675a477ba0122ab"},"scorecard":{"version":"v5.2.1-40-gf6ed084d","commit":"f6ed084d17c9236477efd66e5b258b9d4cc7b389"},"score":2.4,"checks":[{"name":"Dangerous-Workflow","score":-1,"reason":"no workflows found","details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#dangerous-workflow"}},{"name":"Packaging","score":-1,"reason":"packaging workflow not detected","details":["Warn: no GitHub/GitLab publishing workflow detected."],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#packaging"}},{"name":"Code-Review","score":7,"reason":"Found 22/28 approved changesets -- score normalized to 7","details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#code-review"}},{"name":"Token-Permissions","score":-1,"reason":"No tokens found","details":null,"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#token-permissions"}},{"name":"Maintained","score":0,"reason":"0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0","details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#maintained"}},{"name":"Binary-Artifacts","score":10,"reason":"no binaries found in the repo","details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#binary-artifacts"}},{"name":"CII-Best-Practices","score":0,"reason":"no effort to earn an OpenSSF best practices badge detected","details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#cii-best-practices"}},{"name":"Security-Policy","score":0,"reason":"security policy file not detected","details":["Warn: no security policy file detected","Warn: no security file to analyze","Warn: no security file to analyze","Warn: no security file to analyze"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#security-policy"}},{"name":"Fuzzing","score":0,"reason":"project is not fuzzed","details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#fuzzing"}},{"name":"License","score":10,"reason":"license file detected","details":["Info: project has a license file: LICENSE:0","Info: FSF or OSI recognized license: MIT License: LICENSE:0"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#license"}},{"name":"Pinned-Dependencies","score":0,"reason":"dependency not pinned by hash detected -- score normalized to 0","details":["Warn: containerImage not pinned by hash: Dockerfile:1: pin your Docker image by updating centos:centos7 to centos:centos7@sha256:be65f488b7764ad3638f236b7b515b3678369a5124c47b8d32916d6487418ea4","Warn: npmCommand not pinned by hash: Dockerfile:12-13","Info:   0 out of   1 containerImage dependencies pinned","Info:   0 out of   1 npmCommand dependencies pinned"],"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#pinned-dependencies"}},{"name":"Signed-Releases","score":-1,"reason":"no releases found","details":null,"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#signed-releases"}},{"name":"Branch-Protection","score":0,"reason":"branch protection not enabled on development/release branches","details":["Warn: branch protection not enabled for branch 'master'"],"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#branch-protection"}},{"name":"SAST","score":0,"reason":"SAST tool is not run on all commits -- score normalized to 0","details":["Warn: 0 commits out of 24 are checked with a SAST tool"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#sast"}},{"name":"Vulnerabilities","score":0,"reason":"21 existing vulnerabilities detected","details":["Warn: Project is vulnerable to: GHSA-pp7h-53gx-mx7r","Warn: Project is vulnerable to: GHSA-3xgq-45jj-v275","Warn: Project is vulnerable to: GHSA-9vvw-cc9w-f27h","Warn: Project is vulnerable to: GHSA-gxpj-cx7g-858c","Warn: Project is vulnerable to: GHSA-h6ch-v84p-w6p9","Warn: Project is vulnerable to: GHSA-x3cc-x39p-42qx","Warn: Project is vulnerable to: GHSA-qh2h-chj9-jffq","Warn: Project is vulnerable to: GHSA-jf85-cpcp-j695","Warn: Project is vulnerable to: GHSA-fvqr-27wr-82fm","Warn: Project is vulnerable to: GHSA-4xc9-xhrj-v574","Warn: Project is vulnerable to: GHSA-x5rq-j2xg-h7qm","Warn: Project is vulnerable to: GHSA-29mw-wpgm-hmr9","Warn: Project is vulnerable to: GHSA-35jh-r3h4-6jhm","Warn: Project is vulnerable to: GHSA-hxm2-r34f-qmc5","Warn: Project is vulnerable to: GHSA-f8q6-p94x-37v3","Warn: Project is vulnerable to: GHSA-vh95-rmgr-6w4m","Warn: Project is vulnerable to: GHSA-xvch-5gv4-984h","Warn: Project is vulnerable to: GHSA-3fx5-fwvr-xrjg","Warn: Project is vulnerable to: GHSA-w9mr-4mfr-499f","Warn: Project is vulnerable to: GHSA-pq67-2wwv-3xjx","Warn: Project is vulnerable to: GHSA-8cj5-5rvv-wf4v"],"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#vulnerabilities"}}]},"last_synced_at":"2025-08-22T18:54:31.878Z","repository_id":21536840,"created_at":"2025-08-22T18:54:31.878Z","updated_at":"2025-08-22T18:54:31.878Z"},"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":31400460,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-04-04T10:20:44.708Z","status":"ssl_error","status_checked_at":"2026-04-04T10:20:06.846Z","response_time":60,"last_error":"SSL_read: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-07-30T17:00:51.320Z","updated_at":"2026-04-04T12:57:46.387Z","avatar_url":"https://github.com/projectatomic.png","language":"JavaScript","readme":"[![NPM](https://nodei.co/npm/dockerfile_lint.png?downloads=true\u0026downloadRank=true\u0026stars=true)](https://nodei.co/npm/dockerfile_lint/)\n[![Build Status](https://travis-ci.org/projectatomic/dockerfile_lint.svg?branch=master)](https://travis-ci.org/projectatomic/dockerfile_lint)\n\n# dockerfile-lint\nA rule based 'linter' for [Dockerfiles](https://docs.docker.com/engine/reference/builder/). The linter rules can be used  to check file syntax as well as arbitrary semantic and best practice attributes determined by the rule file writer.\nThe linter can also be used to check LABEL rules against docker images.\n\n# Table of Contents\n\n- [Quickstart](#quickstart)\n- [Extending and Customizing: Rule Files](#extending-and-customizing-rule-files)\n  - [Profile Section](#profile-section)\n  - [General Section](#general-section)\n  - [Rule Attributes](#rule-attributes)\n  - [Line Rule Section](#line-rule-section)\n  - [Required Instruction Section](#required-instruction-section)\n- [Library Usage](#library-usage)\n  - [Node.js application use](#nodejs-application-use)\n  - [Command Line use](#command-line-use)\n- [Credits](#credits)\n- [License](#license)\n\n# Quickstart\n1. Change to directory where you have a Dockerfile\n2. run\n  * Atomic CLI\n\n            atomic run projectatomic/dockerfile-lint\n\n            atomic run projectatomic/dockerfile-lint image \u003cimageid\u003e\n\n  * Docker CLI\n\n            docker run -it --rm -v $PWD:/root/ \\\n                   projectatomic/dockerfile-lint \\\n                   dockerfile_lint [-f Dockerfile]\n\n            docker run -it --rm -v $PWD:/root/  \\\n                   -v /var/run/docker.sock:/var/run/docker.sock \\\n                   projectatomic/dockerfile-lint \\\n                   dockerfile_lint  image \u003cimageid\u003e\n\n\n\nBy default, the linter runs in strict mode (errors and/or warnings result in non-zero return code). Run the command with `-p`  or `--permissive` to\nrun in permissive mode:\n\n            atomic run projectatomic/dockerfile-lint -p\n\n            docker run -it --rm -v $PWD:/root/ \\\n                               projectatomic/dockerfile-lint \\\n                               dockerfile_lint -p -f Dockerfile\n\n# Extending and Customizing: Rule Files\nRule files are written in [yaml](http://www.yaml.org/). See the example rule file **sample_rules.yaml** in the root folder of the project.\nThe rules are implememented using regular expressions, run on one instruction of the dockerfile at a time.\nThe rule file has 4 sections, a profile section, a general section, a line rule section and a required instruction section.\n\n## Profile Section\nThe profile section gives information about the rule file\nThe information here is meant to help a user select a rule file that is appropriate for a given dockerfile. Example:\n```yaml\nprofile:\n  name: \"Default\"\n  description: \"Default Profile. Checks basic syntax.\"\n```\n\n## General Section\nThis section contains general syntax rules.\n\n## Rule Attributes\n\nHere is an example of a line rule expressed in yaml:\n```yaml\n    label: \"is_latest_tag\"\n    regex: /latest/\n    level: \"info\"\n    inverse_rule: true\n    message: \"base image uses 'latest' tag\"\n    description: \"using the 'latest' tag may cause unpredictable builds. It is recommended that a specific tag is used in the FROM line.\"\n    reference_url:\n```\n\n## Line Rule Section\nThis section contains rules that must be run on a given instruction in the dockerfile. There is a rule to check the syntax of each instruction and zero or more rules for semantic checks. The example below shows rules to run against the `FROM` instruction:\n```yaml\nline_rules:\n    FROM:\n      paramSyntaxRegex: /.+/\n      rules:\n        -\n          label: \"is_latest_tag\"\n          regex: /latest/\n          level: \"info\"\n          message: \"base image uses 'latest' tag\"\n          description: \"using the 'latest' tag may cause unpredictable builds. It is recommended that a specific tag is used in the FROM line.\"\n          reference_url:\n            - \"https://docs.docker.com/engine/reference/builder/\"\n            - \"#from\"\n        -\n          label: \"no_tag\"\n          regex: /[:]/\n          level: \"warn\"\n          inverse_rule: true\n          message: \"No tag is used\"\n          description: \"No tag is used\"\n          reference_url:\n            - \"https://docs.docker.com/engine/reference/builder/\"\n            - \"#from\"\n        -\n          label: \"from_not_redhat\"\n          regex: /rhel|redhat*/\n          inverse_rule: true\n          level: \"error\"\n          message: \"Base Image is not from Red Hat\"\n          description: \"Base Image must be from Red Hat\"\n          reference_url:\n```\nNote the (optional) `inverse_rule` attribute - this is just a convinient way to negate a regex rule - by default a rule is considered violated if it matches the regex pattern, but when 'inverse_rule' is set to 'true' the rule is violated if the line does not match the regex.\n\n## Required Instruction Section\nThis section includes a list of instructions that must exist in the dockerfile in order for it to be considered valid.\n\n## Inline Ignore Instructions\nThe user can tell dockerfile_lint to ignore a specific comand line inside a Dockerfile by placing a comment containing the word \"dockerfile_lint\" followed by the word \"ignore\", separated by a space, or a space and a dash/equals sign, above the command in the Dockerfile to be ignored. \n```\n# Add is required \u003cfor some previously approved reason documented here\u003e\n# dockerfile_lint - ignore\nADD http://example.com/big.tar.xz /usr/src/things/\n```\nThe above inline ignore would cause dockerfile_lint to skip processing the ADD command that follows it.  This allows the writing of strict rules in order to catch when best practices are not followed, while still being able to explicitly override the check on a case by case basis if a valid reason exists.  \n\n# Library Usage\n\n## Node.js application use\nInstall from github from your application root directory:\n```\nnpm install git+https://github.com/projectatomic/dockerfile_lint\n```\n\nImport and use the validator:\n```js\nvar fs = require('fs');\nvar rulefile = '/path/to/rulefile';\nvar DockerFileValidator = require('dockerfile_lint');\nvar validator = new DockerFileValidator(rulefile);\nvar result = validator.validate(dockerfile);\n```\n\n## Command Line use\nYou can install the linter globally on your pc:\n```\nsudo npm install -g dockerfile_lint\n```\n\nRun the tool:\n```\ndockerfile_lint  -f /path/to/dockerfile  [-f /path/to/second/dockerfile]  [-r /path/to/rule/file]\n```\nA default rule file is used if no rule file is given.\n\nYou can also run the tool without installing it - just clone the source repository and run the tool from the bin directory :\n```\ngit clone git@github.com:projectatomic/dockerfile_lint.git\ncd dockerfile_lint/bin\nchmod 555 dockerfile_lint\ndockerfile_lint  -f /path/to/dockerfile  [ -r /path/to/rule/file]\n```\n\nTo display results as JSON use the `-j` option:\n```\ndockerfile_lint  -j -f /path/to/dockerfile  [ -r /path/to/rule/file]\n```\n\nTo display results as JUnit XML file use the `-u` option:\n```\ndockerfile_lint  -u -f /path/to/dockerfile  [ -r /path/to/rule/file]\n```\n\nCommand Help:\n```\ndockerfile_lint  -h\n```\n\n# Credits\nThe linter is based on https://github.com/aweiteka/dockerfile_checker\n\n# License\nMIT\n","funding_links":[],"categories":["JavaScript","Docker Images","Dev Tools","Linters"],"sub_categories":["Linter","Dockerfile"],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fprojectatomic%2Fdockerfile_lint","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fprojectatomic%2Fdockerfile_lint","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fprojectatomic%2Fdockerfile_lint/lists"}