Dockerfile Linter
Using `latest` tag in FROM (image: ubuntu:latest)
Pin a specific version tag, e.g. ubuntu:22.04 instead of ubuntu:latest.
ADD used where COPY would suffice
Use COPY instead of ADD for copying local files. ADD has extra features (auto-extract, remote URLs) that can be surprising.
Using `apt-get install` without `--no-install-recommends`
Add --no-install-recommends to avoid installing unnecessary packages and reduce image size.
Using `apt-get install` without `-y` flag
Add -y flag to avoid interactive prompts: apt-get install -y.
Using `apt-get install` without `--no-install-recommends`
Add --no-install-recommends to avoid installing unnecessary packages and reduce image size.
Missing `apt-get clean` or `rm -rf /var/lib/apt/lists/*` after install
Clean up apt cache in the same RUN layer to reduce image size.
Using `sudo` in Dockerfile
Avoid sudo. Use USER to switch users, or run commands as root directly (default in Docker).
EXPOSE with no port number
Specify a valid port number, e.g. EXPOSE 8080.
Missing HEALTHCHECK instruction
Add a HEALTHCHECK to let Docker know how to check that the container is still working.
Running as root — no USER instruction found
Add a USER instruction to run the container as a non-root user for better security.
CMD uses shell form instead of exec form
Use exec form: CMD ["executable", "arg1", "arg2"] for proper signal handling.
Consider using a .dockerignore file
A .dockerignore file helps exclude unnecessary files from the build context, speeding up builds and reducing image size.
4 consecutive RUN instructions found
Combine RUN instructions using && to reduce image layers.
WORKDIR should use an absolute path
Use an absolute path, e.g. WORKDIR /app instead of WORKDIR app.