Dockerfile Linter
Scan Dockerfiles for security issues and best-practice violations
# Paste your Dockerfile here to analyze it # Example: FROM node:latest ADD . /app WORKDIR app RUN npm install ENV DB_PASSWORD=supersecret123 CMD ["node", "server.js"]
About the Dockerfile Linter
This tool analyzes your Dockerfile against 21 security and best-practice rules, ranging from critical security issues (running as root, exposed secrets) to optimization suggestions (BuildKit cache mounts, multi-stage builds).
Security Score
Each rule has a severity weight. Critical issues deduct 20 points, high issues 10 points, medium 5 points, and low 2 points. Info-level suggestions don't affect the score. A perfect Dockerfile scores 100/A.
Auto-Fix
The "Fixed Dockerfile" tab shows an automatically corrected version with common issues resolved: ADD replaced with COPY, npm install replaced with npm ci, non-root USER added, HEALTHCHECK inserted, and more. Always review auto-fixes before using in production.
How It Works
Everything runs in your browser. Your Dockerfile is never sent to any server. The linter parses Dockerfile instructions, applies each rule, and generates results instantly. Based on Docker security best practices, CIS Docker Benchmark, and real-world SRE experience.
Key Rules
- DL001: No USER instruction — container runs as root
- DL002: Using 'latest' or untagged base images
- DL003: Secrets hardcoded in ENV instructions
- DL004: Missing HEALTHCHECK for container monitoring
- DL005: Using ADD instead of COPY for local files
- DL007: Piping curl/wget directly to shell
- DL009: npm install instead of npm ci
- DL020: Single-stage build (consider multi-stage)