hadolint
Dockerfile linter that parses AST and integrates with ShellCheck to validate Docker best practices and bash code in RUN instructions
Hadolint is a Dockerfile linter that parses Dockerfiles into an Abstract Syntax Tree (AST) and applies rules to validate Docker best practices. The tool integrates with ShellCheck to lint bash code inside RUN instructions, providing comprehensive validation beyond basic Dockerfile syntax. It supports multiple output formats including TTY, JSON, checkstyle, codeclimate, and SARIF.
The linter offers extensive configuration options through YAML config files, supporting rule severity overrides, trusted registry validation, and label schema enforcement. Users can ignore specific rules globally or inline, set failure thresholds, and customize rule severity levels (error, warning, info, style). Hadolint validates trusted registries in FROM instructions and can enforce specific label schemas with format requirements.
Hadolint runs as a standalone binary or through Docker containers, making it suitable for local development and CI/CD pipelines. It provides both minimal containers and variants with shell access (Debian/Alpine). The tool integrates with various development environments including VS Code extensions and supports configuration through environment variables or command-line options.
Installation
# via Homebrew
brew install hadolint
# via Docker
docker pull hadolint/hadolint
# via Scoop (Windows)
scoop install hadolint
