Dockerfile Linter
Lint and validate Dockerfiles against best practices. Catch security issues, optimization opportunities, and common mistakes.
About This Tool
The Dockerfile Linter is a free browser-based tool that analyzes your Dockerfiles against a comprehensive set of best-practice rules. It helps you catch security issues, optimization opportunities, and common mistakes before you build your images. Writing well-structured Dockerfiles leads to smaller, more secure, and more reproducible container images.
The linter implements over 20 rules covering categories such as
version pinning (DL3006, DL3007,
DL3008, DL3013, DL3018),
security (DL3002, DL3004),
instruction usage (DL3020, DL3025,
DL4000, DL4003, DL4004),
and shell scripting hygiene (SC2046,
SC2086). Rule codes are compatible with
<a
href="https://github.com/hadolint/hadolint"
target="_blank"
rel="noopener noreferrer"
className="text-primary underline underline-offset-2"
Hadolint , the widely used Dockerfile linter, so you can cross-reference documentation and integrate findings into your existing workflow.
All processing happens entirely in your browser using client-side JavaScript. Your Dockerfile content never leaves your machine — there are no server round-trips, no logging, and no third-party analytics on your input. This makes the tool safe for linting Dockerfiles that contain internal registry URLs, private package references, or proprietary build steps. You can verify this by checking the Network tab in your browser's developer tools.
Each issue is reported with a severity level (error, warning, or info), the specific rule code, and a clear explanation of what is wrong and how to fix it. The auto-lint feature provides instant feedback as you type, making it easy to iterate on your Dockerfile until all issues are resolved. Whether you are writing your first Dockerfile or optimizing a production image, this tool helps you follow Docker's official best practices and community conventions.
How to Use
- Paste your Dockerfile into the Dockerfile panel on the left, or click the Sample button to load an example with intentional issues.
- Click the Lint button or press Ctrl+Enter to analyze the Dockerfile.
- Optionally enable Auto-lint to get instant feedback as you type or edit.
- Review the results in the right panel. Each issue shows its line number, rule code, severity, and a description with suggested fix.
- Line numbers in the input are highlighted in red for lines that have issues, making it easy to locate problems.
- Click Copy or press Ctrl+Shift+C to copy all results to your clipboard.
- Click Clear to reset the input and results.
FAQ
Is my Dockerfile data safe?
Yes. All parsing and linting is done client-side in your browser using JavaScript. No data is sent to any server. You can verify this by checking your browser's Network tab while using the tool.
What rules does this linter check?
The linter checks over 20 rules covering version pinning (DL3006, DL3007, DL3008, DL3013, DL3018), security (DL3002, DL3004), deprecated instructions (DL4000), instruction best practices (DL3000, DL3001, DL3003, DL3009, DL3015, DL3020, DL3025, DL4003, DL4004, DL4005), and shell scripting hygiene (SC2046, SC2086). Rule codes are compatible with Hadolint.
What is the difference between error, warning, and info severities?
Errors indicate practices that are likely to cause build failures or security vulnerabilities (e.g. using sudo, relative WORKDIR paths). Warnings highlight issues that may lead to unreliable or bloated images (e.g. unpinned versions, using latest tag). Info items are optimization suggestions that improve image quality but are not strictly required.
Why should I pin package versions in my Dockerfile?
Pinning versions ensures that your Docker image builds are reproducible. Without pinning, apt-get install, pip install, or apk add may install different package versions on different days, potentially introducing breaking changes or security regressions.
Why should I avoid running as root in containers?
Running containers as root is a security risk. If an attacker exploits a vulnerability in your application, they gain root access to the container and potentially to the host system. The DL3002 rule warns when the last USER instruction is root. Use a dedicated non-root user for your application process.
How is this different from Hadolint?
Hadolint is a comprehensive command-line Dockerfile linter written in Haskell. This tool implements a subset of Hadolint-compatible rules in the browser with no installation required. It is ideal for quick checks and learning best practices. For CI/CD pipelines and full-featured linting, we recommend integrating Hadolint into your build process.
Does it handle multi-line RUN instructions?
Yes. The parser handles line continuations with backslash (\\) and combines them into a single logical instruction before applying lint rules. This means multi-line RUN commands are analyzed correctly.
Related Tools
Code Minifier
Minify and beautify JavaScript, CSS, and HTML code with size comparison stats.
JSON Schema Validator
Validate JSON data against a JSON Schema with detailed error messages and path highlighting.
YAML Formatter
Format, validate, and minify YAML with customizable indentation and syntax error display.
Robots.txt Generator
Generate robots.txt files with a visual editor for user-agents, allow/disallow rules, and sitemap entries.
Docker Run Command Builder
Build docker run commands visually with ports, volumes, env vars, and generate docker-compose.yml.
Helm Values Validator
Validate Helm values.yaml files against common patterns and best practices. Check types, compare overrides, and view value trees.
GitHub Actions Workflow Builder
Build GitHub Actions workflow YAML files visually. Configure triggers, jobs, steps, matrix strategies, and secrets references.
Makefile Generator
Generate Makefiles visually with targets, dependencies, variables, and templates for C, Go, Node.js, Python, and Docker projects.
GitLab CI Config Generator
Build .gitlab-ci.yml pipeline configurations visually. Define stages, jobs, artifacts, caching, and rules for GitLab CI/CD.
Shell Script Linter
Lint and check bash/shell scripts for common issues, deprecated syntax, and best practices. Catch bugs before they reach production.