About The Dockerfile Linter

The Dockerfile Linter performs fast static checks for common Dockerfile issues that can create slow builds, large images, weak reproducibility, or security risk.

Linting runs locally in your browser. It does not build images, pull base images, run containers, or contact a registry.

How to Lint a Dockerfile Online

1. Paste Dockerfile text into the Dockerfile box.
2. Leave Include maintainability warnings on for stricter review.
3. Click Lint Dockerfile to generate the report.
4. Review errors and warnings before committing or building the image.

Choosing Options Correctly

Maintainability warnings:
- Keep it ON to flag shell-form commands and other cleanup suggestions.
- Turn it OFF when you only want higher-signal build and security checks.

Dockerfile text:
- Paste the final Dockerfile content, not just changed lines, so context-sensitive checks work better.
- Remove secrets before using production examples.

Common Use Cases

• Checking Dockerfiles during code review.
• Spotting floating base image tags like :latest.
• Finding possible secrets embedded in build instructions.
• Reviewing cache and cleanup patterns before a build.

Quick FAQ

Does this use Docker?
No. It statically checks Dockerfile text and does not build or run an image.

Can it find every security issue?
No. It catches common patterns, but image scanning, dependency scanning, and runtime hardening need separate tools.

Why warn about shell-form CMD?
Shell-form commands can handle signals differently and may make container shutdown behavior less predictable.

Should warnings block a build?
Treat them as review prompts. Some warnings are acceptable when they are intentional and documented.