Just Say No To `:Latest`

This page summarizes the projects mentioned and recommended in the original post on news.ycombinator.com
#Static Analysis #Dockerfile #Docker #Development #grep-like

Our great sponsors
  • Sonar - Write Clean Java Code. Always.
  • InfluxDB - Access the most powerful time series database as a service
  • SaaSHub - Software Alternatives and Reviews
Our great sponsors

  • hadolint

    Dockerfile linter, validate inline bash, written in Haskell

    Worth noting that Hadolint[1] raises warnings the issues mentioned in the article. Some examples of warnings:

    - https://github.com/hadolint/hadolint/wiki/DL3007: Using latest is prone to errors if the image will ever update. Pin the version explicitly to a release tag.

  • dockerfile-image-update

    A tool that helps you get security patches for Docker images into production as quickly as possible without breaking things

    A similar tool to dependabot written by Salesforce: https://github.com/salesforce/dockerfile-image-update

  • Sonar

    Write Clean Java Code. Always.. Sonar helps you commit clean code every time. With over 600 unique rules to find Java bugs, code smells & vulnerabilities, Sonar finds the issues while you focus on the work.

  • semgrep-rules

    Semgrep rules registry

    Hadolint is great! If you want to customize your lint logic beyond the checks in it, I recently wrote a Semgrep rule to require all our Dockerfiles to pin images with a sha256 hash that could be a good starting point: https://github.com/returntocorp/semgrep-rules/pull/1861/file...

NOTE: The number of mentions on this list indicates mentions on common posts plus user suggested alternatives. Hence, a higher number means a more popular project.

Suggest a related project

Related posts