Just Say No To `:Latest`

This page summarizes the projects mentioned and recommended in the original post on news.ycombinator.com
Static Analysis Dockerfile Docker Development grep-like

InfluxDB
Our great sponsors
  • InfluxDB - Power Real-Time Data Analytics at Scale
  • WorkOS - The modern identity platform for B2B SaaS
  • SaaSHub - Software Alternatives and Reviews
Our great sponsors

  • hadolint

    Dockerfile linter, validate inline bash, written in Haskell

    • Worth noting that Hadolint[1] raises warnings the issues mentioned in the article. Some examples of warnings:

    - https://github.com/hadolint/hadolint/wiki/DL3007: Using latest is prone to errors if the image will ever update. Pin the version explicitly to a release tag.

  • dockerfile-image-update

    A tool that helps you get security patches for Docker images into production as quickly as possible without breaking things

    • A similar tool to dependabot written by Salesforce: https://github.com/salesforce/dockerfile-image-update

  • InfluxDB

    Power Real-Time Data Analytics at Scale. Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.

    InfluxDB logo

  • semgrep-rules

    Semgrep rules registry

    • Hadolint is great! If you want to customize your lint logic beyond the checks in it, I recently wrote a Semgrep rule to require all our Dockerfiles to pin images with a sha256 hash that could be a good starting point: https://github.com/returntocorp/semgrep-rules/pull/1861/file...

NOTE: The number of mentions on this list indicates mentions on common posts plus user suggested alternatives. Hence, a higher number means a more popular project.

Suggest a related project

Related posts