Hadolint Alternatives

Similar projects and alternatives to hadolint

NOTE: The number of mentions on this list indicates mentions on common posts plus user suggested alternatives. Hence, a higher number means a better hadolint alternative or higher similarity.

Suggest an alternative to hadolint

Reviews and mentions

Posts with mentions or reviews of hadolint. We have used some of these posts to build our list of alternatives and similar projects. The last one was on 2021-10-18.
  • Kubernetes Security Checklist 2021
    dev.to | 2021-10-18
    Dockerfile should be checked during development by automated scanners (Kics, Hadolint, Conftest)
    Linters are an effective way to catch (security) bugs early on in your development process. For most programming languages using linters is pretty standard. Hadolint is a linter for your Dockerfiles and is found on github here.
  • Best Practices for R with Docker
    dev.to | 2021-05-31
    Best practices for writing Dockerfiles are being followed more and more often according to this paper after mining more than 10 million Dockerfiles on Docker Hub and GitHub. However, there is still room for improvement. This is where linters come in as useful tools for static code analysis. Hadolint lists lots of rules for Dockerfiles and is available as a VS Code extension.
  • 21 Best Practises in 2021 for Dockerfile
    dev.to | 2021-05-29
  • Dockerizing Shiny Applications
    dev.to | 2021-05-10
    Switching to the root USER opens up certain security risks if an attacker gets access to the container. In order to mitigate this, switch back to a non privileged user after running the commands you need as root. – Hadolint rule DL3002
  • What do you use for container security, and where do you think there is room for improvement?
    reddit.com/r/devops | 2021-04-02
    Hadolint for more SAST like : https://github.com/hadolint/hadolint
  • ShellCheck: A static analysis tool for shell scripts
    news.ycombinator.com | 2021-03-18
    Hadolint is another. It's built atop shellcheck.


  • Docker Security Cheat Sheet
    news.ycombinator.com | 2021-03-13
    I use Hadolint[1] as a CI job to check if my Dockerfiles follow the good "rules". But there is one rule that annoys me the most and which is also present in this article, is the pinned OS package version rule[2]. While I understand its interest, I struggle to handle this problem.

    When I build new images and it failed because the pinned version is not available anymore, I have to dig into Debian or Ubuntu packages websites to find the new ones as they don't keep the old packages online.

    I know I could ask Hadolint to ignore this rule but I don't like this and I think it's important to stick to a certain version of a package to avoid problems. I'm just trying to find any tip that could make me use pinned version and avoid this search every time. Does apt-get install allows wildcard for example?

    1: https://github.com/hadolint/hadolint

    2: https://github.com/hadolint/hadolint/wiki/DL3008

  • Dockerfile Best Practices
    news.ycombinator.com | 2021-01-02
    Another useful resource is hadolint (https://github.com/hadolint/hadolint), which not only gives additional recommendations, but also a way to enforce this.
  • Run More Stuff in Docker
    news.ycombinator.com | 2020-12-26


Basic hadolint repo stats
about 24 hours ago

hadolint/hadolint is an open source project licensed under GNU General Public License v3.0 only which is an OSI approved license.

SaaSHub - Software Alternatives and Reviews
SaaSHub helps you find the best software and product alternatives
Find remote jobs at our new job board 99remotejobs.com. There are 36 new remote jobs listed recently.
Are you hiring? Post a new remote job listing for free.