container-hadolint

# Dockerfile Security Linting with Hadolint ## Overview Hadolint is a Dockerfile linter that validates container build files against security best practices and the CIS Docker Benchmark. It analyzes Dockerfile instructions to identify misconfigurations, anti-patterns, and security vulnerabilities before images are built and deployed. Hadolint integrates ShellCheck to validate RUN instructions, ensuring shell commands follow security best practices. With 100+ built-in rules mapped to CIS Docker Benchmark controls, Hadolint provides comprehensive security validation for container images. ## Quick Start ### Install Hadolint ```bash # macOS via Homebrew brew install hadolint # Linux via binary wget -O /usr/local/bin/hadolint https://github.com/hadolint/hadolint/releases/latest/download/hadolint-Linux-x86_64 chmod +x /usr/local/bin/hadolint # Via Docker docker pull hadolint/hadolint ``` ### Scan Dockerfile ```bash # Scan Dockerfile in current directory hadolint Dockerfile # Scan with specific Dockerfile path hadolint path/to/Dockerfile # Using Docker docker run --rm -i hadolint/hadolint < Dockerfile ``` ### Generate Report ```bash # JSON output for automation hadolint -f json Dockerfile > hadolint-report.json # GitLab Code Quality format hadolint -f gitlab_codeclimate Dockerfile > hadolint-codeclimate.json # Checkstyle format for CI integration hadolint -f checkstyle Dockerfile > hadolint-checkstyle.xml ``` ## Core Workflows ### 1. Local Development Scanning Val...