appsec icon indicating copy to clipboard operation
appsec copied to clipboard
verified publisher icon equinor

docs(guidelines): section on dockerfile linting

Open Brynjulf opened this issue 1 year ago • 3 comments

Linting your code plays such an important part in helping developers write clean, maintainable and secure code using best practices that I think there should be guidelines on what tools are good to use and how to incorporate them in our developer environments. And with many teams deploying their code using images, I believe that linting our dockerfiles using tools such as hadolint is a hidden gem that should be shared more prominently.

Brynjulf avatar Jul 22 '24 07:07 Brynjulf

Thanks for the PR! We'll go through the content and have an internal discussion within the team 👍

evtil avatar Aug 06 '24 07:08 evtil

Hello @Brynjulf,

I hope I haven't caused any confusion. I left a few comments on your PR since I'm quite interested in Docker linting and found your guide to be thorough. However, I wanted to mention that I'm not authorized to do an official review on this repository because I'm not part of the appsec team.

dbelyaev avatar Jan 30 '25 09:01 dbelyaev

@dbelyaev I admit that I didn't notice that you were not a part of the appsec team because the feedback was appropriate and helpful. 😄

Brynjulf avatar Jan 30 '25 09:01 Brynjulf

@Brynjulf @dbelyaev We should have a guideline. I can recommend Hadolint - it seems dormant and on the edge of being abandoned. Will do some testing with Dockle and Trivy

larskaare avatar Aug 27 '25 11:08 larskaare

Closing this PR and continuing the discussion on #208

larskaare avatar Sep 11 '25 10:09 larskaare