dockle
dockle copied to clipboard
Base image size lint
One of my personal pet-peeves is images using FROM ubuntu
, since this image usually contains far more than its dependant could even think to use and seriously clogs up /var
in disk-size restrained environments.
While this is hard to detect when included transitively, and of course not always a mistake, I'd argue that it is bad practice to use large dependency images when not necessary. This is easily overlooked, especially by newcomers. Many base images even support alpine
tags that should almost always be used, but are rarely the default.
This is also in line with some of the other suggested lints, which suggest installing only "necessary" packages, a rule that is almost always broken simply by depending on the ubuntu image.
Maybe it would be feasible to detect when a base image is larger than, say, 100MB, possibly by checking with a registry/local docker daemon/podman at run time?