Dockerfile Security Linter
Paste your Dockerfile. Get an instant security audit with scoring, issue highlights, fix suggestions, and live health badges for every detected base image.
100% client-side — your Dockerfile never leaves your browser
How It Works
Paste Your Dockerfile
Paste any Dockerfile — multi-stage builds, multi-line RUN commands, and ARG/ENV substitution are all supported.
Instant Audit
16 rules check for security risks, best practices, performance issues, and maintainability — each with severity, line numbers, and fix suggestions.
Score & Badges
Get a 0–100 score with letter grade, plus live ReleaseRun health and EOL badges for every detected base image.
Rules Checked
Security (7 rules)
Running as root, untagged images, secrets in ENV, ADD vs COPY, broad COPY scope, curl piped to shell, sudo usage, privileged ports
Best Practice (5 rules)
Missing HEALTHCHECK, too many RUN layers, apt-get without cleanup, missing LABEL, apt-get without -y
Performance (3 rules)
Missing multi-stage builds, full base images instead of Alpine/slim, COPY before dependency install
Maintainability (2 rules)
Missing WORKDIR, deprecated MAINTAINER instruction
FAQ
Is my Dockerfile sent anywhere?
No. Everything is parsed and linted entirely in your browser using JavaScript. Your Dockerfile never leaves your device. The only network requests are loading health badge images from img.releaserun.com.
What rules are checked?
Security (secrets in ENV, running as root, untagged images), best practices (HEALTHCHECK, layer optimization, apt-get cleanup), performance (multi-stage builds, Alpine bases, cache-friendly COPY order), and maintainability (WORKDIR, LABEL metadata).
Can I check docker-compose.yml?
Not yet. This tool focuses on Dockerfiles. For docker-compose analysis, stay tuned — we're working on it.
How is the score calculated?
Start at 100, then deduct: −20 per critical issue, −10 per high, −5 per medium, −2 per info. Minimum score is 0. Grades: A (90–100), B (80–89), C (70–79), D (60–69), E (50–59), F (<50).
Monitor your base images continuously
Add live health and EOL badges to your README so your team always knows when base images need upgrading.