The Quickest Way to Improve Your Docker Images

This might be the most frequent advice I give to folks: “Have you tried using a Dockerfile linter?”

Apart from learning the basics of Docker, this is the most bang-for-the-buck thing your can do to improve your Docker game and save yourself from a few nasty gotchas.

Maybe “linter” is a bit too specific, it’s really about having an automated way to catch and discover avoidable mistakes.

Cool Tools To Know About

Here’s a list of tools you can use to get started.

hadolint - a Dockerfile linter. It checks the content of your Dockerfile for risky patterns and missing useful parts. You can even give it a try online, without installing anything. Otherwise, check out the GitHub page for more details.

dockle - instead of parsing the Dockerfile, this tool inspects your image directly. It has more of a security focus. It’s on GitHub. There’s a nice comparison to hadolint right at the top of the README.

trivy - even more of a security focus, less specific to Docker. It’s described with ‘A Simple and Comprehensive Vulnerability Scanner for Containers and other Artifacts’. Check it out on GitHub.

Give It A Try

Using a linter to check your Dockerfile, or another automated tool to scan the contents of your Docker image can deliver a lot of value with little effort.

You’ll learn about simple and less obvious things you’ve missed and just one scan might save you from a long and tedious debugging session in the future.

If in doubt, start with hadolint.

Digging Deeper

If you’re looking to build a complete understanding of Docker, my new book “Quick High-Level Docker Understanding” could be just the thing you’re looking for.