The Quickest Way to Improve Your Docker Images
This might be the most frequent advice I give to folks: “Have you tried using a Dockerfile linter?”
Apart from learning the basics of Docker, this is the most bang-for-the-buck thing your can do to improve your Docker game and save yourself from a few nasty gotchas.
Maybe “linter” is a bit too specific, it’s really about having an automated way to catch and discover avoidable mistakes.
Cool Tools To Know About
Here’s a list of tools you can use to get started.
hadolint - a Dockerfile linter. It checks the content of your Dockerfile for risky patterns and missing useful parts. You can even give it a try online, without installing anything. Otherwise, check out the GitHub page for more details.
dockle - instead of parsing the Dockerfile, this tool inspects your image directly. It has more of a security focus. It’s on GitHub. There’s a nice comparison to hadolint right at the top of the README.
trivy - even more of a security focus, less specific to Docker. It’s described with ‘A Simple and Comprehensive Vulnerability Scanner for Containers and other Artifacts’. Check it out on GitHub.
Give It A Try
Using a linter to check your Dockerfile, or another automated tool to scan the contents of your Docker image can deliver a lot of value with little effort.
You’ll learn about simple and less obvious things you’ve missed and just one scan might save you from a long and tedious debugging session in the future.
If in doubt, start with hadolint.
Apart from automated checks, nothing beats a thorough understanding of Docker images and Docker as a tool. If you haven’t seen it already - check out my free “5 Days To Better Docker Images” email course. Sign up and start learning about building better Docker images right away.
If you’re looking to build a complete understanding of Docker, my new book “Quick High-Level Docker Understanding” could be just the thing you’re looking for.