The Quickest Way to Improve Your Docker Images

This might be the most frequent advice I give to folks: “Have you tried using a Dockerfile linter?”

Apart from learning the basics of Docker, this is the most bang-for-the-buck thing your can do to improve your Docker game and save yourself from a few nasty gotchas.

Maybe “linter” is a bit too specific, it’s really about having an automated way to catch and discover avoidable mistakes.

Cool Tools To Know About

Here’s a list of tools you can use to get started.

hadolint - a Dockerfile linter. It checks the content of your Dockerfile for risky patterns and missing useful parts. You can even give it a try online, without installing anything. Otherwise, check out the GitHub page for more details.

dockle - instead of parsing the Dockerfile, this tool inspects your image directly. It has more of a security focus. It’s on GitHub. There’s a nice comparison to hadolint right at the top of the README.

trivy - even more of a security focus, less specific to Docker. It’s described with ‘A Simple and Comprehensive Vulnerability Scanner for Containers and other Artifacts’. Check it out on GitHub.

Give It A Try

Using a linter to check your Dockerfile, or another automated tool to scan the contents of your Docker image can deliver a lot of value with little effort.

You’ll learn about simple and less obvious things you’ve missed and just one scan might save you from a long and tedious debugging session in the future.

If in doubt, start with hadolint.

Digging Deeper

If you’re looking to build a complete understanding of Docker, my new book “Quick High-Level Docker Understanding” could be just the thing you’re looking for.

Subscribe to my newsletter!
You'll get notified via e-mail when new articles are published. I mostly write about Docker, Kubernetes, automation and building stuff on the web. Sometimes other topics sneak in as well.

Your e-mail address will be used to send out summary emails about new articles, at most weekly. You can unsubscribe from the newsletter at any time.

We use rapidmail to send our newsletter. When you subscribe, you consent to the entered data being forwarded to rapidmail. Please see the rapidmail GTC and data privacy statement. .