This rule encourages the use of absolute paths or the WORKDIR instruction to change directories within Dockerfiles instead of chaining commands with cd. Using relative paths combined with cd in a single RUN instruction can lead to less readable and more error-prone code. It also makes it harder to track the current working directory during image builds.
To comply, either set the working directory explicitly using WORKDIR /path/to/directory before running commands or use absolute paths in instructions like RUN cp /source/file /destination/path. Avoid combining cd with other commands in a single RUN line, as this can cause unexpected behavior and complicate debugging.
Non-Compliant Code Examples
FROM busyboxRUNcd /usr/src/app && cp somedir/somefile ./someDirInUsrSrcApp/
FROM busyboxRUNcd /usr/src/app && git clone git@github.com:lukasmartinelli/hadolint.git
Compliant Code Examples
FROM busyboxRUN cp somedir/somefile /usr/src/app/someDirInUsrSrcApp/
FROM busyboxWORKDIR /usr/src/appRUN git clone git@github.com:lukasmartinelli/hadolint.git
シームレスな統合。 Datadog Code Security をお試しください
Datadog Code Security
このルールを試し、Datadog Code Security でコードを解析する
このルールの使用方法
1
2
rulesets:- docker-best-practices # Rules to enforce Docker best practices.
