Paste your Dockerfile and instantly get best-practice feedback, security warnings, and optimisation tips. Free, no login needed.
Here are some examples for you.
| Rule | What it checks | Severity |
|---|---|---|
| no-latest-tag | FROM uses :latest tag | error |
| no-user | No USER before CMD/ENTRYPOINT | error |
| no-secrets-in-env | Secrets hardcoded in ENV | error |
| apt-get-no-y | apt-get install missing -y flag | error |
| apt-get-update-alone | apt-get update in its own RUN layer | warning |
| chain-run | Multiple RUN apt-get install layers | warning |
| copy-before-deps | COPY . . before dependency install | warning |
| prefer-copy | ADD used instead of COPY | warning |
| large-base-image | Large base image (ubuntu/debian/centos…) | info |
| use-npm-ci | npm install instead of npm ci | info |
| no-healthcheck | No HEALTHCHECK instruction | info |
A Dockerfile linter is a static analysis tool that checks your Dockerfile for common mistakes, security vulnerabilities, and deviations from Docker best practices — before you build the image.
It checks for things like using a specific base image tag instead of "latest", running as root, missing HEALTHCHECK, inefficient layer ordering, unnecessary packages, exposed sensitive ports, and more.
Yes — completely free with no sign-up required. Paste your Dockerfile and get instant feedback in the browser.
Replace FROM node:latest with a specific version tag like FROM node:20-alpine. This makes your builds reproducible and avoids unexpected breaking changes.
Ready to go deeper? Our free Docker tutorial series takes you from zero to production-ready containers.