# Hadolint Permissive Configuration
# For legacy Dockerfiles during migration or development environments
# Use temporarily while remediating existing issues

failure-threshold: error  # Only fail on critical security issues

# Ignore common legacy patterns (review and remove as you fix them)
ignored:
  - DL3006  # Image versioning (fix gradually)
  - DL3008  # apt-get version pinning (fix gradually)
  - DL3009  # apt cache cleanup (optimization, not security)
  - DL3013  # pip version pinning (fix gradually)
  - DL3015  # apt --no-install-recommends (optimization)
  - DL3059  # Multiple RUN instructions (caching)

# Still enforce trusted registries
trustedRegistries:
  - docker.io
  - gcr.io
  - ghcr.io
  # Add your registries

# Minimal enforcement - only critical security issues
override:
  error:
    - DL3002  # Never switch to root (always enforce)
    - DL3020  # Use COPY instead of ADD (security critical)
  warning:
    - DL3001  # Package manager version pinning
    - DL3025  # JSON notation for CMD/ENTRYPOINT
  info:
    # Everything else is informational
    - DL3000
    - DL3003
    - DL3007