41 lines
1.3 KiB
YAML
41 lines
1.3 KiB
YAML
# Hadolint Balanced Configuration
|
|
# Recommended for most production use cases
|
|
# Balances security enforcement with practical development needs
|
|
|
|
failure-threshold: warning
|
|
|
|
# Allow common development patterns that don't compromise security
|
|
ignored:
|
|
- DL3059 # Multiple RUN instructions (improves layer caching in development)
|
|
|
|
# Trusted registries - add your organization's registries
|
|
trustedRegistries:
|
|
- docker.io/library # Official Docker Hub images
|
|
- gcr.io/distroless # Google distroless images
|
|
- cgr.dev/chainguard # Chainguard images
|
|
# Add your private registries below:
|
|
# - mycompany.azurecr.io
|
|
# - gcr.io/my-project
|
|
|
|
# Balanced severity levels
|
|
override:
|
|
error:
|
|
- DL3002 # Never switch to root (critical security)
|
|
- DL3020 # Use COPY instead of ADD (prevent URL injection)
|
|
warning:
|
|
- DL3000 # Use absolute WORKDIR
|
|
- DL3001 # Version pinning for package managers
|
|
- DL3006 # Always tag images
|
|
- DL3008 # Version pinning for apt
|
|
- DL3013 # Version pinning for pip
|
|
- DL3025 # Use JSON notation for CMD/ENTRYPOINT
|
|
info:
|
|
- DL3007 # Use image digests (nice to have)
|
|
- DL3009 # Delete apt cache (optimization)
|
|
|
|
# Recommended OCI labels
|
|
label-schema:
|
|
maintainer: text
|
|
org.opencontainers.image.version: semver
|
|
org.opencontainers.image.vendor: text
|