36 lines
1.1 KiB
YAML
36 lines
1.1 KiB
YAML
# Hadolint Permissive Configuration
|
|
# For legacy Dockerfiles during migration or development environments
|
|
# Use temporarily while remediating existing issues
|
|
|
|
failure-threshold: error # Only fail on critical security issues
|
|
|
|
# Ignore common legacy patterns (review and remove as you fix them)
|
|
ignored:
|
|
- DL3006 # Image versioning (fix gradually)
|
|
- DL3008 # apt-get version pinning (fix gradually)
|
|
- DL3009 # apt cache cleanup (optimization, not security)
|
|
- DL3013 # pip version pinning (fix gradually)
|
|
- DL3015 # apt --no-install-recommends (optimization)
|
|
- DL3059 # Multiple RUN instructions (caching)
|
|
|
|
# Still enforce trusted registries
|
|
trustedRegistries:
|
|
- docker.io
|
|
- gcr.io
|
|
- ghcr.io
|
|
# Add your registries
|
|
|
|
# Minimal enforcement - only critical security issues
|
|
override:
|
|
error:
|
|
- DL3002 # Never switch to root (always enforce)
|
|
- DL3020 # Use COPY instead of ADD (security critical)
|
|
warning:
|
|
- DL3001 # Package manager version pinning
|
|
- DL3025 # JSON notation for CMD/ENTRYPOINT
|
|
info:
|
|
# Everything else is informational
|
|
- DL3000
|
|
- DL3003
|
|
- DL3007
|