Docker

The Docker Analyzer analyzes your Dockerfiles and raises issues if they do not follow the best practices and methods to build efficient docker images.

This section covers configuration specific to the Dockerfile analyzer. Please make sure to read the general configuration guide first.

Configuration - .deepsource.toml

name

  • Type: String
  • Presence: mandatory
  • Description: Shortcode of the analyzer.
  • Example:
name = "docker"

enabled

  • Type: Boolean
  • Presence: optional
  • Description: Toggle whether this analyzer should be run.
  • Example:
enabled = true

meta

  • Type: Table
  • Presence: optional
  • Description: Any supported metadata to pass to the analyzer.
  • Example:
[analyzers.meta]
  dockerfile_paths = [
    "api/dockerfile_dev",
    "Dockerfile_local"
  ]

dockerfile_paths

  • Type: Array
  • Presence: optional
  • Description: Specify the dockerfile(s) to run analysis on.
  • Available Value: None. Expects path(s) of dockerfile(s)
  • Default Value: File named Dockerfile in the repository root, if it exists.
  • Example:
[analyzers.meta]
  dockerfile_paths = [
    "Dockerfile",
    "api/dockerfile_dev",
    "Dockerfile_local"
  ]

πŸ“˜

DeepSource looks for a file named Dockerfile in the repository root by default.
If your Dockerfile name or path is different, you must provide the path to the file in the dockerfile_paths meta field.

If dockerfile_paths is specified, DeepSource will run analysis on all the files provided, along with the default Dockerfile file from the repository root, if it exists.

trusted_registries

  • Type: String
  • Presence: optional
  • Description: Specify trusted registries from where images are to be pulled.
  • Available Value: None. The user must provide the registries.
  • Default Value: None
  • Example:
[analyzers.meta]
  trusted_registries = [
    "my-registry.com",
    "company-registry.com"
  ]

πŸ“˜

If no values are provided for the meta field trusted_registries, the analyzer will not flag untrusted registries when encountered.
However, when trusted_registries is provided, DeepSource will consider only the specified registries as allowed,
and will raise an issue for any other registry that images are pulled from.

Sample config

version = 1

[[analyzers]]
name = "docker"
enabled = true

  [analyzers.meta]
  dockerfile_paths = [
    "dockerfile_dev",
    "dockerfile_prod"
  ]

  trusted_registries = [
    "my-registry.com",
    "docker.io"
  ]