Code Analysis

.deepsource.toml

This section covers .deepsource.toml configuration specific to the docker analyzer. Please make sure to read the general configuration guide first.

name

  • Type: String
  • Presence: mandatory
  • Description: Shortcode of the analyzer.
  • Example:
name = "docker"

enabled

  • Type: Boolean
  • Presence: optional
  • Description: Toggle whether this analyzer should be run.
  • Example:
enabled = true

meta

  • Type: Table
  • Presence: optional
  • Description: Any supported metadata to pass to the analyzer.
  • Example:
[analyzers.meta]
  dockerfile_paths = [
    "api/dockerfile_dev",
    "Dockerfile_local"
  ]
dockerfile_paths
  • Type: Array
  • Presence: optional
  • Description: Specify the dockerfile(s) to run analysis on.
  • Available Value: None. Expects path(s) of dockerfile(s)
  • Default Value: File named Dockerfile in the repository root, if it exists.
  • Example:
[analyzers.meta]
  dockerfile_paths = [
    "Dockerfile",
    "api/dockerfile_dev",
    "Dockerfile_local"
  ]

DeepSource looks for a file named Dockerfile in the repository root by default. If your Dockerfile name or path is different, you must provide the path to the file in the dockerfile_paths meta field.

If dockerfile_paths is specified, DeepSource will run analysis on all the files provided, along with the default Dockerfile file from the repository root, if it exists.

trusted_registries
  • Type: String
  • Presence: optional
  • Description: Specify trusted registries from where images are to be pulled.
  • Available Value: None. The user must provide the registries.
  • Default Value: None
  • Example:
[analyzers.meta]
  trusted_registries = [
    "my-registry.com",
    "company-registry.com"
  ]

If no values are provided for the meta field trusted_registries, the analyzer will not flag untrusted registries when encountered. However, when trusted_registries is provided, DeepSource will consider only the specified registries as allowed, and will raise an issue for any other registry that images are pulled from.

Sample config

version = 1

[[analyzers]]
name = "docker"
enabled = true

  [analyzers.meta]
  dockerfile_paths = [
    "dockerfile_dev",
    "dockerfile_prod"
  ]

  trusted_registries = [
    "my-registry.com",
    "docker.io"
  ]

Code Analysis

.deepsource.toml

This section covers .deepsource.toml configuration specific to the docker analyzer. Please make sure to read the general configuration guide first.

name

  • Type: String
  • Presence: mandatory
  • Description: Shortcode of the analyzer.
  • Example:
name = "docker"

enabled

  • Type: Boolean
  • Presence: optional
  • Description: Toggle whether this analyzer should be run.
  • Example:
enabled = true

meta

  • Type: Table
  • Presence: optional
  • Description: Any supported metadata to pass to the analyzer.
  • Example:
[analyzers.meta]
  dockerfile_paths = [
    "api/dockerfile_dev",
    "Dockerfile_local"
  ]
dockerfile_paths
  • Type: Array
  • Presence: optional
  • Description: Specify the dockerfile(s) to run analysis on.
  • Available Value: None. Expects path(s) of dockerfile(s)
  • Default Value: File named Dockerfile in the repository root, if it exists.
  • Example:
[analyzers.meta]
  dockerfile_paths = [
    "Dockerfile",
    "api/dockerfile_dev",
    "Dockerfile_local"
  ]

DeepSource looks for a file named Dockerfile in the repository root by default. If your Dockerfile name or path is different, you must provide the path to the file in the dockerfile_paths meta field.

If dockerfile_paths is specified, DeepSource will run analysis on all the files provided, along with the default Dockerfile file from the repository root, if it exists.

trusted_registries
  • Type: String
  • Presence: optional
  • Description: Specify trusted registries from where images are to be pulled.
  • Available Value: None. The user must provide the registries.
  • Default Value: None
  • Example:
[analyzers.meta]
  trusted_registries = [
    "my-registry.com",
    "company-registry.com"
  ]

If no values are provided for the meta field trusted_registries, the analyzer will not flag untrusted registries when encountered. However, when trusted_registries is provided, DeepSource will consider only the specified registries as allowed, and will raise an issue for any other registry that images are pulled from.

Sample config

version = 1

[[analyzers]]
name = "docker"
enabled = true

  [analyzers.meta]
  dockerfile_paths = [
    "dockerfile_dev",
    "dockerfile_prod"
  ]

  trusted_registries = [
    "my-registry.com",
    "docker.io"
  ]