Python
JavaScript
Java
Go
C#
Ansible
AWS CloudFormation Linter
C & C++
Dart Analyze
Kotlin
KubeLinter
PHP
Ruby
Rust
Scala
Secrets
Shell
Slither
Solhint
SQL
Swift
Terraform
Test coverageDetected `$` on the left side of assignmentDOK-SC1066Invalid case used for command/syntaxDOK-SC1081Command does not make sense in a containerDOK-DL3001User should not be `root` when the Dockerfile completesDOK-DL3002Invalid UNIX port providedDOK-DL3011Open string detectedDOK-SC1078Wrong use of `... && ... ||` syntaxDOK-SC2015Reference to an unassigned variable detectedDOK-SC2154Missing space before `#`DOK-SC1099Useless `cat` detectedDOK-SC2002Pin versions in `gem install`DOK-DL3028Unexpected `==` detectedDOK-SC1097Pin image versions explicitly to a release tagDOK-DL3007Pin versions in `pip`DOK-DL3013Use the `-y` switchDOK-DL3014`COPY --from` should reference a previously defined `FROM` aliasDOK-DL3022`COPY --from` cannot reference its own `FROM` aliasDOK-DL3023`FROM` aliases (stage names) must be uniqueDOK-DL3024Multiple `ENTRYPOINT` instructions detectedDOK-DL4004`eval` used with special charactersDOK-SC1098Consider using `./` or `--` globDOK-SC2035Detected use of `$` in the iterator name of a `for` loopDOK-SC1086Pin specific version in `npm`DOK-DL3016Use `COPY` instead of `ADD` for files and foldersDOK-DL3020Unexpected character detectedDOK-SC1079Use `ADD` to extract archives into an imageDOK-DL3010Pin versions in `apk add`DOK-DL3018Pin versions in `apt get install`DOK-DL3008`COPY` with more than 2 arguments requires the last argument to end with `/`DOK-DL3021Multiple `CMD` instructions detectedDOK-DL4003Set the `SHELL` option `-o pipefail` before using `RUN` with a pipe characterDOK-DL4006Missing spaceDOK-SC1035Spaces detected around `=` in assignmentsDOK-SC1068Consider using braces for expanding an arrayDOK-SC1087Word detected outside the quotesDOK-SC2026Detected use of escape sequences with `echo`DOK-SC2028Possible globbing or word splitting detectedDOK-SC2086Use `cd ... || exit` in case `cd` failsDOK-SC2164Do not use `sudo`DOK-DL3004Possible parameter declaration detectedDOK-SC1065Declare and assign separately to avoid masking of return valuesDOK-SC2155Avoid additional packages by specifying `--no-install-recommends`DOK-DL3015Use arguments JSON notation for CMD and ENTRYPOINT argumentsDOK-DL3025Use `SHELL` to change the default shellDOK-DL4005Consider using quotes to prevent word splittingDOK-SC2046Found reference to `ENV` var within the same stepDOK-E1000Invalid `LABEL` keyDOK-E1001Do not use `zypper dist-upgrade`DOK-W1011`ONBUILD`, `FROM` or `MAINTAINER` triggered from within `ONBUILD` instructionDOK-E1002Pin versions in `yum install`DOK-W1003Pin versions in `zypper install`DOK-W1004Pin versions in `dnf install`DOK-W1005COPY to a relative destination without WORKDIR setDOK-W1006Multiple `HEALTHCHECK` instructionsDOK-W1007Use the `-y` switch for `yum install`DOK-W1008Use the `-y` switch for `dnf install`DOK-W1009Use the `-y` switch for `zypper install`DOK-W1010Always tag the version of an image explicitlyDOK-DL3006Use absolute `WORKDIR`DOK-DL3000Use ` ` ` instead of `´` for command expansionDOK-SC1077Use only an allowed registry in the FROM imageDOK-DL3026Use `WORKDIR` to switch to a directoryDOK-DL3003Use of `&;` detectedDOK-SC1045Avoid cache directory with pip install --no-cache-dir <package>DOK-P1003Missing `yarn cache clean` after `yarn install`DOK-P1005Missing `yum clean all` after `yum install`DOK-P1000Missing `zypper clean` after `zypper install`DOK-P1001Missing `dnf clean all` after `dnf install` commandDOK-P1002Found `useradd` without `-l` flagDOK-P1004Do not use `--platform=` with `FROM`DOK-W1002Unquoted literal string detectedDOK-SC2140Delete the `apt-get` lists after installing anythingDOK-DL3009Unicode non-breaking space detectedDOK-SC1018`$` is not used specially and should therefore be escapedDOK-SC1000Use of deprecated `MAINTAINER` fieldDOK-DL4000Remove space after `=`DOK-SC1007Missing space or linefeed between the function name and bodyDOK-SC1095Do not use `apt`, use `apt-get` or `apt-cache` insteadDOK-DL3027Use the `--no-cache` switchDOK-DL3019Bad use of `{}`DOK-SC1083Use any one of `wget` or `curl` but not bothDOK-DL4001Use semicolon or linefeed before 'done'DOK-SC1010No need of escape sequenceDOK-SC1001Use `wget --progress` to avoid excessively bloated build logsDOK-W1000Found consecutive `RUN` commandsDOK-W1001
Docker
Static Analysis, SAST, Code Coverage, Code Complexity
Sample Configuration
.deepsource.toml
version = 1
[[analyzers]]
name = "docker"
[analyzers.meta]
dockerfile_paths = [
"dev.dockerfile",
"prod.dockerfile"
]
trusted_registries = [
"my-registry.com",
"docker.io"
]
Explore the docs for all configuration options.