Docker Enforcers

The following are the list of Docker enforcers and examples on how to use each.

warning

Currently multi-stage docker build files are not supported, but are planned. These will currently only look at the first FROM statement in the Dockerfile.

DockerfileFromHasTag

Enforcer Name: .docker.DockerfileFromHasTag

nforce that the Dockerfile has a tag in the FROM line.

Example

file-protocols:
- name: Dockerfile
description: Dockerfile do not allow latest tag
repository-path: Dockerfile
enforcers:
- enforcer: .docker.DockerfileFromHasTag
allow-latest: false

DockerfileFromHostEquals

Enforcer Name: .docker.DockerfileFromHostEquals

Enforce that the Dockerfile has a specific host in the FROM line.

Example

file-protocols:
- name: Dockerfile
description: Dockerfile has required host
repository-path: Dockerfile
enforcers:
- enforcer: .docker.DockerfileFromHostEquals
expected-from-host: hub.docker.com

DockerfileFromImageEquals

Enforcer Name: .docker.DockerfileFromImageEquals

Enforce that the Dockerfile has a specific image in the FROM line.

Example

file-protocols:
- name: Dockerfile
description: Dockerfile has specific image
repository-path: Dockerfile
enforcers:
- enforcer: .docker.DockerfileFromImageEquals
expected-from-image: centos:1.0.0