dockerfile.best-practice.missing-no-install-recommends.missing-no-install-recommends

profile photo of semgrepsemgrep
Author
unknown
Download Count*
LGPL Commons Clause
License

This 'apt-get install' is missing '--no-install-recommends'. This prevents unnecessary packages from being installed, thereby reducing image size. Add '--no-install-recommends'.

Run Locally

Run in CI

Semgrep CI docs

Defintion

Edit RuleView Source
Open in Playground 
rules:
  - id: missing-no-install-recommends
    patterns:
      - pattern: |
          RUN apt-get install ...
      - pattern-not: RUN apt-get install ... --no-install-recommends ...
    languages:
      - dockerfile
    message: This 'apt-get install' is missing '--no-install-recommends'. This
      prevents unnecessary packages from being installed, thereby reducing image
      size. Add '--no-install-recommends'.
    severity: INFO
    metadata:
      source-rule-url: https://github.com/hadolint/hadolint/wiki/DL3015
      references:
        - https://github.com/hadolint/hadolint/wiki/DL3015
      category: best-practice
      technology:
        - dockerfile
      license: Commons Clause License Condition v1.0[LGPL-2.1-only]

Examples

missing-no-install-recommends.dockerfile

FROM debian
# ruleid: missing-no-install-recommends
RUN apt-get install semgrep=0.30.0

# ruleid: missing-no-install-recommends
RUN apt-get install -y python=2.7 semgrep

# ok: missing-no-install-recommends
RUN apt-get install semgrep --no-install-recommends

# ok: missing-no-install-recommends
RUN apt-get install semgrep --no-install-recommends -y

# ok: missing-no-install-recommends
RUN apt-get install --no-install-recommends semgrep

# ok: missing-no-install-recommends
RUN apt-get install --no-install-recommends -y python=2.7 semgrep

# ok: missing-no-install-recommends
RUN apt-get install -y --no-install-recommends python=2.7

# ok: missing-no-install-recommends
RUN apt-get update \
    && apt-get install -y --no-install-recommends \
    python3 \
    python3-pip \
    python3-setuptools \
    libpython3-dev \
    python3-dev \
    git \
    ca-certificates \
    zip \
    jq \
    && apt-get clean \
    && rm -rf /var/lib/apt/lists/*

# ruleid: missing-no-install-recommends
RUN apt-get update \
    && apt-get install \
    python3 \
    python3-pip \
    python3-setuptools \
    libpython3-dev \
    python3-dev \
    git \
    ca-certificates \
    zip \
    jq \
    && apt-get clean \
    && rm -rf /var/lib/apt/lists/*

# ruleid: missing-no-install-recommends
RUN apt-get update \
    && apt-get install --assume-yes \
    python3 \
    python3-pip \
    python3-setuptools \
    libpython3-dev \
    python3-dev \
    git \
    ca-certificates \
    zip \
    jq \
    && apt-get clean \
    && rm -rf /var/lib/apt/lists/*