dockerfile.best-practice.prefer-apt-get.prefer-apt-get

semgrep

Author

unknown

Download Count*

LGPL Commons Clause

License

'apt-get' is preferred as an unattended tool for stability. 'apt' is discouraged.

Run Locally

Run in CI

Semgrep CI docs

Defintion

Edit Rule View Source

Open in Playground

rules:
  - id: prefer-apt-get
    severity: INFO
    languages:
      - dockerfile
    patterns:
      - pattern: RUN apt ...
      - pattern-not: RUN apt-get ...
    message: "'apt-get' is preferred as an unattended tool for stability. 'apt' is
      discouraged."
    metadata:
      source-rule-url: https://github.com/hadolint/hadolint/wiki/DL3027
      references:
        - https://github.com/hadolint/hadolint/wiki/DL3027
      category: best-practice
      technology:
        - dockerfile
      license: Commons Clause License Condition v1.0[LGPL-2.1-only]

Examples

prefer-apt-get.dockerfile

# cf. https://github.com/hadolint/hadolint/wiki/DL3027

FROM busybox

# ruleid: prefer-apt-get
RUN apt install curl=1.1.0

# ok: prefer-apt-get
RUN apt-get install curl=1.1.0

Short Link: https://sg.run/nwAO