dockerfile.best-practice.remove-package-cache.remove-package-cache
semgrepAuthor
unknown
Download Count*
License
The package cache was not deleted after running 'apt-get update', which increases the size of the image. Remove the package cache by appending '&& apt-get clean' at the end of apt-get command chain.
Run Locally
Run in CI
Defintion
rules:
- id: remove-package-cache
patterns:
- pattern-not-inside: RUN ... && apt-get clean ...
- pattern: RUN ... apt-get update ...
- pattern: apt-get update
message: The package cache was not deleted after running 'apt-get update', which
increases the size of the image. Remove the package cache by appending '&&
apt-get clean' at the end of apt-get command chain.
severity: WARNING
languages:
- dockerfile
metadata:
source-rule-url: https://github.com/hadolint/hadolint/wiki/DL3009
references:
- https://github.com/hadolint/hadolint/wiki/DL3009
category: best-practice
technology:
- dockerfile
license: Commons Clause License Condition v1.0[LGPL-2.1-only]
Examples
remove-package-cache.dockerfile
FROM busybox
# ruleid: remove-package-cache
RUN apt-get update && apt-get install --no-install-recommends -y python
# ruleid: remove-package-cache
RUN apt-get update && apt-get install --no-install-recommends -y python \
&& rm -rf /var/lib/apt/lists/*
# ok: remove-package-cache
RUN apt-get update && apt-get install --no-install-recommends -y python \
&& apt-get clean
# ok: remove-package-cache
RUN apt-get update && apt-get install --no-install-recommends -y python \
&& apt-get clean \
&& rm -rf /var/lib/apt/lists/*
# ruleid: remove-package-cache
RUN apt-get update && apt-get install --no-install-recommends -y python \
&& rm -rf /var/lib/apt/lists/* && apt-get install -no-install-recommends -y semgrep
# ok: remove-package-cache
RUN apt-get update &&\
apt-get install --no-install-recommends -y \
build-essential \
libxml2-dev \
libxmlsec1-dev \
libxmlsec1-openssl \
libyaml-dev \
pkg-config &&\
apt-get clean &&\
rm -rf /var/lib/apt/lists/*
Short Link: https://sg.run/L2vJ