dockerfile.best-practice.remove-package-lists.remove-package-lists
semgrepAuthor
unknown
Download Count*
License
The package lists were not deleted after running 'apt-get update', which increases the size of the image. Remove the package lists by appending '&& rm -rf /var/lib/apt/lists/*' at the end of apt-get command chain.
Run Locally
Run in CI
Defintion
rules:
- id: remove-package-lists
patterns:
- pattern-not-inside: RUN ... rm -rf /var/lib/apt/lists/*
- pattern: RUN apt-get update ...
- pattern: apt-get update
message: The package lists were not deleted after running 'apt-get update',
which increases the size of the image. Remove the package lists by
appending '&& rm -rf /var/lib/apt/lists/*' at the end of apt-get command
chain.
severity: WARNING
languages:
- dockerfile
metadata:
source-rule-url: https://github.com/hadolint/hadolint/wiki/DL3009
references:
- https://github.com/hadolint/hadolint/wiki/DL3009
category: best-practice
technology:
- dockerfile
license: Commons Clause License Condition v1.0[LGPL-2.1-only]
Examples
remove-package-lists.dockerfile
FROM busybox
# ruleid: remove-package-lists
RUN apt-get update && apt-get install --no-install-recommends -y python
# ok: remove-package-lists
RUN apt-get update && apt-get install --no-install-recommends -y python \
&& rm -rf /var/lib/apt/lists/*
# ruleid: remove-package-lists
RUN apt-get update && apt-get install --no-install-recommends -y python \
&& apt-get clean
# ok: remove-package-lists
RUN apt-get update && apt-get install --no-install-recommends -y python \
&& apt-get clean \
&& rm -rf /var/lib/apt/lists/*
# ok: remove-package-lists
RUN apt-get update && \
apt-get install --no-install-recommends -y tini && \
rm -rf /var/lib/apt/lists/*
# ok: remove-package-lists
RUN apt-get update && apt-get install -y \
aufs-tools \
automake \
build-essential \
curl \
dpkg-sig \
libcap-dev \
libsqlite3-dev \
mercurial \
reprepro \
ruby1.9.1 \
ruby1.9.1-dev \
s3cmd=1.1.* \
&& rm -rf /var/lib/apt/lists/*
Short Link: https://sg.run/8k57