generic.dockerfile.best-practice.use-workdir.use-workdir

returntocorp

Author

3,970

Download Count*

LGPL Commons Clause

License

Use 'WORKDIR' instead of 'RUN cd ...'. Using 'RUN cd ...' may not work as expected in a conatiner.

Run Locally

Run in CI

Semgrep CI docs

Defintion

Edit Rule View Source

Open in Playground

rules:
  - id: use-workdir
    pattern: RUN ... cd
    message: Use 'WORKDIR' instead of 'RUN cd ...'. Using 'RUN cd ...' may not work
      as expected in a conatiner.
    severity: WARNING
    languages:
      - generic
    metadata:
      source-rule-url: https://github.com/hadolint/hadolint/wiki/DL3003
      references:
        - https://github.com/hadolint/hadolint/wiki/DL3003
      category: best-practice
      technology:
        - dockerfile
      license: Commons Clause License Condition v1.0[LGPL-2.1-only]
    paths:
      include:
        - "*dockerfile*"
        - "*Dockerfile*"

Examples

use-workdir.dockerfile

FROM busybox

# ruleid: use-workdir
RUN cd semgrep && git clone https://github.com/returntocorp/semgrep

# ruleid: use-workdir
RUN pip3 install semgrep && cd ..

# ok: use-workdir
RUN semgrep -f p/xss

# ok: use-workdir
RUN blah

# ok: use-workdir
RUN blah blahcd

Short Link: https://sg.run/XBre