generic.dockerfile.correctness.alias-must-be-unique.alias-must-be-unique

Verifed by r2c

Community Favorite

semgrep

Author

126,601

Download Count*

LGPL Commons Clause

License

Image aliases must have a unique name, and '$REF' is used twice. Use another name for '$REF'.

Run Locally

Run in CI

Semgrep CI docs

Defintion

Edit Rule View Source

Open in Playground

rules:
  - id: alias-must-be-unique
    severity: ERROR
    languages:
      - generic
    patterns:
      - pattern-either:
          - pattern: |
              FROM ... as $REF
              ...
              ...
              FROM ... as $REF
          - pattern: |
              FROM ... AS $REF
              ...
              ...
              FROM ... AS $REF
      - pattern-not-inside: |
          FROM ... as $REF
          ...
          ...
          FROM ... as $REF-
      - pattern-not-inside: |
          FROM ... AS $REF
          ...
          ...
          FROM ... AS $REF-
    paths:
      include:
        - "*dockerfile*"
        - "*Dockerfile*"
    message: Image aliases must have a unique name, and '$REF' is used twice. Use
      another name for '$REF'.
    metadata:
      source-rule-url: https://github.com/hadolint/hadolint/wiki/DL3024
      references:
        - https://github.com/hadolint/hadolint/wiki/DL3024
      category: correctness
      technology:
        - dockerfile
      license: Commons Clause License Condition v1.0[LGPL-2.1-only]

Examples

alias-must-be-unique.dockerfile

# cf. https://github.com/hadolint/hadolint/wiki/DL3024

# ruleid: alias-must-be-unique
FROM debian:jesse as build

RUN stuff

FROM debian:jesse as build

RUN more_stuff

# ok: alias-must-be-unique
FROM debian:jesse as another-alias

RUN more_more_stuff

Short Link: https://sg.run/jRY2