generic.dockerfile.correctness.multiple-cmd-instructions.multiple-cmd-instructions

Verifed by r2c
Community Favorite
profile photo of semgrepsemgrep
Author
62,846
Download Count*
LGPL Commons Clause
License

Multiple CMD instructions were found. Only the last one will take effect.

Run Locally

Run in CI

Semgrep CI docs

Defintion

Edit RuleView Source
Open in Playground 
rules:
  - id: multiple-cmd-instructions
    patterns:
      - pattern-either:
          - pattern: |
              CMD ...
              ...
              CMD ...
          - pattern: |
              CMD [...]
              ...
              CMD [...]
          - pattern: |
              CMD [...]
              ...
              CMD ...
          - pattern: |
              CMD ...
              ...
              CMD [...]
      - pattern-not-inside: |
          CMD ...
          ...
          FROM $IMAGE
          ...
          CMD ...
      - pattern-not: |
          HEALTHCHECK $CMD
          ...
          CMD ...
      - pattern-not: |
          HEALTHCHECK $CMD
          ...
          CMD [...]
      - pattern-not: |
          CMD ...
          ...
          HEALTHCHECK $CMD
      - pattern-not: |
          CMD [...]
          ...
          HEALTHCHECK $CMD
    message: Multiple CMD instructions were found. Only the last one will take effect.
    languages:
      - dockerfile
    severity: ERROR
    metadata:
      source-rule-url: https://github.com/hadolint/hadolint/wiki/DL4003
      references:
        - https://github.com/hadolint/hadolint/wiki/DL4003
        - https://kapeli.com/cheat_sheets/Dockerfile.docset/Contents/Resources/Documents/index#//dash_ref_Instructions/Entry/CMD/0
      category: correctness
      technology:
        - dockerfile
      license: Commons Clause License Condition v1.0[LGPL-2.1-only]

Examples

multiple-cmd-instructions.dockerfile

# cf. https://github.com/hadolint/hadolint/wiki/DL4003

FROM busybox
# ruleid: multiple-cmd-instructions
CMD /bin/true
CMD /bin/false