sample_rules.yaml

---
  profile:
    name: "Default"
    description: "Default Profile. Checks basic syntax."
  general: 
    ref_url_base: "https://docs.docker.com/reference/builder/"
    valid_instructions: 
      - "FROM"
      - "MAINTAINER"
      - "RUN"
      - "CMD"
      - "EXPOSE"
      - "ENV"
      - "ADD"
      - "COPY"
      - "ENTRYPOINT"
      - "VOLUME"
      - "USER"
      - "WORKDIR"
      - "ONBUILD"
    instruction_regex: /(\\w+)\\s(.+$)/
    valid_instruction_regex: /^(CMD|FROM|MAINTAINER|RUN|EXPOSE|ENV|ADD|COPY|ENTRYPOINT|VOLUME|USER|WORKDIR|ONBUILD)(\s)?/i
    ignore_regex: /^#/
    multiline_regex: /\\$/
  line_rules: 
    FROM: 
      paramSyntaxRegex: /^[a-z0-9./-]+(:[a-z0-9.]+)?$/
      rules: 
        - 
          label: "is_latest_tag"
          regex: /latest/
          level: "info"
          message: "base image uses 'latest' tag"
          description: "using the 'latest' tag may cause unpredictable builds. It is recommended that a specific tag is used in the FROM line."
          reference_url: 
            - "https://docs.docker.com/reference/builder/"
            - "#from"
        - 
          label: "no_tag"
          regex: /^[:]/
          level: "warn"
          message: "No tag is used"
          description: "lorem ipsum tar"
          reference_url: 
            - "https://docs.docker.com/reference/builder/"
            - "#from"
    MAINTAINER: 
      paramSyntaxRegex: /.+/
      rules: []
    RUN: 
      paramSyntaxRegex: /.+/
      rules: 
        - 
          label: "no_yum_clean_all"
          regex: /yum ((?!clean all).)* .+/
          level: "warn"
          message: "yum clean all is not used"
          description: "the yum cache will remain in this layer making the layer unnecessarily large"
          reference_url: "None"
        - 
          label: "installing_ssh"
          regex: /ssh/
          level: "warn"
          message: "installing SSH in a container is not recommended"
          description: "Do you really need SSH in this image?"
          reference_url: "https://github.com/jpetazzo/nsenter"
    CMD: 
      paramSyntaxRegex: /.+/
      rules: []
    EXPOSE: 
      paramSyntaxRegex: /^[0-9]+([0-9\s]+)?$/
      rules: []
    ENV: 
      paramSyntaxRegex: /^[a-zA-Z_]+[a-zA-Z0-9_]* .+$/
      rules: []
    ADD: 
      paramSyntaxRegex: /^(~?[A-z0-9\/_.-]+|https?:\/\/(www\.)?[-a-zA-Z0-9@:%._\+~#=]{2,256}\.[a-z]{2,6}\b([-a-zA-Z0-9@:%_\+.~#?&\/\/=]*))\s~?[A-z0-9\/_.-]+$/
    COPY: 
      paramSyntaxRegex: /.+/
      rules: []
    ENTRYPOINT: 
      paramSyntaxRegex: /.+/
      rules: []
    VOLUME: 
      paramSyntaxRegex: /^~?([A-z0-9\/_.-]+|\["[A-z0-9\/_.-]+"\])$/
      rules: []
    USER: 
      paramSyntaxRegex: /^[a-z_][a-z0-9_]{0,30}$/
      rules: []
    WORKDIR: 
      paramSyntaxRegex: /^~?[A-z0-9\/_.-]+$/
      rules: []
    ONBUILD: 
      paramSyntaxRegex: /.+/
      rules: []
  required_instructions: 
    - 
      instruction: "MAINTAINER"
      count: 1
      level: "info"
      message: "Maintainer is not defined"
      description: "The MAINTAINER line is useful for identifying the author in the form of MAINTAINER Joe Smith <joe.smith@example.com>"
      reference_url: 
        - "https://docs.docker.com/reference/builder/"
        - "#maintainer"
    - 
      instruction: "EXPOSE"
      count: 1
      level: "info"
      message: "There is no 'EXPOSE' instruction"
      description: "Without exposed ports how will the service of the container be accessed?"
      reference_url: 
        - "https://docs.docker.com/reference/builder/"
        - "#expose"
    - 
      instruction: "ENTRYPOINT"
      count: 1
      level: "info"
      message: "There is no 'ENTRYPOINT' instruction"
      description: "None"
      reference_url: 
        - "https://docs.docker.com/reference/builder/"
        - "#entrypoint"
    - 
      instruction: "CMD"
      count: 1
      level: "info"
      message: "There is no 'CMD' instruction"
      description: "None"
      reference_url: 
        - "https://docs.docker.com/reference/builder/"
        - "#cmd"
    - 
      instruction: "USER"
      count: 1
      level: "warn"
      message: "No 'USER' instruction"
      description: "The process(es) within the container may run as root and RUN instructions my be run as root"
      reference_url: 
        - "https://docs.docker.com/reference/builder/"
        - "#user"