Dockerfile support 🐳

Bridgecrew now supports Dockerfile scanning!

Docker builds images by reading the instructions from a Dockerfile, a document with commands a user would call on the command line to assemble an image. Dockerfile scanning enables you to spot misconfigurations before pushing the image to a registry.

By adding Dockerfile scanning to your VCS or CI/CD tools, you'll be able to find and fix the following policy violations in your Dockerfiles:

  • Ensure that COPY is used instead of ADD in Dockerfiles
  • Ensure that HEALTHCHECK instructions have been added to container images
  • Ensure update instructions are not used alone in the Dockerfile
  • Ensure that a user for the container has been created
  • Ensure port 22 is not exposed

Full documentation
This feature is also available for Checkov, our open source IaC scanning tool.