Dockerfile Best Practice Linters

This project is a comprehensive, community-driven directory that serves as a centralized discovery hub for the container ecosystem. It functions as a structured knowledge base, aggregating a wide array of software tools, educational materials, and technical resources designed to assist developers and operators in mastering containerization technologies. The repository distinguishes itself through a meticulously organized taxonomy that maps the entire container lifecycle, from initial development and image building to orchestration, security, and infrastructure operations. By curating disparate external links and documentation into a single, version-controlled collection, it provides a clear navigation path for users seeking specialized utilities, ranging from runtime engines and registry tools to advanced supply chain security and observability solutions. Beyond its role as a tool index, the directory supports professional growth by offering a broad surface of learning resources, including tutorials, best practices, and community-vetted guides. It covers essential operational domains such as multi-container workload management, image hardening, and workflow optimization, ensuring that both newcomers and experienced practitioners have access to a reliable reference for modern containerized systems.

This project is a static analysis tool and linter designed to improve the quality, reliability, and portability of shell scripts. By performing deep structural analysis, it identifies common programming pitfalls, syntax errors, and security vulnerabilities before scripts are executed. It functions as an automated code reviewer that enforces best practices and helps developers maintain consistent, robust code across different operating environments. The tool distinguishes itself through its dialect-aware grammar resolution, which adapts its parsing logic based on the specific shell interpreter detected. It utilizes a sophisticated engine that constructs an abstract syntax tree to evaluate logic, quoting, and portability concerns. Developers can exert granular control over the analysis process by using inline directives to suppress specific warnings or configure how the tool resolves external source files. The project covers a comprehensive surface of diagnostic capabilities, ranging from fundamental syntax validation to complex logic checks. It provides guidance on idiomatic script construction, including safe file handling, efficient arithmetic operations, and proper command substitution. These features collectively ensure that scripts adhere to POSIX standards and remain compatible across various shell implementations. The tool is distributed as a command-line utility, allowing for integration into development workflows to provide immediate feedback on script integrity.

Moon is a monorepo build system and task runner designed to orchestrate complex projects with multiple packages. It functions as a dependency graph orchestrator that executes build targets in topological order and utilizes input hashing to cache results and skip redundant work. The project features a polyglot toolchain manager that automates the installation and versioning of language runtimes and CLI tools to ensure environment consistency. It also includes a plugin framework based on WebAssembly, allowing developers to extend build logic and toolchain behavior using any supported language. The system covers a broad range of capabilities, including incremental build execution, CI pipeline optimization via task sharding and affected-target filtering, and the generation of optimized multi-stage Dockerfiles. It further provides tools for repository governance through code ownership management and the automation of version control hooks. The tool provides interface servers that enable AI agents to query project state, trigger build tasks, and manage toolchain configurations.

Dive is a command-line tool designed for the analysis and optimization of container images. It functions as a layered storage inspector, allowing users to decompose image manifests to examine individual filesystem layers and identify opportunities to reduce total image size. The tool features a filesystem diffing engine that calculates net changes between sequential layers to highlight redundant data and storage inefficiencies. Users interact with this data through a terminal-based dashboard that provides keyboard-driven navigation of complex file structures and layer metadata. By abstracting the underlying container runtime, the tool maintains compatibility across various storage formats and engine environments. Beyond manual inspection, the software supports automated quality gates for continuous integration pipelines. It evaluates image metadata against user-defined performance thresholds to validate efficiency and prevent the deployment of suboptimal builds. Configuration files allow for the adjustment of logging levels, interface layouts, and engine preferences to suit specific development workflows.

Hadolint is a Dockerfile linter and Haskell-based static analysis tool. It analyzes container image configuration files against a set of rules to ensure valid syntax and adherence to best practices. The tool functions as a wrapper for shell checkers to inspect inline shell commands and scripts within build instructions, identifying scripting errors and bugs. It also includes security auditing capabilities to warn when images are pulled from registries not explicitly listed as trusted. The analysis engine covers quality assurance through label schema validation, syntax pattern verification, and image optimization. Users can manage the process via configuration files to control rule severity, suppress specific warnings, and define shell compatibility for non-POSIX environments.

Ruff is a high-performance static analysis and code formatting tool designed for Python. Built in Rust, it functions as a comprehensive engine that scans source code to detect programming errors, security vulnerabilities, and deviations from established coding standards. By parsing source code into a structured tree representation, it provides both automated linting and style enforcement across entire projects. The tool distinguishes itself through its speed and deep integration into the development lifecycle. It utilizes parallelized file processing to maximize throughput on large codebases and offers a configuration-driven rule engine that allows developers to customize or suppress specific checks. Beyond standard Python scripts, it provides native support for Jupyter notebooks, Markdown files, and documentation strings, ensuring consistent quality across diverse document formats. Ruff serves as a versatile utility for project maintenance, offering automated import management and the ability to apply safe, automatic corrections to identified code quality issues. It integrates directly into development environments via the Language Server Protocol, providing real-time diagnostic highlighting, code actions, and rule documentation hovers. These capabilities extend to continuous integration pipelines and pre-commit hooks, enabling automated quality enforcement throughout the development process.

This project is a suite of specialized tools for linting, minifying, analyzing, and managing container images and their associated registries. It provides a set of utilities including an image minifier to reduce image size, a security profiler to harden running containers, an image analyzer for static inspection, and a registry manager for organizing multi-architecture indices. The toolset distinguishes itself through behavior-based optimization and security. It uses dynamic analysis to track executed instructions and file access to remove unused binary data, and records kernel interactions to generate restrictive system call profiles. It also employs HTTP probing to discover dynamically loaded components by crawling exposed web ports. The broader capability surface includes static Dockerfile linting, container image merging, and vulnerability analysis to assess threat levels within an image. It further supports troubleshooting workflows via interactive sidecar container debugging and multi-architecture registry synchronization across cloud and local environments.

This project is a static analysis engine designed to identify patterns, enforce coding standards, and automate code quality improvements in software projects. By parsing source code into structured abstract syntax trees, it enables deep programmatic inspection and the automated remediation of identified programming issues. The engine functions as a pluggable linting framework, allowing developers to extend its core capabilities through a modular architecture. Users can inject custom rules, parsers, and processors to support non-standard file formats or domain-specific logic. This extensibility is supported by a multi-stage pipeline that handles everything from initial parsing to the generation of automated code fixes. Configuration is managed through a hierarchical system that resolves settings across project directory structures, allowing for consistent rule enforcement and file exclusion patterns. The tool integrates into development workflows via a command-line interface or a programmatic API, which supports both file-based analysis and raw string processing. Performance is optimized through file-system-aware caching, which ensures that only modified files are re-analyzed during execution.

Superjson is a lossless JSON serialization library and data transcoder. It converts complex JavaScript and TypeScript data types into strings and metadata to ensure that type identity is preserved during data transfer. The library preserves non-native types such as Dates, Maps, and Sets by splitting values into a JSON-compatible payload and a separate map of type-specific metadata. It utilizes a registry-based mapping system that allows for the definition of custom type handlers to manage third-party data types during serialization and deserialization. This utility supports cross-process data communication and type-safe data transfer by restoring original object prototypes and complex data types. It performs encoding based on runtime types rather than using a predefined schema.

Gitleaks is a security scanning engine designed to identify hardcoded credentials, API keys, and other sensitive information within version control systems and local file structures. It functions as a static analysis tool that automates the detection of secrets, helping to prevent the accidental exposure of sensitive data during the development lifecycle. The tool distinguishes itself through its ability to perform deep forensic analysis of git history, allowing users to audit entire project timelines or enforce security gates within continuous integration pipelines. It supports complex detection logic through composite rules and provides mechanisms for baseline management, which enables teams to ignore existing findings and focus exclusively on new security risks. By offering pre-commit hook integration and exit-code-based orchestration, it allows for the enforcement of security policies directly within developer workflows and automated build environments. Beyond core scanning, the project provides a broad set of utilities for managing security findings, including support for decoding obfuscated strings, inspecting compressed archives, and filtering results through allowlisting or path exclusions. It facilitates compliance and reporting by exporting structured data, which can be integrated into external dashboards or tracking systems. The tool is built to handle various input sources, including direct file system traversal and standard input streams, ensuring compatibility with diverse development and deployment environments.

Deepagents is an LLM agent orchestration platform and stateful application server designed for deploying and managing AI agents built with computational graphs. It provides a containerized runtime environment that handles agent execution, state persistence, and the versioning of AI assistants. The platform distinguishes itself through deep integration with the Model Context Protocol, allowing agents to function as servers that expose tools and capabilities to external clients. It features a sophisticated observability suite for capturing execution traces, performing LLM-based evaluations against datasets, and conducting side-by-side model output comparisons. The system covers a broad range of operational capabilities, including cron-based task scheduling, multi-tenant workspace isolation, and human-in-the-loop review workflows. It also manages long-term memory through semantic search and provides automated scaling of compute resources across cloud environments. A command-line interface is provided for local agent validation, graph packaging, and rapid testing via a local development server.

Continue is an automated code review platform that integrates AI agents directly into the software development lifecycle. By executing custom validation rules against pull request diffs, it provides immediate feedback through repository status checks, allowing teams to enforce quality, security, and documentation standards before manual review begins. The system distinguishes itself through a file-based configuration model where validation logic is defined in version-controlled markdown files. These files act as system prompts that guide autonomous agents in evaluating code changes. This approach enables agentic task chaining, where specialized workflows—such as security scanning, test coverage validation, and UI rendering verification—are orchestrated to analyze code against project-specific criteria. Beyond automated reviews, the platform includes a local-first execution engine that allows developers to run and refine these checks from the command line before committing changes. The system also incorporates a feedback loop that tracks user acceptance and rejection of suggestions, enabling the refinement of check logic over time to reduce noise and improve the accuracy of automated findings. The project provides a command-line interface for managing these workflows and integrates with repository webhooks to trigger analysis automatically upon pull request submission.

This project is a software engineering style guide and a curated collection of architectural patterns and coding standards. It provides a multi-language coding standard to ensure maintainable software across Ruby, Python, JavaScript, and Swift. The project establishes a development workflow specification for version control, continuous integration, and peer review to maintain a linear project history. It also includes a web accessibility framework based on ARIA and WCAG standards, using design tokens and semantic HTML patterns to build inclusive interfaces. The guides cover a broad range of technical capabilities, including database schema design and indexing patterns for SQL, frontend performance optimization, and secure development workflows for managing credentials and vulnerabilities. It also provides standards for API design, mobile development architecture, and layered testing strategies.

Lighthouse is an automated diagnostic tool that evaluates web pages against industry standards for performance, accessibility, and search engine optimization. It functions as a programmatic analysis engine and a command-line utility, allowing developers to integrate comprehensive web quality checks directly into continuous integration pipelines and local development workflows. The project distinguishes itself through a modular architecture that utilizes artifact-based data collection to ensure consistent analysis across different environments. It supports a headless execution mode for automated testing and provides a plugin-driven framework, enabling developers to register custom audit logic and specialized reporting categories to meet unique project requirements. Beyond its core auditing capabilities, the tool detects underlying web frameworks and content management systems to provide tailored optimization recommendations. It generates structured, machine-readable reports and offers multiple interfaces, including a browser-integrated panel and a dedicated extension, to facilitate real-time feedback during the development process.

This project is a comprehensive Python coding guide and software engineering resource focused on professional development practices. It provides a detailed collection of idiomatic techniques, design patterns, and architectural strategies to improve code quality and maintainability. The guide emphasizes advanced design patterns such as dependency injection, data-driven design, and the application of SOLID principles for object-oriented design. It distinguishes itself by covering sophisticated structural strategies, including class-based decorators, the separation of interfaces from implementations, and the use of data-driven logic externalization to modify program behavior without altering source code. The resource covers a broad surface of capability areas, including performance optimization through efficient iterator patterns and container selection, robust error handling via the EAFP philosophy, and the construction of decoupled data pipelines using generators. It also details code quality standards regarding naming conventions, type annotations, and variable scope management. The content provides guidance on language internals, ranging from magic method implementation and assignment expressions to memory-efficient file streaming and block-based reading.

Prettier is an opinionated code formatter that parses source code and reprints it from scratch to enforce a consistent, project-wide visual style. By transforming code into an abstract syntax tree and applying a recursive document printing process, it eliminates manual style debates and ensures that all source files adhere to a unified appearance. The project is distinguished by its extensible, plugin-based architecture, which decouples language-specific parsing logic from the core engine. This modular design allows for uniform style enforcement across diverse programming languages and complex, mixed-content files where code is embedded within other languages. It also provides robust support for configuration-driven workflows, allowing teams to resolve hierarchical settings across directory trees and share standardized rule sets through reusable configuration packages. Beyond its core formatting engine, the tool integrates into the entire development lifecycle. It offers programmatic APIs and command-line utilities for file discovery, change detection, and verification, alongside native support for editor-based formatting on save. The system also facilitates integration with linting workflows and continuous integration pipelines, enabling automated style enforcement through pre-commit hooks and status checks that ensure only properly formatted code enters version control.

This project is a POSIX shell toolset providing utilities for parsing, formatting, interpreting, and validating shell scripts. It includes a parser that converts Bash and Zsh source code into structured syntax trees, a formatter for standardizing script layout, and a runtime interpreter for executing shell commands and script logic. The toolset supports dialect-aware parsing to handle multiple shell language specifications. It provides capabilities for static analysis, allowing shell source code to be converted into structured data for external manipulation or validation against specific dialect rules. Additional capabilities include resolving variable and glob expansions, verifying UTF-8 encoding, and scanning directory hierarchies to discover shell script files. The system can also serialize internal syntax trees to and from typed JSON for state restoration and external analysis.

This project is an uncompromising, deterministic code formatter for Python. It functions by parsing source code into an abstract syntax tree and regenerating it according to a rigid, opinionated set of style rules. By automating the formatting process, it eliminates manual style debates and configuration overhead, ensuring that code remains consistent across entire projects regardless of the original input. The tool distinguishes itself through its focus on speed and seamless integration into development workflows. It utilizes content-based file caching and parallel processing to maintain high performance on large codebases, while supporting version control hooks to enforce style consistency before code is committed. To preserve project history, it provides mechanisms to ignore specific commits in version control blame tracking, ensuring that automated style changes do not obscure original authorship. Beyond standard source files, the formatter extends its capabilities to include Jupyter notebooks, type stubs, and embedded code examples within documentation. It offers broad compatibility through plugins for major text editors and integrated development environments, as well as support for the language server protocol. Configuration is managed through project-level files that are automatically discovered within the directory hierarchy, allowing for consistent behavior across diverse development environments.

actionlint is a static analysis tool and linter specifically designed for GitHub Actions workflow files. It functions as a CI workflow validator and YAML configuration linter to ensure the syntax and logic of automation files are correct before deployment. The project distinguishes itself by performing deep security auditing and script analysis. It includes a shell script auditor to detect syntax bugs and script injection vulnerabilities in inline commands, and it scans for hardcoded credentials to prevent security leaks. The tool covers a broad range of validation capabilities, including expression type checking, job dependency verification, and the validation of reusable workflows and matrix configurations. It also verifies trigger events, cron schedules, and action metadata to ensure compatible data types and required parameters are present. The linter can be used via the command line or integrated into IDEs for real-time feedback.

This project is a curated knowledge base and technical reference for shell scripting, focused on performing common system tasks using only built-in shell features. It serves as a guide for implementing logic and automation without relying on external binaries or dependencies, ensuring scripts remain portable across standard Unix-like environments. The repository distinguishes itself by emphasizing native shell functions and syntax to minimize process forking and improve execution performance. It provides idiomatic patterns for complex string transformations, pattern matching, and data flow management, allowing developers to replace heavy external utilities with efficient, built-in alternatives. The collection covers a broad range of system administration and automation techniques, including file management, configuration handling, and environment isolation. The documentation is structured as a technical resource for developers seeking to write portable, lightweight scripts that function consistently across different command-line environments.