Hadolint is a static analysis tool designed to validate container build configurations. It functions as a security scanner and configuration auditor, parsing build instructions into a structured format to identify deviations from security and efficiency standards.
The tool distinguishes itself by performing deep inspection of embedded shell commands. By tokenizing and analyzing these scripts, it detects common scripting errors and security vulnerabilities that might otherwise persist within a container image. It integrates external analysis tools to provide specialized validation for these inline commands, ensuring that both the container structure and the execution logic are evaluated.
Beyond basic syntax checking, the utility supports automated workflows by identifying inefficient layer creation and insecure configuration settings. It is designed for integration into continuous integration and deployment pipelines to catch configuration issues before images are built. The project provides a command-line interface for executing these audits across container definitions.
