12 new rules to have intentional and consistent Dockerfiles


We made a change in our Dockerfile analyzer to help you write more intentional and consistent Dockerfile files. Here is the list of rules:


  • S6574: A space before the equal sign in key-value pair may lead to unintended behavior
  • S6589: Dockerfile should only have one ENTRYPOINT and CMD instruction
  • S6579: Access variable which is not available in the current scope


  • S6581: Environment variables should not be unset on a different layer than they were set
  • S6573: Expanded filenames should not become options
  • S6570: Detect missing double quote to prevent globbing and word splitting
  • S6587: Cache should be cleaned after package installation
  • S6586: Deprecated instruction should not be used
  • S6595: Update cache and install packages in single RUN instruction
  • S6597: WORKDIR instruction should be used instead of cd command
  • S6596: Specific version tag for image should be used
  • S6584: Consent flag should be set to avoid manual input

This is available now on SonarCloud and will be part of SonarQube 10.3