Best way to scan dockerfile for specific command?

alden.erazo · January 13, 2025, 7:10pm

I’m trying to create a custom rule that checks to make sure our Dockerfiles are taking a specific image from the correct repository. It would be a very simple check, just looking for the presence of a single line of text in the file, e.g. FROM companyrepo.org/blessed-image.

Anyone know the best way to implement this? I was wondering if any of the custom rule templates that come with sonar out of the box could be used (of course, I’d have to change the file patterns that are being checked). I’d rather not have to create a plugin for such a simple rule.

Colin · January 21, 2025, 12:22pm

Hey Alden.

You’d have to write a custom rule to do this—there’s no existing rule that would raise an issue when a specific image isn’t being used.

system · February 6, 2025, 1:20am

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
12 new rules to have intentional and consistent Dockerfiles Sonar Updates docker	0	1881	October 6, 2023
Scratch not excluded from docker image tag rule Report False-positive / False-negative... sonarqube , rules , built-in	2	485	January 5, 2024
7 new rules to clean your Dockerfiles Sonar Updates docker	1	1195	July 10, 2023
Sonarqube custom rule scm information SonarQube Server / Community Build	2	667	November 8, 2018
Sonarqube Docker check Writing rules sonarqube	1	1117	November 28, 2019

Best way to scan dockerfile for specific command?

Related topics