Hadolint

Hadolint is a high-performance Dockerfile linter built in Haskell, designed to provide developers with immediate feedback on container image construction. It operates by parsing Dockerfiles into an Abstract Syntax Tree (AST), allowing for sophisticated rule-based analysis that goes beyond simple regex-based linting. A core differentiator is its native integration with ShellCheck, which enables Hadolint to lint the shell scripts embedded within RUN instructions—a common source of security vulnerabilities and bloat. In the 2026 landscape, Hadolint remains the industry standard for shift-left container security, helping teams enforce best practices like using specific base image tags, minimizing image layers, and avoiding root-user execution. Its ability to output results in multiple formats, including JSON, SARIF, and Codeclimate, ensures seamless integration with modern CI/CD orchestrators and IDEs. By catching misconfigurations before the build phase, Hadolint reduces compute costs associated with failed builds and mitigates supply chain risks by identifying insecure package manager usage and unauthorized repository sources.