Dockerfile Best Practices Checker
Paste a Dockerfile to check it against common best practices: pinned tags, non-root user, apt cleanup, layer caching, and secrets in ENV/ARG. Everything runs in your browser — nothing is uploaded.
About this tool
A static, rule-based check of the practices that catch most people in production: unpinned base images, containers running as root, apt-get layers that ship 40 MB of package indexes, COPY . . placed before the dependency install (which busts the build cache on every source change), and credentials baked into ENV or ARG — those persist in image history even if you unset them later.
It parses instructions (including \ line continuations) with plain pattern matching, so it can miss context a full parser like hadolint would catch, and an occasional false positive is possible. Treat findings as review prompts, not gospel. Your Dockerfile never leaves the page.