# Docker

The Docker Analyzer analyzes your dockerfiles and raises issues if they do not follow the best practices and methods to build efficient docker images.

This section covers configuration specific to the dockerfile analyzer. Please make sure to read the general configuration guide first.

# Configuration - `.deepsource.toml`

# `name`

Type: String (opens new window)
Presence: mandatory
Description: Shortcode of the analyzer.
Example:

name = "docker"

# `enabled`

Type: Boolean (opens new window)
Presence: mandatory
Description: Toggle whether this analyzer should be run.
Example:

enabled = true

# `meta`

Type: Table (opens new window)
Presence: optional
Description: Any supported metadata to pass to the analyzer.
Example:

[analyzers.meta]
  dockerfile_paths = [
    "api/dockerfile_dev",
    "Dockerfile_local"
  ]

# `dockerfile_paths`

Type: Array (opens new window)
Presence: optional
Description: Specify the dockerfile(s) to run analysis on.
Available Value: None. Expects path(s) of dockerfile(s)
Default Value: File named Dockerfile in the repository root, if it exists.
Example:

[analyzers.meta]
  dockerfile_paths = [
    "Dockerfile",
    "api/dockerfile_dev",
    "Dockerfile_local"
  ]

TIP

DeepSource looks for a file named Dockerfile in the repository root by default. If your dockerfile name or path is different, you must provide the path to the file in the dockerfile_paths meta field.

If dockerfile_paths is given to the analyzer, it will run analysis on all the files provided, along with the default Dockerfile file from the repository root, if it exits.

# `trusted_registries`

Type: String (opens new window)
Presence: optional
Description: Specify trusted registries from where images are being pulled.
Available Value: None. Expects user to provide the registries.
Default Value: None
Example:

[analyzers.meta]
  trusted_registries = [
    "my-registry.com",
    "company-registry.com"
  ]

TIP

If no values are provided for the meta field trusted_registries, the checker to detect allowed registries will be never run. However, when trusted_registries are provided, Deepsource will consider only those registries as allowed registries, and will raise an issue for every other registry from which images are being pulled.

# Sample config

version = 1

[[analyzers]]
name = "docker"
enabled = true

  [analyzers.meta]
  dockerfile_paths = [
    "dockerfile_dev",
    "dockerfile_prod"
  ]

  trusted_registries = [
    "my-registry.com",
    "docker.io"
  ]

← Java Terraform →

# Docker

# Configuration - .deepsource.toml

# name

# enabled

# meta

# dockerfile_paths