Closed this issue 2 years ago · 2 comments
hadolint is a pretty good option. There's an action for it too, but it's a little awkward that they only offer a @v2.1.0 and not a @v2.
hadolint
@v2.1.0
@v2
Interestingly, it can output SARIF for use with GitHub Advanced Security.
BTW, #706 added a hadolint step to the Deploy workflow.
Deploy