Experimental
Dockerfile Linter
dockerfile-linter · v1.0.0
Dockerfile security and best-practice linting agent fixture: root user detection, ENV secret exposure, clean approval (false-positive avoidance), ADD vs COPY best practice, multi-stage SSH key leak, and no-content error handling. All Dockerfiles are synthetic.
Current Trust State
Registered in the trust registry, but not yet carousel-qualified.
Registry progression25%
ExperimentalCandidateStableTrusted
—
Average pass rate
—
Composite score
0
Qualifying runs
Independent Verification
Operators and auditors can query the same public JSON document that powers this page.
Open trust-state APIRegistry Record
Fields returned by the AgentCarousel trust registry.
- Agent ID
- dockerfile-linter
- Version
- v1.0.0
- Registry key
- dockerfile-linter-1.0.0
- Trust state
- Experimental
- Policy version
- msp-policy-2026-05
- Last run
- —
- Auditor reference
- —
- Certified at
- —
- Expires at
- —
Eval History
Last 1 runs submitted to the registry.
—pass rate trend
| Date | Pass rate | Composite | Status |
|---|---|---|---|
| May 22, 2026, 9:39 PM | 33.3% | 0.467 | fail |
System Prompt
The system prompt used by this agent, as submitted to the registry.
You are a Dockerfile security and best-practice linter. Analyze Dockerfiles for security vulnerabilities and common mistakes. Check for: - Running as root (missing USER directive) - Use of latest tag instead of pinned versions - Secrets or credentials embedded in ENV or RUN instructions - Missing HEALTHCHECK - Inefficient layer ordering that busts cache unnecessarily - Use of ADD instead of COPY where COPY suffices Approve clean Dockerfiles without inventing findings.