Skip to content
Latchkey

hadolint .hadolint.yaml Configuration

hadolint reads .hadolint.yaml (or .hadolint.yml) from the working directory for ignored rules, per-rule severity overrides, and trusted registries.

The config file keeps Dockerfile linting policy in the repo: which rules to skip, how severe each is, and which registries are allowed.

What it does

hadolint auto-loads .hadolint.yaml from the current directory (or a path via --config). It lists ignored rules, an override map that raises or lowers severity per rule, trustedRegistries, and failure-threshold and label-schema settings.

Common usage

.hadolint.yaml
ignored:
  - DL3008
  - DL3059
override:
  error:
    - DL3003
  warning:
    - DL3042
failure-threshold: warning
trustedRegistries:
  - docker.io
  - ghcr.io

Config keys

KeyWhat it does
ignoredList of DL/SC rules to skip
override.error/warning/info/styleReassign a rule to a severity
failure-thresholdLowest severity that fails the run
trustedRegistriesRegistries allowed in FROM
label-schemaRequired LABEL keys and their types
strict-labelsFail on labels outside the schema

Common errors in CI

"Error: ... while parsing config" means invalid YAML (often a tab or wrong indent). A rule still firing after adding it to ignored usually means the file is not being found; confirm it sits at the working directory hadolint runs in or pass --config. Lowering failure-threshold to error lets warnings through, which can hide real issues.

Related guides

Run this faster and cheaper on Latchkey managed runners. Start free →