hadolint .hadolint.yaml Configuration
hadolint reads .hadolint.yaml (or .hadolint.yml) from the working directory for ignored rules, per-rule severity overrides, and trusted registries.
The config file keeps Dockerfile linting policy in the repo: which rules to skip, how severe each is, and which registries are allowed.
What it does
hadolint auto-loads .hadolint.yaml from the current directory (or a path via --config). It lists ignored rules, an override map that raises or lowers severity per rule, trustedRegistries, and failure-threshold and label-schema settings.
Common usage
ignored:
- DL3008
- DL3059
override:
error:
- DL3003
warning:
- DL3042
failure-threshold: warning
trustedRegistries:
- docker.io
- ghcr.ioConfig keys
| Key | What it does |
|---|---|
| ignored | List of DL/SC rules to skip |
| override.error/warning/info/style | Reassign a rule to a severity |
| failure-threshold | Lowest severity that fails the run |
| trustedRegistries | Registries allowed in FROM |
| label-schema | Required LABEL keys and their types |
| strict-labels | Fail on labels outside the schema |
Common errors in CI
"Error: ... while parsing config" means invalid YAML (often a tab or wrong indent). A rule still firing after adding it to ignored usually means the file is not being found; confirm it sits at the working directory hadolint runs in or pass --config. Lowering failure-threshold to error lets warnings through, which can hide real issues.