search

oxsecurity / megalinter

🦙 MegaLinter analyzes 50 languages, 22 formats, 21 tooling formats, excessive copy-pastes, spelling mistakes and security issues in your repository sources with a GitHub Action, other CI tools or locally.
https://megalinter.io
GNU Affero General Public License v3.0
1.88k stars 224 forks source link

Please upgrade hadolint to >=2.9.2 #1367

Closed DrYak closed 2 years ago

DrYak commented 2 years ago

Describe the bug The version 2.9.1 used by the latest Megalinter is affected by bug 785: false positive on pragmas.

To Reproduce Dockerfile starting with a syntax pragma, for example:

# syntax=docker/dockerfile:1.3
ARG test=val
FROM debian:stable
…etc…

Expected behavior versions <=2.9.0 (predating the bug) and >=2.9.2 (which contains the fix) correctly recognize the above as valid (it only has comments (with pragma), and ARG until the FROM section begins).

Screenshots Version 2.9.1 triggers this false positive instead:

DL3061 error: Invalid instruction order. Dockerfile must begin with FROM, ARG or comment.

Additional context We use mega-linter to automatically check our bioinformatics pipeline and it is affected by this bug as current megalinter uses the affected version 2.9.0 of hadolint.

nvuillam commented 2 years ago

Understood, this will be done very soon in beta, and not so long after in latest :)

nvuillam commented 2 years ago

It's on the way :)