Dockerfile
Results
📋
Paste a Dockerfile and click Roast it!
Paste a Dockerfile and click Roast it!
droast is a Dockerfile checker that runs entirely in your browser via WebAssembly — no server, no sign-up, no upload. Paste any Dockerfile and get instant lint results.
68 rules cover security misconfigurations, hardcoded secrets, outdated base images, layer bloat, missing health checks, and common anti-patterns. Each finding comes with a plain-English explanation and a snarky roast for good measure.
The linter catches things like FROM :latest pins, exposed passwords in ENV, running as root, apt-get without pinned versions, COPY vs ADD misuse, and untrusted registries.
It maps rules to hadolint's DL-series IDs where applicable, so results are familiar if you already use hadolint in CI.
Beyond the browser tool, droast ships as a single binary and a ready-made GitHub Action. Add Dockerfile validation to any pull request in two lines of YAML — no Docker-in-Docker required.
Install via Homebrew on macOS and Linux:brew tap immanuwell/droast git@github.com:immanuwell/homebrew-droast.gitbrew install immanuwell/droast/droast