Free online Dockerfile linter
droast is a Dockerfile checker that runs entirely in your browser via WebAssembly — no server, no sign-up, no upload. Paste any Dockerfile and get instant lint results.
68 rules cover security misconfigurations, hardcoded secrets, outdated base images, layer bloat, missing health checks, and common anti-patterns. Each finding comes with a plain-English explanation and a snarky roast for good measure.
What it checks
The linter catches things like FROM :latest pins, exposed passwords in ENV, running as root, apt-get without pinned versions, COPY vs ADD misuse, and untrusted registries.
It maps rules to hadolint's DL-series IDs where applicable, so results are familiar if you already use hadolint in CI.
Plug into your CI pipeline
Beyond the browser tool, droast ships as a single binary and a ready-made GitHub Action. Add Dockerfile validation to any pull request in two lines of YAML — no Docker-in-Docker required.
Install on macOS and Linux:curl -fsL ewry.net/droast/install.sh | sh