Dockerfile Review Checklist

Use this checklist before merging a Dockerfile change or pushing an image to a registry.

When to use this

Before merging a Dockerfile change.
Before tagging and pushing an image to a public registry.
When upgrading the base image.

How this checklist works

Some items run a quick local check (e.g. scanning sample responses for secrets or PII). Others are manual confirmations or open another tool. When you finish, copy the report as Markdown to paste into your PR description, ticket, or Slack.

Privacy

This page is a static HTML file. The checklist component runs locally in your browser. Inputs you paste into the Run boxes stay in memory and are discarded when you close the tab. If you turn on "Save in this browser", only check state and short evidence strings are saved to localStorage — never the raw inputs.

Related tools

Dockerfile Linter / Best Practice Checker
Secrets Scanner

Other release checklists

Local Kubernetes YAML Validator
Secrets & PII Pre-check
All release checklists →