Dockerfile Collector
Parse Dockerfiles to extract base images, final stage configuration, healthchecks, users, and labels. Enforce container security and best practices.
dockerfile to your lunar-config.yml:uses: github://earthly/lunar-lib/collectors/dockerfile@v1.0.0
What This Integration Collects
This integration includes 1 collector that gather metadata from your systems.
dockerfile
Parses all Dockerfiles in the repository using dockerfile-json and collects:
- Container definitions with base images and metadata
- Final stage information (user, healthcheck)
- Labels from each stage
How Collectors Fit into Lunar
Lunar watches your code and CI/CD systems to collect SDLC data from config files, test results, IaC, deployment configurations, security scans, and more.
Collectors are the automatic data-gathering layer. They extract structured metadata from your repositories and pipelines, feeding it into Lunar's centralized database where guardrails evaluate it to enforce your engineering standards.
Learn How Lunar Works →Example Collected Data
This collector writes structured metadata to the Component JSON. Here's an example of the data it produces:
{
"containers": {
"source": {
"tool": "dockerfile-json",
"version": "1.2.2"
},
"definitions": [
{
"path": "Dockerfile",
"valid": true,
"base_images": [
{
"reference": "golang:1.21-alpine",
"image": "golang",
"tag": "1.21-alpine"
},
{
"reference": "gcr.io/distroless/static-debian12:nonroot-amd64",
"image": "gcr.io/distroless/static-debian12",
"tag": "nonroot-amd64"
}
],
"final_stage": {
"base_name": "runtime",
"base_image": "gcr.io/distroless/static-debian12:nonroot-amd64",
"user": "nonroot",
"has_healthcheck": false
},
"labels": {
"org.opencontainers.image.source": "https://github.com/acme/api"
},
"native": {
"ast": { "Stages": ["..."] }
}
}
]
}
}Configuration
Configure this collector in your lunar-config.yml.
Inputs
| Input | Required | Default | Description |
|---|---|---|---|
find_command
|
Optional |
find . -type f \( -name Dockerfile -o -name '*.Dockerfile' -o -name 'Dockerfile.*' \)
|
Command to find Dockerfiles (must output one file path per line) |
Documentation
View on GitHubDockerfile Collector
Parses Dockerfiles and collects container definition metadata including base images, final stage configuration, and labels.
Overview
This collector finds all Dockerfiles in a repository and parses them using dockerfile-json v1.2.2. It extracts structured information about container definitions including base images, user configuration, healthchecks, and labels. The collector runs on code changes and outputs normalized data for container-related policies.
Collected Data
This collector writes to the following Component JSON paths:
| Path | Type | Description |
|---|---|---|
.containers.source |
object | Tool metadata (tool name and version) |
.containers.definitions[] |
array | Parsed Dockerfile definitions with inline native AST |
Installation
Add to your lunar-config.yml:
collectors:
- uses: github://earthly/lunar-lib/collectors/dockerfile@v1.0.0
on: ["domain:your-domain"] # Or use tags like [backend, containerized]
# with:
# find_command: "find ./docker -name Dockerfile" # Custom find command
Open Source
This collector is open source and available on GitHub. Contribute improvements, report issues, or fork it for your own use.
Common Use Cases
Explore guardrails that use data from Dockerfile Collector.
Ready to Automate Your Standards?
See how Lunar can turn your engineering wiki, compliance docs, or postmortem action items into automated guardrails with our 100+ built-in guardrails.
Infrastructure conventions
Post-mortem action items
Security & compliance policies
Testing & quality requirements