Skip to main content

CV-B001: Missing healthcheck

Warning Best Practice

Why This Matters

Without a healthcheck, Docker has no way to determine if the application inside the container is actually functioning correctly. A container can be "running" with a crashed application process. Healthchecks enable automatic restart of unhealthy containers and proper depends_on with condition: service_healthy.

How to Fix

Add a healthcheck with test, interval, timeout, and retries

Before (incorrect)

services:
  web:
    image: nginx

After (correct)

services:
  web:
    image: nginx
    healthcheck:
      test: ["CMD", "curl", "-f", "http://localhost"]
      interval: 30s
      timeout: 10s
      retries: 3

Rule Details

Rule Code
CV-B001
Severity
Warning
Category
Best Practice

Related Rules

CV-B002 Warning

No restart policy
CV-B003 Warning

No resource limits
CV-B004 Warning

Image tag not pinned (mutable tag)
CV-B006 Warning

Deprecated version field
CV-B008 Warning

Both build and image specified