Skip to main content

DL3004: Do not use sudo

Error Security

Why This Matters

Using sudo in a Dockerfile is almost always unnecessary because the build already runs as root by default. Worse, sudo adds a SUID binary to the image that can be exploited for privilege escalation. If you need to run a command as a different user, use the USER instruction to switch users explicitly.

How to Fix

Remove sudo and run the command directly (builds run as root by default)

Before (incorrect)

RUN sudo apt-get install -y curl

After (correct)

RUN apt-get install -y curl

Rule Details

Rule Code
DL3004
Severity
Error
Category
Security

Related Rules

DL3020 Error

Use COPY instead of ADD for files and folders
DL3061 Error

Dockerfile should start with FROM or ARG
PG001 Error

Secrets detected in ENV or ARG
PG002 Error

Avoid piping remote scripts to shell
DL3006 Warning

Always tag the version of an image explicitly