Detect Multiple Instructions

Description

This policy is implemented to ensure that container images are built with minimal cached layers. It specifically focuses on detecting and preventing the use of multiple instructions in a single line within Dockerfiles.

Kyverno policy

Refer to the Nirmata curated policies - detect-multiple-instructions.

Resource example

Below is an example of a Dockerfile enforcing this policy.

FROM ubuntu:latest # Update the package repository RUN apt-get update WORKDIR /app COPY . /app EXPOSE 8080 # Example: Run a command when the container starts CMD ["echo", "&& is not present"]