---
title: "Prefer Copy Over Add"
diataxis: reference
applies_to:
  product: "kyverno"
audience: ["platform-engineer","devsecops"]
last_updated: 2026-03-25
url: https://docs.nirmata.io/docs/policy-sets/dockerfile_best_practices/prefer-copy-over-add/
---


### Description

This policy ensures that container images are built using commands that result in known outcomes. Specifically, it advocates for the preference of using the `COPY` instruction over `ADD` in Dockerfiles. By adhering to this policy, the predictability and transparency of the image-building process gets enhanced.

### Kyverno policy

Refer to the Nirmata curated policies - [prefer-copy-over-add](https://github.com/nirmata/kyverno-policies/blob/main/dockerfile-best-practices/prefer-copy-over-add/prefer-copy-over-add.yaml).

### Resource example

Below is an example of a Dockerfile enforcing this policy.

```bash
FROM ubuntu:latest

# Update the package repository
RUN apt-get update

WORKDIR /app

COPY . /app

EXPOSE 8080

# Example: Run a command when the container starts
CMD ["echo", "ADD Instruction is not present"]
```text