Detect Multiple Instructions

Description

This policy is implemented to ensure that container images are built with minimal cached layers. It specifically focuses on detecting and preventing the use of multiple instructions in a single line within Dockerfiles.

Kyverno policy

Refer to the Nirmata curated policies - detect-multiple-instructions.

Resource example

Below is an example of a Dockerfile enforcing this policy.

FROM ubuntu:latest

# Update the package repository
RUN apt-get update

WORKDIR /app

COPY . /app

EXPOSE 8080

# Example: Run a command when the container starts
CMD ["echo", "&& is not present"]