Skip to main content
tally supports configuration via TOML config files, environment variables, and CLI flags. Sources cascade in a predictable order so you can set project defaults while allowing per-run overrides.

Priority order

Configuration sources are applied highest-priority first:
  1. CLI flags--fail-level error
  2. Environment variablesTALLY_OUTPUT_FAIL_LEVEL=error
  3. Config file.tally.toml or tally.toml
  4. Built-in defaults

Config file

File names

tally looks for these config file names, in order:
  1. .tally.toml (hidden file, recommended)
  2. tally.toml

Discovery

tally uses cascading config discovery similar to Ruff:
  1. Starting from the Dockerfile’s directory, walks up the filesystem.
  2. Stops at the first .tally.toml or tally.toml found.
  3. Uses that config — no merging with parent configs.
This allows monorepo setups with per-directory configurations:

Explicit config path

Override discovery with --config:

Config file reference

Controls how tally reports violations.

Environment variables


CLI flags


Build context and invocation flags

--context applies only when you lint Dockerfiles directly:
When you pass a Bake or Compose file, tally reads the build context from the selected target or service instead:
Do not combine --context with a Bake or Compose entrypoint. Use --target only with Bake, and --service only with Compose. See Build invocations for the full entrypoint behavior.

Inline directives

Suppress specific violations using inline comment directives directly in your Dockerfile.
Suppress violations on the next line:
Suppress multiple rules with comma-separated values:
Suppress all rules on a line:
Suppress violations throughout the entire file:
Document why a rule is suppressed using ;reason=:
Use --require-reason (or require-reason = true in .tally.toml) to enforce that all ignore directives include an explanation.
tally supports directive formats from other linters, making migration easy:

Example configurations

Strict CI

Relaxed development

Monorepo setup

Place a root .tally.toml with shared defaults, then override for specific services: