--format or the format key in
.tally.toml.
Output options
| Flag | Description |
|---|---|
--format, -f | Output format: text, json, sarif, github-actions, markdown |
--output, -o | Output destination: stdout, stderr, or a file path |
--no-color | Disable colored output (also respects the NO_COLOR env var) |
--show-source | Show source code snippets (default: true) |
--hide-source | Hide source code snippets |
Invocation-aware output
When you lint a Bake or Compose entrypoint, tally may run more than one invocation for the same Dockerfile. Output formats preserve that attribution:| Format | Invocation behavior |
|---|---|
text | Groups findings under labels such as [bake target: api] or [compose service: worker] and prints an invocation summary. |
json | Adds an invocation object to each orchestrator-derived violation and includes invocations_scanned. |
sarif | Stores invocation metadata in each result’s properties. |
github-actions | Prefixes annotation messages with the invocation label. |
markdown | Adds an Invocation column when invocation metadata is present. |
- text
- json
- sarif
- github-actions
- markdown
text (default)
Human-readable output with colors and source code snippets. Best for local development.tally lint Dockerfile
WARNING: StageNameCasing - https://docs.docker.com/go/dockerfile/rule/stage-name-casing/
Stage name 'Builder' should be lowercase
Dockerfile:2
────────────────────
1 │ FROM alpine
>>>2 │ FROM ubuntu AS Builder
3 │ RUN echo "hello"
────────────────────
Source snippets
Source snippets are shown by default. Toggle them with flags:# Hide source snippets (cleaner for long files)
tally lint --hide-source Dockerfile
# Explicitly show (useful when config sets show-source = false)
tally lint --show-source Dockerfile
.tally.toml:[output]
show-source = false
json
Machine-readable format with full violation details, summary statistics, and scan metadata. Best for scripts, dashboards, and custom reporting.tally lint --format json Dockerfile
{
"files": [
{
"file": "Dockerfile",
"violations": [
{
"location": {
"file": "Dockerfile",
"start": { "line": 2, "column": 0 }
},
"rule": "buildkit/StageNameCasing",
"message": "Stage name 'Builder' should be lowercase",
"severity": "warning",
"docUrl": "https://docs.docker.com/go/dockerfile/rule/stage-name-casing/"
}
]
}
],
"summary": {
"total": 1,
"errors": 0,
"warnings": 1,
"info": 0,
"style": 0,
"files": 1
},
"files_scanned": 1,
"rules_enabled": 41
}
| Field | Description |
|---|---|
files | Array of files with their violations |
summary | Aggregate counts: total, errors, warnings, info, style, files |
files_scanned | Total number of files scanned |
invocations_scanned | Total number of build invocations scanned; omitted or 0 for direct Dockerfile runs |
rules_enabled | Number of active rules with a non-"off" default severity |
| Field | Description |
|---|---|
invocation.kind | bake or compose |
invocation.file | Absolute path to the Bake or Compose file |
invocation.name | Target or service name |
tally lint --format json --output results.json .
sarif
SARIF 2.1.0 format for static analysis tools and CI code scanning integrations. Best for GitHub Code Scanning, Azure DevOps, and similar platforms.tally lint --format sarif --output results.sarif .
tally lint --format sarif . > results.sarif
GitHub Code Scanning
# Generate SARIF (use --fail-level none so the step doesn't fail before upload)
tally lint --format sarif --output tally.sarif --fail-level none .
# Upload with the CodeQL action
# uses: github/codeql-action/upload-sarif@v3
# with:
# sarif_file: tally.sarif
github-actions
Emits GitHub Actions workflow commands (::warning and ::error) for inline PR annotations.tally lint --format github-actions .
::warning file=Dockerfile,line=2,title=StageNameCasing::Stage name 'Builder' should be lowercase
| tally severity | GitHub command |
|---|---|
error | ::error |
warning | ::warning |
info | ::notice |
style | ::notice |
markdown
Concise Markdown tables optimized for AI agents, PR comments, and token-efficient reporting.tally lint --format markdown Dockerfile
**2 issues** in `Dockerfile`
| Line | Issue |
| ---- | ------------------------------------------- |
| 2 | ⚠️ Stage name 'Builder' should be lowercase |
| 10 | ❌ Use absolute WORKDIR |
- Summary line with total issue count upfront.
- Violations sorted by invocation, file, line, column, and rule code.
- Emoji severity indicators: ❌ error, ⚠️ warning, ℹ️ info, 💅 style.
- No rule codes or doc URLs — optimized for token efficiency.
- Adds a
Filecolumn automatically when linting multiple files. - Adds an
Invocationcolumn automatically when linting Bake or Compose entrypoints.
tally lint --format markdown . > lint-report.md