Validates that the platform of an external base image matches the expected target platform.Documentation Index
Fetch the complete documentation index at: https://tally.wharflab.com/llms.txt
Use this file to discover all available pages before exploring further.
| Property | Value |
|---|---|
| Severity | Off |
| Category | Correctness |
| Default | Disabled (superseded by tally/platform-mismatch) |
Tally behavior deviation
Tally disables this rule by default because its host-dependent design is fundamentally broken for a static linter:- Non-deterministic results across machines. The rule compares resolved
image platforms against the host’s default platform (via
runtime.GOARCH). The same Dockerfile produces different violations onlinux/amd64CI vsmacOS/arm64developer laptops. - False positives on Windows containers. The expected OS is hardcoded to
"linux", so any Windows base image (e.g.,mcr.microsoft.com/windows/servercore) is always flagged as a mismatch. - Fires without explicit intent. When no
--platformflag is set onFROM, the rule still compares against the host — even though the builder will pick the correct platform at build time.
tally/platform-mismatch instead. That
rule only fires when --platform is explicitly set on FROM and the registry
does not provide the requested platform, producing deterministic results
regardless of host.
You can re-enable this rule via configuration if you prefer the BuildKit
behavior:
Description
When using--platform or $TARGETPLATFORM, this rule checks that the base
image actually supports the requested platform by resolving image metadata from
the registry.
This is an async rule that runs with --slow-checks, as it requires resolving
image metadata from the registry.
Examples
Bad (image not available for requested platform):See also
tally/platform-mismatch— deterministic replacement that only validates explicit--platformflags