Skip to main content
Arguments appear to use JSON exec-form but contain invalid JSON.

Description

Several Dockerfile instructions (CMD, ENTRYPOINT, RUN, SHELL, COPY, ADD, VOLUME, HEALTHCHECK CMD, ONBUILD <instruction>) accept JSON exec-form syntax:
When the arguments start with [ but contain invalid JSON (unquoted strings, single quotes, trailing commas), BuildKit’s parser silently treats them as shell form. This produces unexpected behavior:
  • CMD [bash, -lc, "echo hi"] is treated as the shell command [bash, -lc, "echo hi"] rather than exec-form ["bash", "-lc", "echo hi"].
  • SHELL [/bin/bash, -c] causes a build error because SHELL requires valid JSON.
The auto-fix rewrites the arguments as valid JSON. It is classified as suggestion because intent cannot be guaranteed — review it before applying.
  • buildkit/JSONArgsRecommended — recommends JSON exec-form for CMD and ENTRYPOINT. Because BuildKit falls back to shell-form when JSON is invalid, JSONArgsRecommended (info severity) also fires on the same instruction. tally’s supersession processor automatically suppresses the lower-severity JSONArgsRecommended violation when this rule (error severity) is present at the same line — so users see only the more actionable invalid-json-form error.

References

Examples

Bad

Good

Configuration