Deprecated MAINTAINER Instruction

INFO

MAINTAINER instruction is deprecated. Use LABEL org.opencontainers.image.authors instead.

Rule Information

Language
Docker
Category
Best Practice
Author
Shivasurya
Shivasurya
Last Updated
2026-03-22
Tags
dockerdockerfilemaintainerlabeldeprecatedmetadatabest-practiceocistandardslegacy
CWE References
CWE-710

Interactive Playground

Experiment with the vulnerable code and security rule below. Edit the code to see how the rule detects different vulnerability patterns.

pathfinder scan --ruleset docker/DOCKER-BP-003 --project .
1
2
3
4
5
6
7
rule.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21

About This Rule

Understanding the vulnerability and how it is detected

This rule detects usage of the deprecated MAINTAINER instruction. The MAINTAINER instruction has been deprecated since Docker 1.13 (January 2017) in favor of using LABEL instructions with standardized metadata keys. Using deprecated features can lead to compatibility issues with newer Docker versions and tooling.

How to Fix

Recommended remediation steps

  • 1Review your Dockerfile to address the deprecated maintainer instruction issue
  • 2Follow Docker official best practices for image building
  • 3Use docker build --check to validate Dockerfile syntax and best practices

References

External resources and documentation

OCI Image Specification - AnnotationsDocker LABEL documentationDocker Deprecated FeaturesLabel Schema Convention (historical reference)

Similar Rules

Explore related security rules for Docker

MEDIUM

Base Image Uses :latest Tag

Base image uses ':latest' tag or no tag (defaults to latest). This makes builds non-reproducible.

LOW

apt-get Without --no-install-recommends

apt-get install without --no-install-recommends. This installs unnecessary packages, increasing image size and attack surface.

MEDIUM

Avoid apt-get upgrade

Avoid apt-get upgrade in Dockerfiles. Use specific base image versions instead.

Frequently Asked Questions

Common questions about Deprecated MAINTAINER Instruction

MAINTAINER instruction is deprecated. Use LABEL org.opencontainers.image.authors instead.
Review the secure code example in the playground above and apply the recommended pattern to your Dockerfile or docker-compose.yml.

New feature

Get these findings posted directly on your GitHub pull requests

The Deprecated MAINTAINER Instruction rule runs in CI and posts inline review comments on the exact lines — no dashboard, no SARIF viewer.

See how it works
Back to Best PracticeAll Languages →