# DOCKER-BP-003: Deprecated MAINTAINER Instruction

> **Severity:** INFO | **CWE:** CWE-710

- **Language:** Docker
- **Category:** Best Practice
- **URL:** https://codepathfinder.dev/registry/docker/best-practice/DOCKER-BP-003
- **Detection:** `pathfinder scan --ruleset docker/DOCKER-BP-003 --project .`

## Description

This rule detects usage of the deprecated MAINTAINER instruction. The MAINTAINER
instruction has been deprecated since Docker 1.13 (January 2017) in favor of using
LABEL instructions with standardized metadata keys. Using deprecated features can
lead to compatibility issues with newer Docker versions and tooling.

## Vulnerable Code

```python
FROM ubuntu:22.04

# Deprecated: Old-style maintainer
MAINTAINER John Doe <john@example.com>

RUN apt-get update && apt-get install -y nginx
CMD ["nginx", "-g", "daemon off;"]
```

## Detection Rule (Python SDK)

```python
from rules.container_decorators import dockerfile_rule
from rules.container_matchers import instruction


@dockerfile_rule(
    id="DOCKER-BP-003",
    name="Deprecated MAINTAINER Instruction",
    severity="INFO",
    cwe="CWE-710",
    category="best-practice",
    tags="docker,dockerfile,maintainer,label,deprecated,metadata,best-practice,oci,standards,legacy",
    message="MAINTAINER instruction is deprecated. Use LABEL org.opencontainers.image.authors instead."
)
def maintainer_deprecated():
    """
    Detects usage of deprecated MAINTAINER instruction.

    The MAINTAINER instruction is deprecated since Docker 1.13 in favor
    of LABEL instructions with standardized OCI metadata keys.
    """
    return instruction(type="MAINTAINER")
```

## How to Fix

- Review your Dockerfile to address the deprecated maintainer instruction issue
- Follow Docker official best practices for image building
- Use docker build --check to validate Dockerfile syntax and best practices

## FAQ

**Q: Why does this rule flag deprecated maintainer instruction?**

MAINTAINER instruction is deprecated. Use LABEL org.opencontainers.image.authors instead.

**Q: How do I fix this?**

Review the secure code example in the playground above and apply the recommended pattern to your Dockerfile or docker-compose.yml.

## References

- [OCI Image Specification - Annotations](https://github.com/opencontainers/image-spec/blob/main/annotations.md)
- [Docker LABEL documentation](https://docs.docker.com/reference/dockerfile/#label)
- [Docker Deprecated Features](https://docs.docker.com/engine/deprecated/)
- [Label Schema Convention (historical reference)](https://label-schema.org/)

---

Source: https://codepathfinder.dev/registry/docker/best-practice/DOCKER-BP-003
Code Pathfinder — Open source, type-aware SAST with cross-file dataflow analysis