# DOCKER-BP-027: Avoid --platform Flag with FROM

> **Severity:** LOW | **CWE:** CWE-710

- **Language:** Docker
- **Category:** Best Practice
- **URL:** https://codepathfinder.dev/registry/docker/best-practice/DOCKER-BP-027
- **Detection:** `pathfinder scan --ruleset docker/DOCKER-BP-027 --project .`

## Description

Detects use of --platform flag in FROM instructions. Hardcoding platform
reduces portability and prevents Docker from automatically selecting the
appropriate platform for multi-architecture builds.

## Vulnerable Code

```python
# Bad: Hardcoded platform prevents portability
FROM --platform=linux/amd64 ubuntu:22.04
RUN apt-get update && apt-get install -y nginx
```

## Secure Code

```python
# Good: Let Docker handle platform selection automatically
FROM ubuntu:22.04
RUN apt-get update && apt-get install -y nginx

# Docker automatically pulls correct image for:
# - linux/amd64 on x86_64 systems
# - linux/arm64 on ARM systems
```

## Detection Rule (Python SDK)

```python
from rules.container_decorators import dockerfile_rule
from rules.container_matchers import instruction


@dockerfile_rule(
    id="DOCKER-BP-027",
    name="Avoid --platform Flag with FROM",
    severity="LOW",
    cwe="CWE-710",
    category="best-practice",
    tags="docker,dockerfile,from,platform,multi-arch,portability,buildx,architecture,best-practice",
    message="FROM with --platform flag reduces portability. Let Docker handle platform selection."
)
def avoid_platform_with_from():
    return instruction(type="FROM", contains="--platform")
```

## How to Fix

- Review your Dockerfile to address the avoid --platform flag with from issue
- Follow Docker official best practices for image building
- Use docker build --check to validate Dockerfile syntax and best practices

## FAQ

**Q: Why does this rule flag avoid --platform flag with from?**

FROM with --platform flag reduces portability. Let Docker handle platform selection.

**Q: How do I fix this?**

Review the secure code example in the playground above and apply the recommended pattern to your Dockerfile or docker-compose.yml.

## References

- [Docker Best Practices](https://docs.docker.com/develop/develop-images/dockerfile_best-practices/)
- [Docker Buildx documentation](https://docs.docker.com/build/buildx/)

---

Source: https://codepathfinder.dev/registry/docker/best-practice/DOCKER-BP-027
Code Pathfinder — Open source, type-aware SAST with cross-file dataflow analysis