hadolint/DL3020¶

Use COPY instead of ADD for files and folders.

Property	Value
Severity	Error
Category	Best Practice
Default	Enabled
Auto-fix	Yes (`--fix`)

Description¶

For files and directories that do not require ADD's tar auto-extraction capability, you should always use COPY. COPY is more transparent and predictable than ADD, since it only supports basic copying of files into the container.

Exception: ADD is appropriate for local tar file auto-extraction into the image.

Examples¶

Problematic code¶

FROM python:3.4
ADD requirements.txt /usr/src/app/

Correct code¶

FROM python:3.4
COPY requirements.txt /usr/src/app/

Auto-fix¶

Replaces the ADD keyword with COPY, preserving all flags, sources, and destination unchanged.

Safe fix (FixSafe): Always correct for local file/directory sources since COPY and ADD behave identically for non-URL, non-tar sources.

# Before
ADD --chown=app:app src/ /app/

# After (with --fix)
COPY --chown=app:app src/ /app/

The fix preserves instruction casing (ADD → COPY, add → copy).

Reference¶

hadolint/DL3020