DL3009 : Delete the APT lists after installing packages

Description

After installing packages with apt-get or apt, remove /var/lib/apt/lists in the same layer to keep images small and reduce attack surface.

Goals

• Minimize image size by cleaning up package list cache.
• Prevent stale package metadata from remaining in the final image.

Specification

1. Inspect each RUN instruction.
2. Split the instruction into command segments on shell connectors and lowercase each token.
3. Track the last segment that performs apt-get install or apt install and the last segment that removes /var/lib/apt/lists.
4. A cleanup segment deletes /var/lib/apt/lists using rm with -r/-rf (any order) or find with -delete.
5. If an apt install occurs and no subsequent cleanup segment appears, emit DL3009 at the instruction line.

(c) 2025 Asymmetric Effort, LLC. scaldwell@asymmetric-effort.com