DL3032 - Run yum clean all

Description

After using yum to install packages, the cache should be cleared to prevent unnecessary data from persisting in the image layer.

Goals

• Minimize image size by removing cached package data.
• Ensure cache cleanup happens in the same layer as the install.

Specification

1. Iterate over every RUN instruction in the Dockerfile.
2. Split each instruction into individual shell command segments.
3. For each RUN instruction:
4. Detect if any segment performs a yum install operation.
5. Verify that within the same instruction another segment executes either:
   • yum clean all, or
   • rm -rf /var/cache/yum/*.
6. If a yum install occurs without the required cleanup, emit DL3032 at the line of the RUN instruction with the message `yum clean all` missing after yum command.

(c) 2025 Asymmetric Effort, LLC. scaldwell@asymmetric-effort.com