DL3035 - Avoid zypper dist-upgrade

Description

zypper dist-upgrade (or zypper dup) can upgrade the base system beyond expected versions and should not be used in Docker builds.

Goals

• Preserve the stability of the chosen base image.
• Prevent unexpected package upgrades during the build process.

Specification

1. Iterate over each RUN instruction and split it into shell command segments.
2. For every segment beginning with zypper, check whether the second token is dist-upgrade or dup.
3. If such a segment is found, emit DL3035 at the line of the RUN instruction with the message Do not usezypper dist-upgrade.

(c) 2025 Asymmetric Effort, LLC. scaldwell@asymmetric-effort.com