Will It Vibe logoWill It Vibe?
DOCKER-006Low severity-4 points

apt-get update in a separate RUN layer

Part of Architecture & Best Practices, which counts for 15% of the overall score. When this check fires it deducts 4 points from that category, once per scan, no matter how many places it turns up.

What it detects

apt-get update runs in its own RUN, separate from install. The cached update layer can be reused while install pulls stale package versions.

Why it matters

When apt-get update runs in its own RUN, Docker can reuse that cached layer on a later build while the separate install layer pulls package versions that no longer match the cached index. This is the classic stale-cache bug that causes intermittent build failures.

How to fix it

Put apt-get update and apt-get install in a single RUN chained with && so they are cached and invalidated as a unit. Add --no-install-recommends and the apt-lists cleanup in the same RUN.

The paid report includes a ready-to-paste prompt for your AI coding agent for every check it finds, pointed at the exact findings from your scan. See pricing

Does your repo trip this check?

Paste a GitHub URL or drop a project folder. Scans run in your browser and take seconds.

Scan your repo

Related Architecture & Best Practices checks