We have integrated the Semgrep Dockerfile ruleset into our existing --lint flag.

depot build --lint --lint-fail-on warn .

The Semgrep integration is in addition to our existing Hadolint integration. When you run depot build --lint, we will run Hadolint and Semgrep and return a combined list of issues. You can also use the --lint-fail-on flag to set the severity level at which you want to fail your build.