AI Docs Bundle
Join Our Community Slack Contact
Learning Labs

Getting Started with Chainguard's Dockerfile Converter

Learning Lab for August 2025 on DFC, a tool to convert Dockerfiles to use Chainguard Containers
  4 min read
Learning Labs Chainguard Containers dfc

The August 2025 Learning Lab with Erika Heidi covers DFC, or Dockerfile Converter, an open source tool created by the Chainguard team to facilitate migration to Chainguard Containers. In this session, learn how to install and use DFC to effectively convert your Dockerfiles to use minimal container images from Chainguard. Erika demonstrates how to use various flags to customize DFC’s output and also how to connect the DFC MCP server to your AI assistant to have DFC functionality integrated within your current AI workflow.

Sections

  • 0:00 Introduction
  • 1:28 What is DFC?
  • 3:42 Why Convert to Chainguard Containers
  • 5:26 How DFC works
  • 9:22 Tag Mappings
  • 12:54 Installation
  • 15:45 Demo 1: Basic Usage
  • 21:50 Customizing DFC’s Output
  • 23:45 Demo 2: Customizing with Flags
  • 28:55 Using DFC as a Go library
  • 30:05 Using the DFC MCP server with an AI code assistant
  • 32:19 Demo 3: Multi-stage Dockerfile conversion
  • 36:29 Demo 4: Using DFC’s MCP server with Claude Code
  • 41:00 Q&A starts
  • 52:54 Closing Notes

Demo 1

In the first demo, Erika demonstrates DFC’s basic usage with a few inline conversions:

Converting a single FROM line:

echo "FROM node" | dfc -

Converting a single RUN line:

echo "RUN apt-get update && apt-get install -y nano" | dfc -

Erika also demonstrates how to run DFC to convert a whole Dockerfile. You can use this Python Dockerfile as a reference:

FROM python:3.9

ADD main.py .

RUN pip install requests beautifulsoup4 python-dotenv

CMD ["python", "./main.py"]

To convert this Dockerfile, run:

dfc Dockerfile

Demo 2

In the second demo, Erika shows how to use various flags to customize output produced by DFC.

Specifying the org

To specify the org and overwrite the ORG placeholder, you can use the --org flag:

dfc Dockerfile --org chainguard

Using a custom mappings file

Sometimes, it might be useful to overwrite default mappings for images and packages. For example, let’s consider the following Dockerfile for a php-fpm environment:

FROM php:fpm

RUN apt-get update && apt-get install -y \
    git \
    curl \
    libxml2-dev \
    zip \
    unzip

# Install Composer and set up application
COPY --from=composer:latest /usr/bin/composer /usr/bin/composer
RUN mkdir /application
COPY . /application/
RUN cd /application && composer install

With default settings, DFC will use Chainguard’s php:latest-dev image for this environment, but we’d like it to use php:latest-fpm-dev instead. Create a mappings file such as this:

images:
    php:fpm: php:latest-fpm-dev

Then you can provide it alongside the --mappings flag when running DFC:

dfc --mappings="custom-mappings.yaml" Dockerfile

Demo 3

The third demo shows how to convert multi-stage builds and how to connect the DFC MCP server to your AI assistant, using Claude Code as example.

Converting Multi-stage Dockerfiles

Consider the following Dockerfile as example:

FROM python:3.9 as builder
WORKDIR /app

RUN apt update && apt install -y curl git

ENV PATH="/venv/bin:$PATH"
RUN python -m venv /app/venv

COPY requirements.txt /app

RUN pip install --no-cache-dir -r requirements.txt

FROM python:3.9-slim
WORKDIR /app

ENV PATH="/venv/bin:$PATH"

COPY main.py /app
COPY --from=builder /app/venv /venv

CMD ["python", "/app/main.py"]

This example builds a runtime in two stages. To convert, run DFC as usual:

dfc Dockerfile --org chainguard

The expected result:

FROM cgr.dev/chainguard/python:3.9-dev AS builder
USER root
WORKDIR /app

RUN apk add --no-cache curl git

ENV PATH="/venv/bin:$PATH"
RUN python -m venv /app/venv

COPY requirements.txt /app

RUN pip install --no-cache-dir -r requirements.txt

FROM cgr.dev/chainguard/python:3.9-dev
USER root
WORKDIR /app

RUN apk add --no-cache curl git

ENV PATH="/venv/bin:$PATH"

COPY main.py /app
COPY --from=builder /app/venv /venv

CMD ["python", "/app/main.py"]

DFC MCP Server (Claude Code)

To build the MCP server that is included with DFC, access the project directory, then enter the mcp-server folder and run:

go build -o mcp-server .

To add the DFC MCP server to Claude Code per project, run:

claude mcp add dfc -- ~/dfc/mcp-server/mcp-server

To add the DFC MCP server to Claude Code system-wide for your user, run:

claude mcp add dfc -s user -- ~/dfc/mcp-server/mcp-server

After that, you’ll be able to ask Claude to convert your Dockerfiles to use Chainguard Images, and the task should be proxied through the DFC MCP server.

Resources

Related Articles

Build Go Containers with Ko

In this tutorial, you'll learn how to build minimal Go Containers using Ko and Chainguard base images

  6 min read

Last updated: 2025-08-28 12:30

Chainguard Trademark Use Policy Prev   AI with Hardened Container Images   Next