diff --git a/rules/docker/policies/apt_get_missing_no_install_recommends.rego b/rules/docker/policies/apt_get_missing_no_install_recommends.rego
index de93a99b6..2e831729d 100644
--- a/rules/docker/policies/apt_get_missing_no_install_recommends.rego
+++ b/rules/docker/policies/apt_get_missing_no_install_recommends.rego
@@ -68,6 +68,10 @@ no_install_flag := `--no-install-recommends`
 
 optional_not_related_flags := `\s*(-(-)?[a-zA-Z]+\s*)*`
 
+# https://www.debian.org/doc/debian-policy/ch-controlfields.html#s-f-source
+# https://www.debian.org/doc/debian-policy/ch-controlfields.html#version
+pkgs := `([a-z\d][a-z\d+\-.]+(?:=[\w.+\-~:]+)?\s*)*`
+
 combined_flags := sprintf(`%s%s%s`, [optional_not_related_flags, no_install_flag, optional_not_related_flags])
 
 # flags before command
@@ -81,3 +85,9 @@ includes_no_install_recommends(command) {
 	install_regexp := sprintf(`apt-get%sinstall%s`, [optional_not_related_flags, combined_flags])
 	regex.match(install_regexp, command)
 }
+
+# flags after pkgs
+includes_no_install_recommends(command) {
+	install_regexp := sprintf(`apt-get%sinstall%s%s%s`, [optional_not_related_flags, optional_not_related_flags, pkgs, combined_flags])
+	regex.match(install_regexp, command)
+}
diff --git a/rules/docker/policies/apt_get_missing_no_install_recommends_test.rego b/rules/docker/policies/apt_get_missing_no_install_recommends_test.rego
index 30ae8f18d..f82509b58 100644
--- a/rules/docker/policies/apt_get_missing_no_install_recommends_test.rego
+++ b/rules/docker/policies/apt_get_missing_no_install_recommends_test.rego
@@ -103,3 +103,17 @@ test_chained_allowed {
 
 	count(r) == 0
 }
+
+test_flags_after_pkgs_allowed {
+	r := deny with input as {"Stages": [{"Name": "debian:11-slim", "Commands": [
+		{
+			"Cmd": "from",
+			"Value": ["debian:11-slim"],
+		},
+		{
+			"Cmd": "run",
+			"Value": ["apt-get update && DEBIAN_FRONTEND=noninteractive apt-get install -y tzdata postgresql-10 --no-install-recommends && rm -rf /var/lib/apt/lists/*"],
+		},
+	]}]}
+	count(r) == 0
+}