50 lines
4 KiB
Text
50 lines
4 KiB
Text
|
|
Report Summary
|
|
|
|
┌────────────┬────────────┬───────────────────┐
|
|
│ Target │ Type │ Misconfigurations │
|
|
├────────────┼────────────┼───────────────────┤
|
|
│ Dockerfile │ dockerfile │ 3 │
|
|
└────────────┴────────────┴───────────────────┘
|
|
Legend:
|
|
- '-': Not scanned
|
|
- '0': Clean (no security findings detected)
|
|
|
|
|
|
Dockerfile (dockerfile)
|
|
=======================
|
|
Tests: 27 (SUCCESSES: 24, FAILURES: 3)
|
|
Failures: 3 (UNKNOWN: 0, LOW: 1, MEDIUM: 0, HIGH: 2, CRITICAL: 0)
|
|
|
|
AVD-DS-0002 (HIGH): Specify at least 1 USER command in Dockerfile with non-root user as argument
|
|
═══════════════════════════════════════════════════════════════════════════════════════════
|
|
Running containers with 'root' user can lead to a container escape situation. It is a best practice to run containers as non-root users, which can be done by adding a 'USER' statement to the Dockerfile.
|
|
|
|
See https://avd.aquasec.com/misconfig/ds002
|
|
───────────────────────────────────────────────────────────────────────────────────────────
|
|
|
|
|
|
AVD-DS-0026 (LOW): Add HEALTHCHECK instruction in your Dockerfile
|
|
═══════════════════════════════════════════════════════════════════════════════════════════
|
|
You should add HEALTHCHECK instruction in your docker container images to perform the health check on running containers.
|
|
|
|
See https://avd.aquasec.com/misconfig/ds026
|
|
───────────────────────────────────────────────────────────────────────────────────────────
|
|
|
|
|
|
AVD-DS-0029 (HIGH): '--no-install-recommends' flag is missed: 'apt-get update && apt-get install -y gcc g++ libpq-dev && rm -rf /var/lib/apt/lists/*'
|
|
═══════════════════════════════════════════════════════════════════════════════════════════
|
|
'apt-get' install should use '--no-install-recommends' to minimize image size.
|
|
|
|
See https://avd.aquasec.com/misconfig/ds029
|
|
───────────────────────────────────────────────────────────────────────────────────────────
|
|
Dockerfile:5-9
|
|
───────────────────────────────────────────────────────────────────────────────────────────
|
|
5 ┌ RUN apt-get update && apt-get install -y \
|
|
6 │ gcc \
|
|
7 │ g++ \
|
|
8 │ libpq-dev \
|
|
9 └ && rm -rf /var/lib/apt/lists/*
|
|
───────────────────────────────────────────────────────────────────────────────────────────
|
|
|
|
|