[Penify]: Setting up Automated AI-Driven Documentation for GitHub! #9
NShiftKey / NShiftKey - Dockerfile & IaC misconfiguration
required action
Aug 3, 2024 in 4m 31s
Summary
- 7 security issue(s)
- High : 3
- Medium : 2
- Low : 2
Details
NShiftKey
-
'apt-get' missing '--no-install-recommends'
- Description : 'apt-get' install should use '--no-install-recommends' to minimize image size.
- Countermeasure : '--no-install-recommends' flag is missed: 'apt-get -y update && DEBIAN_FRONTEND=noninteractive apt-get install -y build-essential cmake git python3 doxygen graphviz upx openssl libssl-dev zlib1g-dev autoconf automake pkg-config m4 libtool python-is-python3'
- Target Code : avast-retdec/Dockerfile [view change history] [ignore this]
Lines 6 to 15 in 5880ece
Β Β - Target Code : avast-retdec/Dockerfile [view change history] [ignore this]
Lines 40 to 44 in 5880ece
Β Β - Target Code : avast-retdec/Dockerfile.dev [view change history] [ignore this]
Lines 6 to 15 in 5880ece
Β Β
- Target Code : avast-retdec/Dockerfile [view change history] [ignore this]
-
'RUN cd ...' to change directory
- Description : Use WORKDIR instead of proliferating instructions like 'RUN cd β¦ && do-something', which are hard to read, troubleshoot, and maintain.
- Countermeasure : RUN should not be used to change directory: 'git clone https://github.com/avast/retdec && cd retdec && mkdir build && cd build && cmake .. -DCMAKE_INSTALL_PREFIX=/home/retdec/retdec-install -DCMAKE_LIBRARY_PATH=/usr/lib/gcc/x86_64-linux-gnu/7/ -DCMAKE_BUILD_TYPE=Release && make -j$(nproc) && make install'. Use 'WORKDIR' statement instead.
- Target Code : avast-retdec/Dockerfile [view change history] [ignore this]
Lines 26 to 34 in 5880ece
Β Β - Target Code : avast-retdec/Dockerfile.dev [view change history] [ignore this]
Lines 32 to 39 in 5880ece
Β Β
- Target Code : avast-retdec/Dockerfile [view change history] [ignore this]
-
No HEALTHCHECK defined
- Description : You should add HEALTHCHECK instruction in your docker container images to perform the health check on running containers.
- Countermeasure : Add HEALTHCHECK instruction in your Dockerfile
- Target Code : avast-retdec/Dockerfile [view change history] [ignore this]
https://github.com/2lambda123/avast-retdec/blob/5880ece2f80bb8ada5c4592613a8fa9f1ab0146d/Dockerfile#L0-L1
Β Β - Target Code : avast-retdec/Dockerfile.dev [view change history] [ignore this]
https://github.com/2lambda123/avast-retdec/blob/5880ece2f80bb8ada5c4592613a8fa9f1ab0146d/Dockerfile.dev#L0-L1
Β Β
- Target Code : avast-retdec/Dockerfile [view change history] [ignore this]
Loading