Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

AC_DOCKER_0001 Trigger for no reason #1103

Closed
jynolen opened this issue Dec 21, 2021 · 2 comments
Closed

AC_DOCKER_0001 Trigger for no reason #1103

jynolen opened this issue Dec 21, 2021 · 2 comments

Comments

@jynolen
Copy link

jynolen commented Dec 21, 2021

  • terrascan version: v1.12.0
  • Operating System: Ubuntu

Description

I just got a small Dockerfile and I got wome warning about flag I shouldn't use, and in fact I don't

What I Did

terrascan init
terrascan scan
Violation Details -

        Description    :        Ensure platform flag with FROM command is not used for Docker file
        File           :        Dockerfile
        Line           :        3
        Severity       :        MEDIUM
        -----------------------------------------------------------------------

        Description    :        Ensure platform flag with FROM command is not used for Docker file
        File           :        Dockerfile
        Line           :        11
        Severity       :        MEDIUM
        -----------------------------------------------------------------------

        Description    :        Ensure apt is not used with RUN command for Docker file
        File           :        Dockerfile
        Line           :        13
        Severity       :        MEDIUM
        -----------------------------------------------------------------------

Source Dockerfile

########################################
FROM base_ubuntu AS validate_gpg

COPY .pipeline /pipeline

RUN gpg --import /pipeline/hashicorp.gpg
RUN gpg --import /pipeline/tfsec.gpg

########################################
FROM validate_gpg AS validate_python

RUN apt install -y python3-dev python3-pip
RUN pip3  --no-cache-dir install-r /pipeline/requirements.txt
@jynolen
Copy link
Author

jynolen commented Dec 21, 2021

Additional comment.

After doing I found that I have a python script that contain "platform" keyword

grep -r platform
.pipeline/terraform.provider.downloader.py:import platform
.pipeline/terraform.provider.downloader.py:    system = platform.system().lower()
.pipeline/terraform.provider.downloader.py:    arch = ARCH.get(platform.machine())
.pipeline/terraform.provider.downloader.py:        next(filter(lambda os: os["os"] == system and os["arch"] == arch, provider_version_manifest["platforms"]))
```

@jynolen
Copy link
Author

jynolen commented Dec 21, 2021

Closing in favor of #1099 Because after rerun with output yaml just saw that this is the same case

@jynolen jynolen closed this as completed Dec 21, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@jynolen