[Snyk] Upgrade react-native-screens from 3.10.2 to 3.31.1 #87
NShiftKey / NShiftKey - Dockerfile & IaC misconfiguration
required action
May 25, 2024 in 10m 57s
Summary
- 30 security issue(s)
- High : 17
- Medium : 2
- Low : 11
Details
NShiftKey
-
'apt-get' missing '--no-install-recommends'
- Description : 'apt-get' install should use '--no-install-recommends' to minimize image size.
- Countermeasure : '--no-install-recommends' flag is missed: 'apt-get install nano'
Target Code : abp/npm/verdaccio-containers/publish-packages/Dockerfile [view change history] [ignore this]
abp/npm/verdaccio-containers/publish-packages/Dockerfile
Lines 9 to 11 in decc254
abp/npm/verdaccio-containers/serve-app/Dockerfile
Lines 7 to 9 in decc254
-
- Description : Running containers with 'root' user can lead to a container escape situation. It is a best practice to run containers as non-root users, which can be done by adding a 'USER' statement to the Dockerfile.
- Countermeasure : Specify at least 1 USER command in Dockerfile with non-root user as argument
https://github.com/2lambda123/abp/blob/decc2544db25193dfdc1c4eb1f04a93950b1c39c/modules/basic-theme/test/Volo.Abp.AspNetCore.Mvc.UI.Bootstrap.Demo/Dockerfile#L0-L1
https://github.com/2lambda123/abp/blob/decc2544db25193dfdc1c4eb1f04a93950b1c39c/modules/cms-kit/database/Dockerfile#L0-L1
https://github.com/2lambda123/abp/blob/decc2544db25193dfdc1c4eb1f04a93950b1c39c/modules/cms-kit/host/Volo.CmsKit.HttpApi.Host/Dockerfile#L0-L1
https://github.com/2lambda123/abp/blob/decc2544db25193dfdc1c4eb1f04a93950b1c39c/modules/cms-kit/host/Volo.CmsKit.IdentityServer/Dockerfile#L0-L1
https://github.com/2lambda123/abp/blob/decc2544db25193dfdc1c4eb1f04a93950b1c39c/modules/docs/app/VoloDocs.Migrator/Dockerfile#L0-L1
https://github.com/2lambda123/abp/blob/decc2544db25193dfdc1c4eb1f04a93950b1c39c/modules/docs/app/VoloDocs.Web/Dockerfile#L0-L1
https://github.com/2lambda123/abp/blob/decc2544db25193dfdc1c4eb1f04a93950b1c39c/npm/verdaccio-containers/publish-packages/Dockerfile#L0-L1
https://github.com/2lambda123/abp/blob/decc2544db25193dfdc1c4eb1f04a93950b1c39c/npm/verdaccio-containers/serve-app/Dockerfile#L0-L1
https://github.com/2lambda123/abp/blob/decc2544db25193dfdc1c4eb1f04a93950b1c39c/templates/module/aspnet-core/database/Dockerfile#L0-L1
https://github.com/2lambda123/abp/blob/decc2544db25193dfdc1c4eb1f04a93950b1c39c/templates/module/aspnet-core/host/MyCompanyName.MyProjectName.AuthServer/Dockerfile#L0-L1
https://github.com/2lambda123/abp/blob/decc2544db25193dfdc1c4eb1f04a93950b1c39c/templates/module/aspnet-core/host/MyCompanyName.MyProjectName.HttpApi.Host/Dockerfile#L0-L1
-
- Description : The instruction 'RUN update' should always be followed by ' install' in the same RUN statement.
- Countermeasure : The instruction 'RUN update' should always be followed by ' install' in the same RUN statement.
abp/npm/verdaccio-containers/publish-packages/Dockerfile
Lines 8 to 10 in decc254
abp/npm/verdaccio-containers/serve-app/Dockerfile
Lines 6 to 8 in decc254
-
- Description : 'apt-get' calls should use the flag '-y' to avoid manual user input.
- Countermeasure : '-y' flag is missed: 'apt-get install nano'
abp/npm/verdaccio-containers/publish-packages/Dockerfile
Lines 9 to 11 in decc254
abp/npm/verdaccio-containers/serve-app/Dockerfile
Lines 7 to 9 in decc254
-
':latest' tag used
- Description : When using a 'FROM' statement you should use a specific tag to avoid uncontrolled behavior when the image is updated.
- Countermeasure : Specify a tag in the 'FROM' statement for image 'mcr.microsoft.com/mssql-tools'
abp/modules/cms-kit/database/Dockerfile
Lines 11 to 13 in decc254
abp/templates/module/aspnet-core/database/Dockerfile
Lines 11 to 13 in decc254
-
No HEALTHCHECK defined
- Description : You should add HEALTHCHECK instruction in your docker container images to perform the health check on running containers.
- Countermeasure : Add HEALTHCHECK instruction in your Dockerfile
https://github.com/2lambda123/abp/blob/decc2544db25193dfdc1c4eb1f04a93950b1c39c/modules/basic-theme/test/Volo.Abp.AspNetCore.Mvc.UI.Bootstrap.Demo/Dockerfile#L0-L1
https://github.com/2lambda123/abp/blob/decc2544db25193dfdc1c4eb1f04a93950b1c39c/modules/cms-kit/database/Dockerfile#L0-L1
https://github.com/2lambda123/abp/blob/decc2544db25193dfdc1c4eb1f04a93950b1c39c/modules/cms-kit/host/Volo.CmsKit.HttpApi.Host/Dockerfile#L0-L1
https://github.com/2lambda123/abp/blob/decc2544db25193dfdc1c4eb1f04a93950b1c39c/modules/cms-kit/host/Volo.CmsKit.IdentityServer/Dockerfile#L0-L1
https://github.com/2lambda123/abp/blob/decc2544db25193dfdc1c4eb1f04a93950b1c39c/modules/docs/app/VoloDocs.Migrator/Dockerfile#L0-L1
https://github.com/2lambda123/abp/blob/decc2544db25193dfdc1c4eb1f04a93950b1c39c/modules/docs/app/VoloDocs.Web/Dockerfile#L0-L1
https://github.com/2lambda123/abp/blob/decc2544db25193dfdc1c4eb1f04a93950b1c39c/npm/verdaccio-containers/publish-packages/Dockerfile#L0-L1
https://github.com/2lambda123/abp/blob/decc2544db25193dfdc1c4eb1f04a93950b1c39c/npm/verdaccio-containers/serve-app/Dockerfile#L0-L1
https://github.com/2lambda123/abp/blob/decc2544db25193dfdc1c4eb1f04a93950b1c39c/templates/module/aspnet-core/database/Dockerfile#L0-L1
https://github.com/2lambda123/abp/blob/decc2544db25193dfdc1c4eb1f04a93950b1c39c/templates/module/aspnet-core/host/MyCompanyName.MyProjectName.AuthServer/Dockerfile#L0-L1
https://github.com/2lambda123/abp/blob/decc2544db25193dfdc1c4eb1f04a93950b1c39c/templates/module/aspnet-core/host/MyCompanyName.MyProjectName.HttpApi.Host/Dockerfile#L0-L1
Loading