Update google signing key.
Wiz IaC Scanner
Revealing IaC misconfigurations with Wiz
IaC Misconfigurations Detected: 13
Annotations
Check warning on line 13 in Dockerfile
wiz-inc-b08cf2810f / Wiz IaC Scanner
Apt Get Install Pin Version Not Defined
Rule ID: 02336ad4-e0c7-4430-99d8-80345d73a0be
Severity: Medium
Resource: FROM={{cimg/php:${PHPVERSION}-browsers}}.RUN={{wget -q -O - https://dl.google.com/linux/linux_signing_key.pub | apt-key add - && apt-get update && apt-get install -y dnsutils libmagickwand-dev libzip-dev libsodium-dev libpng-dev libfreetype6-dev zlib1g-dev libicu-dev libxml2-dev g++ git}}
When installing a package, its pin version should be defined
Raw output
Expected: Package 'libpng-dev' has version defined
Found: Package 'libpng-dev' does not have version defined
Check warning on line 13 in Dockerfile
wiz-inc-b08cf2810f / Wiz IaC Scanner
Apt Get Install Pin Version Not Defined
Rule ID: 02336ad4-e0c7-4430-99d8-80345d73a0be
Severity: Medium
Resource: FROM={{cimg/php:${PHPVERSION}-browsers}}.RUN={{wget -q -O - https://dl.google.com/linux/linux_signing_key.pub | apt-key add - && apt-get update && apt-get install -y dnsutils libmagickwand-dev libzip-dev libsodium-dev libpng-dev libfreetype6-dev zlib1g-dev libicu-dev libxml2-dev g++ git}}
When installing a package, its pin version should be defined
Raw output
Expected: Package 'libicu-dev' has version defined
Found: Package 'libicu-dev' does not have version defined
Check warning on line 13 in Dockerfile
wiz-inc-b08cf2810f / Wiz IaC Scanner
Apt Get Install Pin Version Not Defined
Rule ID: 02336ad4-e0c7-4430-99d8-80345d73a0be
Severity: Medium
Resource: FROM={{cimg/php:${PHPVERSION}-browsers}}.RUN={{wget -q -O - https://dl.google.com/linux/linux_signing_key.pub | apt-key add - && apt-get update && apt-get install -y dnsutils libmagickwand-dev libzip-dev libsodium-dev libpng-dev libfreetype6-dev zlib1g-dev libicu-dev libxml2-dev g++ git}}
When installing a package, its pin version should be defined
Raw output
Expected: Package 'g++' has version defined
Found: Package 'g++' does not have version defined
Check warning on line 13 in Dockerfile
wiz-inc-b08cf2810f / Wiz IaC Scanner
Apt Get Install Pin Version Not Defined
Rule ID: 02336ad4-e0c7-4430-99d8-80345d73a0be
Severity: Medium
Resource: FROM={{cimg/php:${PHPVERSION}-browsers}}.RUN={{wget -q -O - https://dl.google.com/linux/linux_signing_key.pub | apt-key add - && apt-get update && apt-get install -y dnsutils libmagickwand-dev libzip-dev libsodium-dev libpng-dev libfreetype6-dev zlib1g-dev libicu-dev libxml2-dev g++ git}}
When installing a package, its pin version should be defined
Raw output
Expected: Package 'dnsutils' has version defined
Found: Package 'dnsutils' does not have version defined
Check warning on line 13 in Dockerfile
wiz-inc-b08cf2810f / Wiz IaC Scanner
Apt Get Install Pin Version Not Defined
Rule ID: 02336ad4-e0c7-4430-99d8-80345d73a0be
Severity: Medium
Resource: FROM={{cimg/php:${PHPVERSION}-browsers}}.RUN={{wget -q -O - https://dl.google.com/linux/linux_signing_key.pub | apt-key add - && apt-get update && apt-get install -y dnsutils libmagickwand-dev libzip-dev libsodium-dev libpng-dev libfreetype6-dev zlib1g-dev libicu-dev libxml2-dev g++ git}}
When installing a package, its pin version should be defined
Raw output
Expected: Package 'libxml2-dev' has version defined
Found: Package 'libxml2-dev' does not have version defined
Check warning on line 13 in Dockerfile
wiz-inc-b08cf2810f / Wiz IaC Scanner
Apt Get Install Pin Version Not Defined
Rule ID: 02336ad4-e0c7-4430-99d8-80345d73a0be
Severity: Medium
Resource: FROM={{cimg/php:${PHPVERSION}-browsers}}.RUN={{wget -q -O - https://dl.google.com/linux/linux_signing_key.pub | apt-key add - && apt-get update && apt-get install -y dnsutils libmagickwand-dev libzip-dev libsodium-dev libpng-dev libfreetype6-dev zlib1g-dev libicu-dev libxml2-dev g++ git}}
When installing a package, its pin version should be defined
Raw output
Expected: Package 'zlib1g-dev' has version defined
Found: Package 'zlib1g-dev' does not have version defined
Check warning on line 13 in Dockerfile
wiz-inc-b08cf2810f / Wiz IaC Scanner
Apt Get Install Pin Version Not Defined
Rule ID: 02336ad4-e0c7-4430-99d8-80345d73a0be
Severity: Medium
Resource: FROM={{cimg/php:${PHPVERSION}-browsers}}.RUN={{wget -q -O - https://dl.google.com/linux/linux_signing_key.pub | apt-key add - && apt-get update && apt-get install -y dnsutils libmagickwand-dev libzip-dev libsodium-dev libpng-dev libfreetype6-dev zlib1g-dev libicu-dev libxml2-dev g++ git}}
When installing a package, its pin version should be defined
Raw output
Expected: Package 'git' has version defined
Found: Package 'git' does not have version defined
Check warning on line 13 in Dockerfile
wiz-inc-b08cf2810f / Wiz IaC Scanner
Apt Get Install Pin Version Not Defined
Rule ID: 02336ad4-e0c7-4430-99d8-80345d73a0be
Severity: Medium
Resource: FROM={{cimg/php:${PHPVERSION}-browsers}}.RUN={{wget -q -O - https://dl.google.com/linux/linux_signing_key.pub | apt-key add - && apt-get update && apt-get install -y dnsutils libmagickwand-dev libzip-dev libsodium-dev libpng-dev libfreetype6-dev zlib1g-dev libicu-dev libxml2-dev g++ git}}
When installing a package, its pin version should be defined
Raw output
Expected: Package 'libsodium-dev' has version defined
Found: Package 'libsodium-dev' does not have version defined
Check warning on line 13 in Dockerfile
wiz-inc-b08cf2810f / Wiz IaC Scanner
Apt Get Install Pin Version Not Defined
Rule ID: 02336ad4-e0c7-4430-99d8-80345d73a0be
Severity: Medium
Resource: FROM={{cimg/php:${PHPVERSION}-browsers}}.RUN={{wget -q -O - https://dl.google.com/linux/linux_signing_key.pub | apt-key add - && apt-get update && apt-get install -y dnsutils libmagickwand-dev libzip-dev libsodium-dev libpng-dev libfreetype6-dev zlib1g-dev libicu-dev libxml2-dev g++ git}}
When installing a package, its pin version should be defined
Raw output
Expected: Package 'libfreetype6-dev' has version defined
Found: Package 'libfreetype6-dev' does not have version defined
Check warning on line 13 in Dockerfile
wiz-inc-b08cf2810f / Wiz IaC Scanner
Apt Get Install Pin Version Not Defined
Rule ID: 02336ad4-e0c7-4430-99d8-80345d73a0be
Severity: Medium
Resource: FROM={{cimg/php:${PHPVERSION}-browsers}}.RUN={{wget -q -O - https://dl.google.com/linux/linux_signing_key.pub | apt-key add - && apt-get update && apt-get install -y dnsutils libmagickwand-dev libzip-dev libsodium-dev libpng-dev libfreetype6-dev zlib1g-dev libicu-dev libxml2-dev g++ git}}
When installing a package, its pin version should be defined
Raw output
Expected: Package 'libmagickwand-dev' has version defined
Found: Package 'libmagickwand-dev' does not have version defined
Check warning on line 13 in Dockerfile
wiz-inc-b08cf2810f / Wiz IaC Scanner
Apt Get Install Pin Version Not Defined
Rule ID: 02336ad4-e0c7-4430-99d8-80345d73a0be
Severity: Medium
Resource: FROM={{cimg/php:${PHPVERSION}-browsers}}.RUN={{wget -q -O - https://dl.google.com/linux/linux_signing_key.pub | apt-key add - && apt-get update && apt-get install -y dnsutils libmagickwand-dev libzip-dev libsodium-dev libpng-dev libfreetype6-dev zlib1g-dev libicu-dev libxml2-dev g++ git}}
When installing a package, its pin version should be defined
Raw output
Expected: Package 'libzip-dev' has version defined
Found: Package 'libzip-dev' does not have version defined
Check notice on line 13 in Dockerfile
wiz-inc-b08cf2810f / Wiz IaC Scanner
APT-GET Not Avoiding Additional Packages
Rule ID: 5ca54f8d-7ba6-4d52-a291-22f783afb5f2
Severity: None
Resource: FROM={{cimg/php:${PHPVERSION}-browsers}}.{{RUN wget -q -O - https://dl.google.com/linux/linux_signing_key.pub | apt-key add - && apt-get update && apt-get install -y dnsutils libmagickwand-dev libzip-dev libsodium-dev libpng-dev libfreetype6-dev zlib1g-dev libicu-dev libxml2-dev g++ git}}
Check if any apt-get installs don't use '--no-install-recommends' flag to avoid installing additional packages.
Raw output
Expected: 'RUN wget -q -O - https://dl.google.com/linux/linux_signing_key.pub | apt-key add - && apt-get update && apt-get install -y dnsutils libmagickwand-dev libzip-dev libsodium-dev libpng-dev libfreetype6-dev zlib1g-dev libicu-dev libxml2-dev g++ git' uses '--no-install-recommends' flag to avoid installing additional packages
Found: 'RUN wget -q -O - https://dl.google.com/linux/linux_signing_key.pub | apt-key add - && apt-get update && apt-get install -y dnsutils libmagickwand-dev libzip-dev libsodium-dev libpng-dev libfreetype6-dev zlib1g-dev libicu-dev libxml2-dev g++ git' does not use '--no-install-recommends' flag to avoid installing additional packages
Check notice on line 13 in Dockerfile
wiz-inc-b08cf2810f / Wiz IaC Scanner
Apt Get Install Lists Were Not Deleted
Rule ID: 24dfd10b-93af-429f-b8ce-e88df9879db9
Severity: None
Resource: FROM={{cimg/php:${PHPVERSION}-browsers}}.RUN={{wget -q -O - https://dl.google.com/linux/linux_signing_key.pub | apt-key add - && apt-get update && apt-get install -y dnsutils libmagickwand-dev libzip-dev libsodium-dev libpng-dev libfreetype6-dev zlib1g-dev libicu-dev libxml2-dev g++ git}}
After using apt-get install, it is needed to delete apt-get lists
Raw output
Expected: After using apt-get install, the apt-get lists should be deleted
Found: After using apt-get install, the apt-get lists were not deleted