add vuln #5
Annotations
9 warnings
kics-action
Node.js 16 actions are deprecated. Please update the following actions to use Node.js 20: actions/checkout@v3. For more information see: https://github.blog/changelog/2023-09-22-github-actions-transitioning-from-node-16-to-node-20/.
|
[HIGH] Missing User Instruction:
vulns/positive.dockerfile#L1
A user should be specified in the dockerfile, otherwise the image will run as root
|
[HIGH] Missing User Instruction:
vulns/positive2.dockerfile#L1
A user should be specified in the dockerfile, otherwise the image will run as root
|
[MEDIUM] Unpinned Package Version in Apk Add:
vulns/positive.dockerfile#L2
Package version pinning reduces the range of versions that can be installed, reducing the chances of failure due to unanticipated changes
|
[MEDIUM] Unpinned Package Version in Apk Add:
vulns/positive2.dockerfile#L2
Package version pinning reduces the range of versions that can be installed, reducing the chances of failure due to unanticipated changes
|
[LOW] Healthcheck Instruction Missing:
vulns/positive.dockerfile#L1
Ensure that HEALTHCHECK is being used. The HEALTHCHECK instruction tells Docker how to test a container to check that it is still working
|
[LOW] Healthcheck Instruction Missing:
vulns/positive2.dockerfile#L1
Ensure that HEALTHCHECK is being used. The HEALTHCHECK instruction tells Docker how to test a container to check that it is still working
|
[INFO] Apk Add Using Local Cache Path:
vulns/positive2.dockerfile#L2
When installing packages, use the '--no-cache' switch to avoid the need to use '--update' and remove '/var/cache/apk/*'
|
[INFO] Apk Add Using Local Cache Path:
vulns/positive.dockerfile#L2
When installing packages, use the '--no-cache' switch to avoid the need to use '--update' and remove '/var/cache/apk/*'
|