Fix code scanning alert - Prefer COPY over ADD for copying local resources #4354
Comments
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
{{ message }}
Prefer COPY over ADD for copying local resources in addons/dynamic-mount/ossfs/docker/Dockerfile:21
In Dockerfiles, it is recommended to use the COPY instruction over the ADD instruction for copying local resources. The COPY instruction is more straightforward and less prone to errors, making it a better choice for copying local files and directories into a Docker image.
why
Using the ADD instruction instead of COPY for local resources in Dockerfiles can lead to several issues, including unexpected behavior, increased complexity, and security risks. The ADD instruction has additional features that can introduce unintended side effects, such as automatically extracting compressed files and fetching remote resources. This can make the behavior of the instruction less predictable and harder to understand or even lead to security issues, if, for example, due to a typo in the source path, the ADD instruction could fetch a remote resource instead of copying a local file.
If you only need to copy local files or directories into your Docker image, it is recommended to use the COPY instruction instead. Only use the ADD instruction when you need its additional features, such as fetching remote resources or extracting compressed files. See also the rule {rule:docker:S7026} for more information on using the ADD instruction to fetch remote resources.
The text was updated successfully, but these errors were encountered: