search

Nullify-Platform / Logger

Nullify logging library for backend services
https://github.com/Nullify-Platform
0 stars 0 forks source link

Vulnerabilities Dashboard - Code #49

Open nullify-latest[bot] opened 5 months ago

nullify-latest[bot] commented 5 months ago

Severity Threshold: 🔵 MEDIUM

1 Potential vulnerability sources found within this repo

🔴 CRITICAL 🟡 HIGH 🔵 MEDIUM ⚪ LOW
0 1 0 0

ID: 01J0HQ0Y13X41670TFEKTZC1FG Language: Containerfile Severity: 🟡 HIGH AVD-DS-0002

Image user should not be 'root'

The identified vulnerability, 'Image user should not be 'root',' is related to Docker containers running processes as the root user. In Docker, images can specify a default user that runs the first process when a container starts. If the Docker image uses the root user by default, it means any process run inside the Docker container has full permissions to all aspects of the container. This presents a potential security risk because if an attacker gains access to the container, they could exploit these permissions to their advantage, possibly affecting the host machine or other containers on the same network. Read more: https://avd.aquasec.com/misconfig/ds002 https://github.com/Nullify-Platform/Logger/blob/a78cab7d4320069dbe949662d4febd45a675c9a6/Dockerfile#L1

Reply with /nullify to interact with me like another developer

nullify-latest[bot] commented 2 months ago

New code security updates for commit 0fe645c41046dc129e5a8aaf6702455ec3c1adc8

New Fixed Allowlisted Unallowlisted
1 1 0 0
See Details ### New Findings | ID | Title | File | Line | CWE | |-|-|-|-|-| | 01HX5X8CFEZ31N39AP9C2V9W1J | Image user should not be 'root' | Dockerfile | 1 | 0 | ### New Fixed Findings | ID | Title | File | Line | CWE | |-|-|-|-|-| | 01HVMYPQVGSZ9VRV0EQFJA61B3 | Image user should not be 'root' | Dockerfile | 1 | 0 |
nullify-latest[bot] commented 2 months ago

New code security updates for commit 0e491289a0914a9225060c6f77bf06e5f9db41e3

New Fixed Allowlisted Unallowlisted
1 1 0 0
See Details ### New Findings | ID | Title | File | Line | CWE | |-|-|-|-|-| | 01HXQYMRM3PYSANAKAEEX4YNP9 | Image user should not be 'root' | Dockerfile | 1 | 0 | ### New Fixed Findings | ID | Title | File | Line | CWE | |-|-|-|-|-| | 01HX5X8CFEZ31N39AP9C2V9W1J | Image user should not be 'root' | Dockerfile | 1 | 0 |
nullify-latest[bot] commented 2 months ago

New code security updates for commit 13f8ddfa7296f3761a2802a331d8712453a9d1d3

New Fixed Allowlisted Unallowlisted
1 1 0 0
See Details ### New Findings | ID | Title | File | Line | CWE | |-|-|-|-|-| | 01HY9P6KC8CYTZB4DHT09Q20VH | Image user should not be 'root' | Dockerfile | 1 | 0 | ### New Fixed Findings | ID | Title | File | Line | CWE | |-|-|-|-|-| | 01HXQYMRM3PYSANAKAEEX4YNP9 | Image user should not be 'root' | Dockerfile | 1 | 0 |
nullify-latest[bot] commented 1 month ago

New code security updates for commit 632af004afefd7132f7f4017e31210d66196eaa8

New Fixed Allowlisted Unallowlisted
1 1 0 0
See Details ### New Findings | ID | Title | File | Line | CWE | |-|-|-|-|-| | 01HZ1HW9T58ST9SBXWAQS3MY1G | Image user should not be 'root' | Dockerfile | 1 | 0 | ### New Fixed Findings | ID | Title | File | Line | CWE | |-|-|-|-|-| | 01HY9P6KC8CYTZB4DHT09Q20VH | Image user should not be 'root' | Dockerfile | 1 | 0 |
nullify-latest[bot] commented 1 month ago

New code security updates for commit e65587b322f378a8598a0bc49e76f4ed07695a58

New Fixed Allowlisted Unallowlisted
1 1 0 0
See Details ### New Findings | ID | Title | File | Line | CWE | |-|-|-|-|-| | 01HZZSVBJSK6KW356CXSA9DF49 | Image user should not be 'root' | Dockerfile | 1 | 0 | ### New Fixed Findings | ID | Title | File | Line | CWE | |-|-|-|-|-| | 01HZ1HW9T58ST9SBXWAQS3MY1G | Image user should not be 'root' | Dockerfile | 1 | 0 |