Closed tiloyi closed 1 year ago
Checkmarx One – Scan Summary & Details – b9e45219-4810-4d9b-a012-d92da9a4b9f4
Severity | Issue | Source File / Package | Checkmarx Insight |
---|---|---|---|
CVE-2023-31125 | Npm-engine.io-6.2.1 | Vulnerable Package | |
Missing User Instruction | /Dockerfile: 1 | A user should be specified in the dockerfile, otherwise the image will run as root | |
Add Instead of Copy | /Dockerfile: 37 | Using ADD to load external installation scripts could lead to an evil web server leveraging this and loading a malicious script. | |
Apt Get Install Pin Version Not Defined | /Dockerfile: 1 | When installing a package, its pin version should be defined | |
Apt Get Install Pin Version Not Defined | /Dockerfile: 1 | When installing a package, its pin version should be defined | |
Apt Get Install Pin Version Not Defined | /Dockerfile: 1 | When installing a package, its pin version should be defined | |
Apt Get Install Pin Version Not Defined | /Dockerfile: 1 | When installing a package, its pin version should be defined | |
Apt Get Install Pin Version Not Defined | /Dockerfile: 1 | When installing a package, its pin version should be defined | |
Apt Get Install Pin Version Not Defined | /Dockerfile: 1 | When installing a package, its pin version should be defined | |
Apt Get Install Pin Version Not Defined | /Dockerfile: 1 | When installing a package, its pin version should be defined | |
Apt Get Install Pin Version Not Defined | /Dockerfile: 1 | When installing a package, its pin version should be defined | |
Apt Get Install Pin Version Not Defined | /Dockerfile: 1 | When installing a package, its pin version should be defined | |
Apt Get Install Pin Version Not Defined | /Dockerfile: 1 | When installing a package, its pin version should be defined | |
Pip install Keeping Cached Packages | /Dockerfile: 1 | When installing packages with pip, the '--no-cache-dir' flag should be set to make Docker images smaller | |
Run Using apt | /Dockerfile: 10 | apt is discouraged by the linux distributions as an unattended tool as its interface may suffer changes between versions. Better use the more stabl... | |
Unpinned Package Version in Pip Install | /Dockerfile: 10 | Package version pinning reduces the range of versions that can be installed, reducing the chances of failure due to unanticipated changes | |
Healthcheck Instruction Missing | /Dockerfile: 1 | Ensure that HEALTHCHECK is being used. The HEALTHCHECK instruction tells Docker how to test a container to check that it is still working |
Severity | Issue | Source File / Package | Checkmarx Insight |
---|---|---|---|
Missing User Instruction | /Dockerfile: 1 | A user should be specified in the dockerfile, otherwise the image will run as root | |
Add Instead of Copy | /Dockerfile: 37 | Using ADD to load external installation scripts could lead to an evil web server leveraging this and loading a malicious script. | |
Apt Get Install Pin Version Not Defined | /Dockerfile: 1 | When installing a package, its pin version should be defined | |
Apt Get Install Pin Version Not Defined | /Dockerfile: 1 | When installing a package, its pin version should be defined | |
Apt Get Install Pin Version Not Defined | /Dockerfile: 1 | When installing a package, its pin version should be defined | |
Apt Get Install Pin Version Not Defined | /Dockerfile: 1 | When installing a package, its pin version should be defined | |
Apt Get Install Pin Version Not Defined | /Dockerfile: 1 | When installing a package, its pin version should be defined | |
Apt Get Install Pin Version Not Defined | /Dockerfile: 1 | When installing a package, its pin version should be defined | |
Apt Get Install Pin Version Not Defined | /Dockerfile: 1 | When installing a package, its pin version should be defined | |
Apt Get Install Pin Version Not Defined | /Dockerfile: 1 | When installing a package, its pin version should be defined | |
Apt Get Install Pin Version Not Defined | /Dockerfile: 1 | When installing a package, its pin version should be defined | |
Apt Get Install Pin Version Not Defined | /Dockerfile: 1 | When installing a package, its pin version should be defined | |
Pip install Keeping Cached Packages | /Dockerfile: 1 | When installing packages with pip, the '--no-cache-dir' flag should be set to make Docker images smaller | |
Run Using apt | /Dockerfile: 10 | apt is discouraged by the linux distributions as an unattended tool as its interface may suffer changes between versions. Better use the more stabl... | |
Unpinned Package Version in Pip Install | /Dockerfile: 10 | Package version pinning reduces the range of versions that can be installed, reducing the chances of failure due to unanticipated changes | |
Healthcheck Instruction Missing | /Dockerfile: 1 | Ensure that HEALTHCHECK is being used. The HEALTHCHECK instruction tells Docker how to test a container to check that it is still working |
I have read the contributing guidelines
Does this PR introduce a breaking change?
Describe the changes
Upgrade Node.js to version 18
GitHub issue number or Jira issue URL: N/A
Other information