mohamedMok
commented
1 year ago 
Checkmarx One – Scan Summary & Details – b9e45219-4810-4d9b-a012-d92da9a4b9f4
New Issues
| Severity | Issue | Source File / Package | Checkmarx Insight |
|---|---|---|---|
 |
CVE-2023-31125 | Npm-engine.io-6.2.1 | Vulnerable Package |
|
Missing User Instruction | /Dockerfile: 1 | A user should be specified in the dockerfile, otherwise the image will run as root |
 |
Add Instead of Copy | /Dockerfile: 37 | Using ADD to load external installation scripts could lead to an evil web server leveraging this and loading a malicious script. |
|
Apt Get Install Pin Version Not Defined | /Dockerfile: 1 | When installing a package, its pin version should be defined |
|
Apt Get Install Pin Version Not Defined | /Dockerfile: 1 | When installing a package, its pin version should be defined |
|
Apt Get Install Pin Version Not Defined | /Dockerfile: 1 | When installing a package, its pin version should be defined |
|
Apt Get Install Pin Version Not Defined | /Dockerfile: 1 | When installing a package, its pin version should be defined |
|
Apt Get Install Pin Version Not Defined | /Dockerfile: 1 | When installing a package, its pin version should be defined |
|
Apt Get Install Pin Version Not Defined | /Dockerfile: 1 | When installing a package, its pin version should be defined |
|
Apt Get Install Pin Version Not Defined | /Dockerfile: 1 | When installing a package, its pin version should be defined |
|
Apt Get Install Pin Version Not Defined | /Dockerfile: 1 | When installing a package, its pin version should be defined |
|
Apt Get Install Pin Version Not Defined | /Dockerfile: 1 | When installing a package, its pin version should be defined |
|
Apt Get Install Pin Version Not Defined | /Dockerfile: 1 | When installing a package, its pin version should be defined |
|
Pip install Keeping Cached Packages | /Dockerfile: 1 | When installing packages with pip, the '--no-cache-dir' flag should be set to make Docker images smaller |
|
Run Using apt | /Dockerfile: 10 | apt is discouraged by the linux distributions as an unattended tool as its interface may suffer changes between versions. Better use the more stabl... |
|
Unpinned Package Version in Pip Install | /Dockerfile: 10 | Package version pinning reduces the range of versions that can be installed, reducing the chances of failure due to unanticipated changes |
 |
Healthcheck Instruction Missing | /Dockerfile: 1 | Ensure that HEALTHCHECK is being used. The HEALTHCHECK instruction tells Docker how to test a container to check that it is still working |
Fixed Issues
| Severity | Issue | Source File / Package | Checkmarx Insight |
|---|---|---|---|
|
Missing User Instruction | /Dockerfile: 1 | A user should be specified in the dockerfile, otherwise the image will run as root |
|
Add Instead of Copy | /Dockerfile: 37 | Using ADD to load external installation scripts could lead to an evil web server leveraging this and loading a malicious script. |
|
Apt Get Install Pin Version Not Defined | /Dockerfile: 1 | When installing a package, its pin version should be defined |
|
Apt Get Install Pin Version Not Defined | /Dockerfile: 1 | When installing a package, its pin version should be defined |
|
Apt Get Install Pin Version Not Defined | /Dockerfile: 1 | When installing a package, its pin version should be defined |
|
Apt Get Install Pin Version Not Defined | /Dockerfile: 1 | When installing a package, its pin version should be defined |
|
Apt Get Install Pin Version Not Defined | /Dockerfile: 1 | When installing a package, its pin version should be defined |
|
Apt Get Install Pin Version Not Defined | /Dockerfile: 1 | When installing a package, its pin version should be defined |
|
Apt Get Install Pin Version Not Defined | /Dockerfile: 1 | When installing a package, its pin version should be defined |
|
Apt Get Install Pin Version Not Defined | /Dockerfile: 1 | When installing a package, its pin version should be defined |
|
Apt Get Install Pin Version Not Defined | /Dockerfile: 1 | When installing a package, its pin version should be defined |
|
Apt Get Install Pin Version Not Defined | /Dockerfile: 1 | When installing a package, its pin version should be defined |
|
Pip install Keeping Cached Packages | /Dockerfile: 1 | When installing packages with pip, the '--no-cache-dir' flag should be set to make Docker images smaller |
|
Run Using apt | /Dockerfile: 10 | apt is discouraged by the linux distributions as an unattended tool as its interface may suffer changes between versions. Better use the more stabl... |
|
Unpinned Package Version in Pip Install | /Dockerfile: 10 | Package version pinning reduces the range of versions that can be installed, reducing the chances of failure due to unanticipated changes |
|
Healthcheck Instruction Missing | /Dockerfile: 1 | Ensure that HEALTHCHECK is being used. The HEALTHCHECK instruction tells Docker how to test a container to check that it is still working |
I have read the contributing guidelines
Does this PR introduce a breaking change?
Describe the changes
Upgrade Node.js to version 18
GitHub issue number or Jira issue URL: N/A
Other information