slaoutadeo
commented
1 year ago 
Checkmarx One – Scan Summary & Details – 2ae954c7-9f06-4a41-b771-9186c89856ca
New Issues
| Severity | Issue | Source File / Package | Checkmarx Insight |
|---|---|---|---|
 |
Missing User Instruction | /Dockerfile: 8 | A user should be specified in the dockerfile, otherwise the image will run as root |
 |
Add Instead of Copy | /Dockerfile: 55 | Using ADD to load external installation scripts could lead to an evil web server leveraging this and loading a malicious script. |
|
Apt Get Install Pin Version Not Defined | /Dockerfile: 40 | When installing a package, its pin version should be defined |
|
Apt Get Install Pin Version Not Defined | /Dockerfile: 8 | When installing a package, its pin version should be defined |
|
Apt Get Install Pin Version Not Defined | /Dockerfile: 8 | When installing a package, its pin version should be defined |
|
Apt Get Install Pin Version Not Defined | /Dockerfile: 8 | When installing a package, its pin version should be defined |
|
Apt Get Install Pin Version Not Defined | /Dockerfile: 8 | When installing a package, its pin version should be defined |
|
Apt Get Install Pin Version Not Defined | /Dockerfile: 40 | When installing a package, its pin version should be defined |
|
Apt Get Install Pin Version Not Defined | /Dockerfile: 8 | When installing a package, its pin version should be defined |
|
Apt Get Install Pin Version Not Defined | /Dockerfile: 8 | When installing a package, its pin version should be defined |
|
Apt Get Install Pin Version Not Defined | /Dockerfile: 8 | When installing a package, its pin version should be defined |
|
Apt Get Install Pin Version Not Defined | /Dockerfile: 8 | When installing a package, its pin version should be defined |
|
Apt Get Install Pin Version Not Defined | /Dockerfile: 8 | When installing a package, its pin version should be defined |
|
CVE-2022-25883 | Npm-semver-7.5.1 | Vulnerable Package |
|
CVE-2022-25883 | Npm-semver-7.5.0 | Vulnerable Package |
|
CVE-2022-25883 | Npm-semver-7.3.8 | Vulnerable Package |
|
CVE-2022-25883 | Npm-semver-7.3.4 | Vulnerable Package |
|
CVE-2022-25883 | Npm-semver-7.0.0 | Vulnerable Package |
|
CVE-2022-25883 | Npm-semver-6.3.0 | Vulnerable Package |
|
CVE-2022-25883 | Npm-semver-5.7.1 | Vulnerable Package |
|
NPM Install Command Without Pinned Version | /Dockerfile: 53 | Check if packages installed by npm are pinning a specific version. |
|
Run Using apt | /Dockerfile: 15 | apt is discouraged by the linux distributions as an unattended tool as its interface may suffer changes between versions. Better use the more stabl... |
 |
Healthcheck Instruction Missing | /Dockerfile: 8 | Ensure that HEALTHCHECK is being used. The HEALTHCHECK instruction tells Docker how to test a container to check that it is still working |
|
Multiple RUN, ADD, COPY, Instructions Listed | /Dockerfile: 47 | Multiple commands (RUN, COPY, ADD) should be grouped in order to reduce the number of layers. |
Fixed Issues
| Severity | Issue | Source File / Package | Checkmarx Insight |
|---|---|---|---|
|
Missing User Instruction | /Dockerfile: 1 | A user should be specified in the dockerfile, otherwise the image will run as root |
|
Passwords And Secrets - Generic Token | /push.yml: 16 | Query to find passwords and secrets in infrastructure code. |
|
Passwords And Secrets - Generic Token | /release.yml: 10 | Query to find passwords and secrets in infrastructure code. |
|
Add Instead of Copy | /Dockerfile: 37 | Using ADD to load external installation scripts could lead to an evil web server leveraging this and loading a malicious script. |
|
Apt Get Install Pin Version Not Defined | /Dockerfile: 1 | When installing a package, its pin version should be defined |
|
Apt Get Install Pin Version Not Defined | /Dockerfile: 1 | When installing a package, its pin version should be defined |
|
Apt Get Install Pin Version Not Defined | /Dockerfile: 1 | When installing a package, its pin version should be defined |
|
Apt Get Install Pin Version Not Defined | /Dockerfile: 1 | When installing a package, its pin version should be defined |
|
Apt Get Install Pin Version Not Defined | /Dockerfile: 1 | When installing a package, its pin version should be defined |
|
Apt Get Install Pin Version Not Defined | /Dockerfile: 1 | When installing a package, its pin version should be defined |
|
Apt Get Install Pin Version Not Defined | /Dockerfile: 1 | When installing a package, its pin version should be defined |
|
Apt Get Install Pin Version Not Defined | /Dockerfile: 1 | When installing a package, its pin version should be defined |
|
Apt Get Install Pin Version Not Defined | /Dockerfile: 1 | When installing a package, its pin version should be defined |
|
Apt Get Install Pin Version Not Defined | /Dockerfile: 1 | When installing a package, its pin version should be defined |
|
Pip install Keeping Cached Packages | /Dockerfile: 1 | When installing packages with pip, the '--no-cache-dir' flag should be set to make Docker images smaller |
|
Run Using apt | /Dockerfile: 10 | apt is discouraged by the linux distributions as an unattended tool as its interface may suffer changes between versions. Better use the more stabl... |
|
Unpinned Package Version in Pip Install | /Dockerfile: 10 | Package version pinning reduces the range of versions that can be installed, reducing the chances of failure due to unanticipated changes |
|
Healthcheck Instruction Missing | /Dockerfile: 1 | Ensure that HEALTHCHECK is being used. The HEALTHCHECK instruction tells Docker how to test a container to check that it is still working |
I have read the contributing guidelines
Does this PR introduce a breaking change?
Describe the changes
GitHub issue number or Jira issue URL: N/A
Other information