Closed mohamedMok closed 1 year ago
Checkmarx One – Scan Summary & Details – 2ae954c7-9f06-4a41-b771-9186c89856ca
Severity | Issue | Source File / Package | Checkmarx Insight |
---|---|---|---|
![]() |
Missing User Instruction | /Dockerfile: 8 | A user should be specified in the dockerfile, otherwise the image will run as root |
![]() |
Add Instead of Copy | /Dockerfile: 55 | Using ADD to load external installation scripts could lead to an evil web server leveraging this and loading a malicious script. |
![]() |
Apt Get Install Pin Version Not Defined | /Dockerfile: 40 | When installing a package, its pin version should be defined |
![]() |
Apt Get Install Pin Version Not Defined | /Dockerfile: 8 | When installing a package, its pin version should be defined |
![]() |
Apt Get Install Pin Version Not Defined | /Dockerfile: 8 | When installing a package, its pin version should be defined |
![]() |
Apt Get Install Pin Version Not Defined | /Dockerfile: 8 | When installing a package, its pin version should be defined |
![]() |
Apt Get Install Pin Version Not Defined | /Dockerfile: 8 | When installing a package, its pin version should be defined |
![]() |
Apt Get Install Pin Version Not Defined | /Dockerfile: 40 | When installing a package, its pin version should be defined |
![]() |
Apt Get Install Pin Version Not Defined | /Dockerfile: 8 | When installing a package, its pin version should be defined |
![]() |
Apt Get Install Pin Version Not Defined | /Dockerfile: 8 | When installing a package, its pin version should be defined |
![]() |
Apt Get Install Pin Version Not Defined | /Dockerfile: 8 | When installing a package, its pin version should be defined |
![]() |
Apt Get Install Pin Version Not Defined | /Dockerfile: 8 | When installing a package, its pin version should be defined |
![]() |
Apt Get Install Pin Version Not Defined | /Dockerfile: 8 | When installing a package, its pin version should be defined |
![]() |
CVE-2022-25883 | Npm-semver-7.5.1 | Vulnerable Package |
![]() |
CVE-2022-25883 | Npm-semver-7.5.0 | Vulnerable Package |
![]() |
CVE-2022-25883 | Npm-semver-7.3.8 | Vulnerable Package |
![]() |
CVE-2022-25883 | Npm-semver-7.3.4 | Vulnerable Package |
![]() |
CVE-2022-25883 | Npm-semver-7.0.0 | Vulnerable Package |
![]() |
CVE-2022-25883 | Npm-semver-6.3.0 | Vulnerable Package |
![]() |
CVE-2022-25883 | Npm-semver-5.7.1 | Vulnerable Package |
![]() |
NPM Install Command Without Pinned Version | /Dockerfile: 53 | Check if packages installed by npm are pinning a specific version. |
![]() |
Run Using apt | /Dockerfile: 15 | apt is discouraged by the linux distributions as an unattended tool as its interface may suffer changes between versions. Better use the more stabl... |
![]() |
Healthcheck Instruction Missing | /Dockerfile: 8 | Ensure that HEALTHCHECK is being used. The HEALTHCHECK instruction tells Docker how to test a container to check that it is still working |
![]() |
Multiple RUN, ADD, COPY, Instructions Listed | /Dockerfile: 47 | Multiple commands (RUN, COPY, ADD) should be grouped in order to reduce the number of layers. |
Severity | Issue | Source File / Package | Checkmarx Insight |
---|---|---|---|
![]() |
Missing User Instruction | /Dockerfile: 1 | A user should be specified in the dockerfile, otherwise the image will run as root |
![]() |
Passwords And Secrets - Generic Token | /push.yml: 16 | Query to find passwords and secrets in infrastructure code. |
![]() |
Passwords And Secrets - Generic Token | /release.yml: 10 | Query to find passwords and secrets in infrastructure code. |
![]() |
Add Instead of Copy | /Dockerfile: 37 | Using ADD to load external installation scripts could lead to an evil web server leveraging this and loading a malicious script. |
![]() |
Apt Get Install Pin Version Not Defined | /Dockerfile: 1 | When installing a package, its pin version should be defined |
![]() |
Apt Get Install Pin Version Not Defined | /Dockerfile: 1 | When installing a package, its pin version should be defined |
![]() |
Apt Get Install Pin Version Not Defined | /Dockerfile: 1 | When installing a package, its pin version should be defined |
![]() |
Apt Get Install Pin Version Not Defined | /Dockerfile: 1 | When installing a package, its pin version should be defined |
![]() |
Apt Get Install Pin Version Not Defined | /Dockerfile: 1 | When installing a package, its pin version should be defined |
![]() |
Apt Get Install Pin Version Not Defined | /Dockerfile: 1 | When installing a package, its pin version should be defined |
![]() |
Apt Get Install Pin Version Not Defined | /Dockerfile: 1 | When installing a package, its pin version should be defined |
![]() |
Apt Get Install Pin Version Not Defined | /Dockerfile: 1 | When installing a package, its pin version should be defined |
![]() |
Apt Get Install Pin Version Not Defined | /Dockerfile: 1 | When installing a package, its pin version should be defined |
![]() |
Apt Get Install Pin Version Not Defined | /Dockerfile: 1 | When installing a package, its pin version should be defined |
![]() |
Pip install Keeping Cached Packages | /Dockerfile: 1 | When installing packages with pip, the '--no-cache-dir' flag should be set to make Docker images smaller |
![]() |
Run Using apt | /Dockerfile: 10 | apt is discouraged by the linux distributions as an unattended tool as its interface may suffer changes between versions. Better use the more stabl... |
![]() |
Unpinned Package Version in Pip Install | /Dockerfile: 10 | Package version pinning reduces the range of versions that can be installed, reducing the chances of failure due to unanticipated changes |
![]() |
Healthcheck Instruction Missing | /Dockerfile: 1 | Ensure that HEALTHCHECK is being used. The HEALTHCHECK instruction tells Docker how to test a container to check that it is still working |
I have read the contributing guidelines
Does this PR introduce a breaking change?
Describe the changes
GitHub issue number or Jira issue URL: N/A
Other information