Closed gurkanindibay closed 2 years ago
{"runs":[{"results":[{"ruleId":"DL3008","message":{"text":"Pin versions in apt get install. Instead of `apt-get install <package>` use `apt-get install <package>=<version>`"},"level":"warning","locations":[{"physicalLocation":{"region":{"sourceLanguage":"dockerfile","startColumn":1,"endColumn":1,"startLine":17,"endLine":17},"artifactLocation":{"uri":"./Dockerfile"}}}]},{"ruleId":"DL3015","message":{"text":"Avoid additional packages by specifying `--no-install-recommends`"},"level":"note","locations":[{"physicalLocation":{"region":{"sourceLanguage":"dockerfile","startColumn":1,"endColumn":1,"startLine":17,"endLine":17},"artifactLocation":{"uri":"./Dockerfile"}}}]},{"ruleId":"SC2086","message":{"text":"Double quote to prevent globbing and word splitting."},"level":"note","locations":[{"physicalLocation":{"region":{"sourceLanguage":"sh","startColumn":1,"endColumn":1,"startLine":17,"endLine":17},"artifactLocation":{"uri":"./Dockerfile"}}}]},{"ruleId":"DL4006","message":{"text":"Set the SHELL option -o pipefail before RUN with a pipe in it. If you are using /bin/sh in an alpine image or if your shell is symlinked to busybox then consider explicitly setting your SHELL to /bin/ash, or disable this check"},"level":"warning","locations":[{"physicalLocation":{"region":{"sourceLanguage":"dockerfile","startColumn":1,"endColumn":1,"startLine":17,"endLine":17},"artifactLocation":{"uri":"./Dockerfile"}}}]},{"ruleId":"DL3059","message":{"text":"Multiple consecutive `RUN` instructions. Consider consolidation."},"level":"note","locations":[{"physicalLocation":{"region":{"sourceLanguage":"dockerfile","startColumn":1,"endColumn":1,"startLine":40,"endLine":40},"artifactLocation":{"uri":"./Dockerfile"}}}]}],"tool":{"driver":{"fullName":"Haskell Dockerfile Linter","shortDescription":{"text":"Dockerfile linter, validate inline bash, written in Haskell"},"name":"Hadolint","version":"v2.9.3-0-g346e419-dirty","downloadUri":"https://github.com/hadolint/hadolint"}},"defaultSourceLanguage":"dockerfile"}],"version":"2.1.0","$schema":"http://json.schemastore.org/sarif-2.1.0"}
{"runs":[{"results":[{"ruleId":"DL3008","message":{"text":"Pin versions in apt get install. Instead of `apt-get install <package>` use `apt-get install <package>=<version>`"},"level":"warning","locations":[{"physicalLocation":{"region":{"sourceLanguage":"dockerfile","startColumn":1,"endColumn":1,"startLine":17,"endLine":17},"artifactLocation":{"uri":"./Dockerfile"}}}]},{"ruleId":"DL3015","message":{"text":"Avoid additional packages by specifying `--no-install-recommends`"},"level":"note","locations":[{"physicalLocation":{"region":{"sourceLanguage":"dockerfile","startColumn":1,"endColumn":1,"startLine":17,"endLine":17},"artifactLocation":{"uri":"./Dockerfile"}}}]},{"ruleId":"SC2086","message":{"text":"Double quote to prevent globbing and word splitting."},"level":"note","locations":[{"physicalLocation":{"region":{"sourceLanguage":"sh","startColumn":1,"endColumn":1,"startLine":17,"endLine":17},"artifactLocation":{"uri":"./Dockerfile"}}}]},{"ruleId":"DL4006","message":{"text":"Set the SHELL option -o pipefail before RUN with a pipe in it. If you are using /bin/sh in an alpine image or if your shell is symlinked to busybox then consider explicitly setting your SHELL to /bin/ash, or disable this check"},"level":"warning","locations":[{"physicalLocation":{"region":{"sourceLanguage":"dockerfile","startColumn":1,"endColumn":1,"startLine":17,"endLine":17},"artifactLocation":{"uri":"./Dockerfile"}}}]},{"ruleId":"DL3059","message":{"text":"Multiple consecutive `RUN` instructions. Consider consolidation."},"level":"note","locations":[{"physicalLocation":{"region":{"sourceLanguage":"dockerfile","startColumn":1,"endColumn":1,"startLine":40,"endLine":40},"artifactLocation":{"uri":"./Dockerfile"}}}]}],"tool":{"driver":{"fullName":"Haskell Dockerfile Linter","shortDescription":{"text":"Dockerfile linter, validate inline bash, written in Haskell"},"name":"Hadolint","version":"v2.9.3-0-g346e419-dirty","downloadUri":"https://github.com/hadolint/hadolint"}},"defaultSourceLanguage":"dockerfile"}],"version":"2.1.0","$schema":"http://json.schemastore.org/sarif-2.1.0"}
{"runs":[{"results":[{"ruleId":"DL3008","message":{"text":"Pin versions in apt get install. Instead of `apt-get install <package>` use `apt-get install <package>=<version>`"},"level":"warning","locations":[{"physicalLocation":{"region":{"sourceLanguage":"dockerfile","startColumn":1,"endColumn":1,"startLine":17,"endLine":17},"artifactLocation":{"uri":"./Dockerfile"}}}]},{"ruleId":"DL3015","message":{"text":"Avoid additional packages by specifying `--no-install-recommends`"},"level":"note","locations":[{"physicalLocation":{"region":{"sourceLanguage":"dockerfile","startColumn":1,"endColumn":1,"startLine":17,"endLine":17},"artifactLocation":{"uri":"./Dockerfile"}}}]},{"ruleId":"SC2086","message":{"text":"Double quote to prevent globbing and word splitting."},"level":"note","locations":[{"physicalLocation":{"region":{"sourceLanguage":"sh","startColumn":1,"endColumn":1,"startLine":17,"endLine":17},"artifactLocation":{"uri":"./Dockerfile"}}}]},{"ruleId":"DL4006","message":{"text":"Set the SHELL option -o pipefail before RUN with a pipe in it. If you are using /bin/sh in an alpine image or if your shell is symlinked to busybox then consider explicitly setting your SHELL to /bin/ash, or disable this check"},"level":"warning","locations":[{"physicalLocation":{"region":{"sourceLanguage":"dockerfile","startColumn":1,"endColumn":1,"startLine":17,"endLine":17},"artifactLocation":{"uri":"./Dockerfile"}}}]},{"ruleId":"DL3059","message":{"text":"Multiple consecutive `RUN` instructions. Consider consolidation."},"level":"note","locations":[{"physicalLocation":{"region":{"sourceLanguage":"dockerfile","startColumn":1,"endColumn":1,"startLine":40,"endLine":40},"artifactLocation":{"uri":"./Dockerfile"}}}]}],"tool":{"driver":{"fullName":"Haskell Dockerfile Linter","shortDescription":{"text":"Dockerfile linter, validate inline bash, written in Haskell"},"name":"Hadolint","version":"v2.9.3-0-g346e419-dirty","downloadUri":"https://github.com/hadolint/hadolint"}},"defaultSourceLanguage":"dockerfile"}],"version":"2.1.0","$schema":"http://json.schemastore.org/sarif-2.1.0"}
Locally tested test results