Open 53845714nF opened 3 months ago
The tool should be able to find a Secret in Envs. For Example, for images that are produced from such Dockerfile:
FROM docker.io/library/python:3.8 ENV PYTHONDONTWRITEBYTECODE=1 ENV PYTHONUNBUFFERED=1 WORKDIR /app COPY requirements.txt /app/ RUN pip install -r requirements.txt ENV POSTGRES_HOST=database ENV POSTGRES_USER=postgres ENV POSTGRES_PASSWORD=postgres ENV POSTGRES_DB=shopping_list COPY . /app/ EXPOSE 8000 CMD ["gunicorn", "--bind", "0.0.0.0:8000", "app:app"]
It should report the Postgres password.
Hi @53845714nF thanks for raising the issue. This seems like an valid feature.
The tool should be able to find a Secret in Envs. For Example, for images that are produced from such Dockerfile:
It should report the Postgres password.