Dockle 0.4.0 detects the wrong package manager in the Alpine-base image.
What did you expect to happen?
Check if /var/cache/apk/* is empty instead of /var/lib/apt/lists/*
What happened instead?
It encourages to clear apt-get cache dir /var/lib/apt/lists (DKL-DI-0005).
But this directory doesn't exist since Alpine uses apk as a package manager and not apt, which is the package manager for Debian-ish distros.
Output of run with -debug:
output log
```shellsession
$ docker pull golang:1.17.1-alpine
alpine: Pulling from library/golang
Digest: sha256:13919fb9091f6667cb375d5fdf016ecd6d3a5d5995603000d422b04583de4ef9
Status: Downloaded newer image for golang:alpine
docker.io/library/golang:alpine
$ dockle -v
dockle version 0.4.0
$ dockle --debug golang:1.17.1-alpine
2021-09-11T19:22:50.284+0900 DEBUG Add new ignore code: DKL-DI-0006
2021-09-11T19:22:50.284+0900 DEBUG Add new ignore code: CIS-DI-0005
2021-09-11T19:22:50.284+0900 DEBUG Fetch latest version from github
2021-09-11T19:22:50.732+0900 DEBUG Start assessments...
2021-09-11T19:23:01.288+0900 DEBUG Start scan : password files
2021-09-11T19:23:01.288+0900 DEBUG Start scan : /etc/passwd
2021-09-11T19:23:01.288+0900 DEBUG Start scan : /etc/group
2021-09-11T19:23:01.288+0900 DEBUG Start scan : /etc/hosts
2021-09-11T19:23:01.289+0900 DEBUG Start scan : credential files
2021-09-11T19:23:01.289+0900 DEBUG Scan start : config file
2021-09-11T19:23:01.291+0900 DEBUG Scan start : DOCKER_CONTENT_TRUST
2021-09-11T19:23:01.291+0900 DEBUG Start scan : cache files
2021-09-11T19:23:01.291+0900 DEBUG End assessments...
FATAL - CIS-DI-0010: Do not store credential in ENVIRONMENT vars/files
* Suspicious file extension found : etc/ssl/certs/ca-cert-Izenpe.com.pem (You can suppress it with "-ae pem")
* Suspicious file extension found : etc/ssl/certs/ca-cert-certSIGN_ROOT_CA.pem (You can suppress it with "-ae pem")
* Suspicious file extension found : etc/ssl/certs/ca-cert-Comodo_AAA_Services_root.pem (You can suppress it with "-ae pem")
* Suspicious file extension found : etc/ssl/certs/ca-cert-thawte_Primary_Root_CA.pem (You can suppress it with "-ae pem")
* Suspicious file extension found : etc/ssl/certs/ca-cert-Cybertrust_Global_Root.pem (You can suppress it with "-ae pem")
* Suspicious file extension found : etc/ssl/certs/ca-cert-COMODO_RSA_Certification_Authority.pem (You can suppress it with "-ae pem")
* Suspicious file extension found : etc/ssl/certs/ca-cert-OISTE_WISeKey_Global_Root_GC_CA.pem (You can suppress it with "-ae pem")
* Suspicious file extension found : etc/ssl/certs/ca-cert-QuoVadis_Root_CA_3.pem (You can suppress it with "-ae pem")
* Suspicious file extension found : etc/ssl/certs/ca-cert-IdenTrust_Public_Sector_Root_CA_1.pem (You can suppress it with "-ae pem")
* Suspicious file extension found : etc/ssl/certs/ca-cert-USERTrust_RSA_Certification_Authority.pem (You can suppress it with "-ae pem")
* Suspicious file extension found : etc/ssl/certs/ca-cert-DST_Root_CA_X3.pem (You can suppress it with "-ae pem")
* Suspicious file extension found : etc/ssl/certs/ca-cert-GeoTrust_Global_CA.pem (You can suppress it with "-ae pem")
* Suspicious file extension found : etc/ssl/certs/ca-cert-Amazon_Root_CA_4.pem (You can suppress it with "-ae pem")
* Suspicious file extension found : etc/ssl/certs/ca-cert-SwissSign_Gold_CA_-_G2.pem (You can suppress it with "-ae pem")
* Suspicious file extension found : etc/ssl/certs/ca-cert-GeoTrust_Primary_Certification_Authority.pem (You can suppress it with "-ae pem")
* Suspicious file extension found : etc/ssl/certs/ca-cert-DigiCert_Assured_ID_Root_CA.pem (You can suppress it with "-ae pem")
* Suspicious file extension found : etc/ssl/certs/ca-cert-GeoTrust_Universal_CA.pem (You can suppress it with "-ae pem")
* Suspicious file extension found : etc/ssl/certs/ca-cert-E-Tugra_Certification_Authority.pem (You can suppress it with "-ae pem")
* Suspicious file extension found : usr/local/go/src/crypto/tls/testdata/example-cert.pem (You can suppress it with "-ae pem")
* Suspicious file extension found : etc/ssl/certs/ca-cert-TrustCor_RootCert_CA-2.pem (You can suppress it with "-ae pem")
* Suspicious file extension found : etc/ssl/certs/ca-cert-DigiCert_High_Assurance_EV_Root_CA.pem (You can suppress it with "-ae pem")
* Suspicious file extension found : etc/ssl/certs/ca-cert-emSign_ECC_Root_CA_-_G3.pem (You can suppress it with "-ae pem")
* Suspicious file extension found : etc/ssl/certs/ca-cert-Security_Communication_RootCA2.pem (You can suppress it with "-ae pem")
* Suspicious file extension found : etc/ssl/certs/ca-cert-EC-ACC.pem (You can suppress it with "-ae pem")
* Suspicious file extension found : etc/ssl/certs/ca-cert-NetLock_Arany_=Class_Gold=_Főtanúsítvány.pem (You can suppress it with "-ae pem")
* Suspicious file extension found : etc/ssl/certs/ca-cert-TUBITAK_Kamu_SM_SSL_Kok_Sertifikasi_-_Surum_1.pem (You can suppress it with "-ae pem")
* Suspicious file extension found : etc/ssl/certs/ca-cert-Go_Daddy_Root_Certificate_Authority_-_G2.pem (You can suppress it with "-ae pem")
* Suspicious file extension found : etc/ssl/cert.pem (You can suppress it with "-ae pem")
* Suspicious file extension found : etc/ssl/certs/ca-cert-AC_RAIZ_FNMT-RCM.pem (You can suppress it with "-ae pem")
* Suspicious file extension found : etc/ssl/certs/ca-cert-QuoVadis_Root_CA_1_G3.pem (You can suppress it with "-ae pem")
* Suspicious file extension found : etc/ssl/certs/ca-cert-GeoTrust_Primary_Certification_Authority_-_G3.pem (You can suppress it with "-ae pem")
* Suspicious file extension found : etc/ssl/certs/ca-cert-Amazon_Root_CA_2.pem (You can suppress it with "-ae pem")
* Suspicious file extension found : etc/ssl/certs/ca-cert-SSL.com_Root_Certification_Authority_RSA.pem (You can suppress it with "-ae pem")
* Suspicious file extension found : etc/ssl/certs/ca-cert-ISRG_Root_X1.pem (You can suppress it with "-ae pem")
* Suspicious file extension found : etc/ssl/certs/ca-cert-Buypass_Class_3_Root_CA.pem (You can suppress it with "-ae pem")
* Suspicious file extension found : etc/ssl/certs/ca-cert-Global_Chambersign_Root_-_2008.pem (You can suppress it with "-ae pem")
* Suspicious file extension found : etc/ssl/certs/ca-cert-TrustCor_RootCert_CA-1.pem (You can suppress it with "-ae pem")
* Suspicious file extension found : etc/ssl/certs/ca-cert-Network_Solutions_Certificate_Authority.pem (You can suppress it with "-ae pem")
* Suspicious file extension found : etc/ssl/certs/ca-cert-Chambers_of_Commerce_Root_-_2008.pem (You can suppress it with "-ae pem")
* Suspicious file extension found : etc/ssl/certs/ca-cert-Hongkong_Post_Root_CA_1.pem (You can suppress it with "-ae pem")
* Suspicious file extension found : etc/ssl/certs/ca-cert-Security_Communication_Root_CA.pem (You can suppress it with "-ae pem")
* Suspicious file extension found : etc/ssl/certs/ca-cert-GTS_Root_R4.pem (You can suppress it with "-ae pem")
* Suspicious file extension found : etc/ssl/certs/ca-cert-GeoTrust_Universal_CA_2.pem (You can suppress it with "-ae pem")
* Suspicious file extension found : etc/ssl/certs/ca-cert-Staat_der_Nederlanden_Root_CA_-_G2.pem (You can suppress it with "-ae pem")
* Suspicious file extension found : etc/ssl/certs/ca-cert-GeoTrust_Primary_Certification_Authority_-_G2.pem (You can suppress it with "-ae pem")
* Suspicious file extension found : etc/ssl/certs/ca-cert-Baltimore_CyberTrust_Root.pem (You can suppress it with "-ae pem")
* Suspicious file extension found : etc/ssl/certs/ca-cert-CFCA_EV_ROOT.pem (You can suppress it with "-ae pem")
* Suspicious file extension found : etc/ssl/certs/ca-cert-thawte_Primary_Root_CA_-_G3.pem (You can suppress it with "-ae pem")
* Suspicious file extension found : etc/ssl/certs/ca-cert-UCA_Extended_Validation_Root.pem (You can suppress it with "-ae pem")
* Suspicious file extension found : etc/ssl/certs/ca-cert-Secure_Global_CA.pem (You can suppress it with "-ae pem")
* Suspicious file extension found : etc/ssl/certs/ca-cert-GTS_Root_R3.pem (You can suppress it with "-ae pem")
* Suspicious file extension found : etc/ssl/certs/ca-cert-Hongkong_Post_Root_CA_3.pem (You can suppress it with "-ae pem")
* Suspicious file extension found : etc/ssl/certs/ca-cert-TWCA_Root_Certification_Authority.pem (You can suppress it with "-ae pem")
* Suspicious file extension found : etc/ssl/certs/ca-cert-Hellenic_Academic_and_Research_Institutions_RootCA_2015.pem (You can suppress it with "-ae pem")
* Suspicious file extension found : etc/ssl/certs/ca-cert-COMODO_Certification_Authority.pem (You can suppress it with "-ae pem")
* Suspicious file extension found : etc/ssl/certs/ca-cert-DigiCert_Assured_ID_Root_G2.pem (You can suppress it with "-ae pem")
* Suspicious file extension found : etc/ssl/certs/ca-cert-LuxTrust_Global_Root_2.pem (You can suppress it with "-ae pem")
* Suspicious file extension found : etc/ssl/certs/ca-cert-Certigna.pem (You can suppress it with "-ae pem")
* Suspicious file extension found : etc/ssl/certs/ca-cert-DigiCert_Trusted_Root_G4.pem (You can suppress it with "-ae pem")
* Suspicious file extension found : etc/ssl/certs/ca-cert-Taiwan_GRCA.pem (You can suppress it with "-ae pem")
* Suspicious file extension found : etc/ssl/certs/ca-cert-Sonera_Class_2_Root_CA.pem (You can suppress it with "-ae pem")
* Suspicious file extension found : etc/ssl/certs/ca-cert-TWCA_Global_Root_CA.pem (You can suppress it with "-ae pem")
* Suspicious file extension found : etc/ssl/certs/ca-cert-Starfield_Root_Certificate_Authority_-_G2.pem (You can suppress it with "-ae pem")
* Suspicious file extension found : etc/ssl/certs/ca-cert-emSign_Root_CA_-_C1.pem (You can suppress it with "-ae pem")
* Suspicious file extension found : etc/ssl/certs/ca-cert-Entrust_Root_Certification_Authority_-_EC1.pem (You can suppress it with "-ae pem")
* Suspicious file extension found : etc/ssl/certs/ca-cert-Certum_Trusted_Network_CA.pem (You can suppress it with "-ae pem")
* Suspicious file extension found : etc/ssl/certs/ca-cert-emSign_ECC_Root_CA_-_C3.pem (You can suppress it with "-ae pem")
* Suspicious file extension found : etc/ssl/certs/ca-cert-Staat_der_Nederlanden_Root_CA_-_G3.pem (You can suppress it with "-ae pem")
* Suspicious file extension found : etc/ssl/certs/ca-cert-OISTE_WISeKey_Global_Root_GB_CA.pem (You can suppress it with "-ae pem")
* Suspicious file extension found : etc/ssl/certs/ca-cert-IdenTrust_Commercial_Root_CA_1.pem (You can suppress it with "-ae pem")
* Suspicious file extension found : etc/ssl/certs/ca-cert-GlobalSign_Root_CA.pem (You can suppress it with "-ae pem")
* Suspicious file extension found : usr/local/go/src/crypto/tls/testdata/example-key.pem (You can suppress it with "-ae pem")
* Suspicious file extension found : etc/ssl/certs/ca-cert-Starfield_Class_2_CA.pem (You can suppress it with "-ae pem")
* Suspicious file extension found : etc/ssl/certs/ca-cert-Hellenic_Academic_and_Research_Institutions_RootCA_2011.pem (You can suppress it with "-ae pem")
* Suspicious file extension found : etc/ssl/certs/ca-cert-Certigna_Root_CA.pem (You can suppress it with "-ae pem")
* Suspicious file extension found : etc/ssl/certs/ca-cert-USERTrust_ECC_Certification_Authority.pem (You can suppress it with "-ae pem")
* Suspicious file extension found : etc/ssl/certs/ca-cert-T-TeleSec_GlobalRoot_Class_3.pem (You can suppress it with "-ae pem")
* Suspicious file extension found : etc/ssl/certs/ca-cert-COMODO_ECC_Certification_Authority.pem (You can suppress it with "-ae pem")
* Suspicious file extension found : etc/ssl/certs/ca-cert-QuoVadis_Root_CA_2_G3.pem (You can suppress it with "-ae pem")
* Suspicious file extension found : etc/ssl/certs/ca-cert-GlobalSign_Root_CA_-_R6.pem (You can suppress it with "-ae pem")
* Suspicious file extension found : etc/ssl/certs/ca-cert-XRamp_Global_CA_Root.pem (You can suppress it with "-ae pem")
* Suspicious file extension found : etc/ssl/certs/ca-cert-AffirmTrust_Networking.pem (You can suppress it with "-ae pem")
* Suspicious file extension found : etc/ssl/certs/ca-cert-Entrust_Root_Certification_Authority.pem (You can suppress it with "-ae pem")
* Suspicious file extension found : etc/ssl/certs/ca-cert-QuoVadis_Root_CA_3_G3.pem (You can suppress it with "-ae pem")
* Suspicious file extension found : etc/ssl/certs/ca-cert-SSL.com_Root_Certification_Authority_ECC.pem (You can suppress it with "-ae pem")
* Suspicious file extension found : etc/ssl/certs/ca-cert-GTS_Root_R1.pem (You can suppress it with "-ae pem")
* Suspicious file extension found : etc/ssl/certs/ca-cert-DigiCert_Global_Root_CA.pem (You can suppress it with "-ae pem")
* Suspicious file extension found : etc/ssl/certs/ca-cert-TrustCor_ECA-1.pem (You can suppress it with "-ae pem")
* Suspicious file extension found : etc/ssl/certs/ca-cert-GTS_Root_R2.pem (You can suppress it with "-ae pem")
* Suspicious file extension found : etc/ssl/certs/ca-cert-T-TeleSec_GlobalRoot_Class_2.pem (You can suppress it with "-ae pem")
* Suspicious file extension found : etc/ssl/certs/ca-cert-AffirmTrust_Premium_ECC.pem (You can suppress it with "-ae pem")
* Suspicious file extension found : etc/ssl/certs/ca-cert-AffirmTrust_Commercial.pem (You can suppress it with "-ae pem")
* Suspicious file extension found : etc/ssl/certs/ca-cert-SwissSign_Silver_CA_-_G2.pem (You can suppress it with "-ae pem")
* Suspicious file extension found : etc/ssl/certs/ca-cert-ACCVRAIZ1.pem (You can suppress it with "-ae pem")
* Suspicious file extension found : etc/ssl/certs/ca-cert-Trustis_FPS_Root_CA.pem (You can suppress it with "-ae pem")
* Suspicious file extension found : etc/ssl/certs/ca-cert-SecureTrust_CA.pem (You can suppress it with "-ae pem")
* Suspicious file extension found : etc/ssl/certs/ca-cert-GlobalSign_ECC_Root_CA_-_R5.pem (You can suppress it with "-ae pem")
* Suspicious file extension found : etc/ssl/certs/ca-cert-Verisign_Class_3_Public_Primary_Certification_Authority_-_G3.pem (You can suppress it with "-ae pem")
* Suspicious file extension found : etc/ssl/certs/ca-cert-GlobalSign_Root_CA_-_R2.pem (You can suppress it with "-ae pem")
* Suspicious file extension found : etc/ssl/certs/ca-cert-DigiCert_Global_Root_G3.pem (You can suppress it with "-ae pem")
* Suspicious file extension found : etc/ssl/certs/ca-cert-VeriSign_Class_3_Public_Primary_Certification_Authority_-_G4.pem (You can suppress it with "-ae pem")
* Suspicious file extension found : etc/ssl/certs/ca-cert-VeriSign_Universal_Root_Certification_Authority.pem (You can suppress it with "-ae pem")
* Suspicious file extension found : etc/ssl/certs/ca-cert-QuoVadis_Root_CA_2.pem (You can suppress it with "-ae pem")
* Suspicious file extension found : etc/ssl/certs/ca-cert-Amazon_Root_CA_3.pem (You can suppress it with "-ae pem")
* Suspicious file extension found : etc/ssl/certs/ca-cert-Microsec_e-Szigno_Root_CA_2009.pem (You can suppress it with "-ae pem")
* Suspicious file extension found : etc/ssl/certs/ca-cert-Entrust.net_Premium_2048_Secure_Server_CA.pem (You can suppress it with "-ae pem")
* Suspicious file extension found : etc/ssl/certs/ca-cert-Starfield_Services_Root_Certificate_Authority_-_G2.pem (You can suppress it with "-ae pem")
* Suspicious file extension found : etc/ssl/certs/ca-cert-D-TRUST_Root_Class_3_CA_2_EV_2009.pem (You can suppress it with "-ae pem")
* Suspicious file extension found : etc/ssl/certs/ca-cert-Entrust_Root_Certification_Authority_-_G4.pem (You can suppress it with "-ae pem")
* Suspicious file extension found : etc/ssl/certs/ca-cert-Entrust_Root_Certification_Authority_-_G2.pem (You can suppress it with "-ae pem")
* Suspicious file extension found : etc/ssl/certs/ca-cert-UCA_Global_G2_Root.pem (You can suppress it with "-ae pem")
* Suspicious file extension found : etc/ssl/certs/ca-cert-emSign_Root_CA_-_G1.pem (You can suppress it with "-ae pem")
* Suspicious file extension found : etc/ssl/certs/ca-cert-SZAFIR_ROOT_CA2.pem (You can suppress it with "-ae pem")
* Suspicious file extension found : etc/ssl/certs/ca-cert-Go_Daddy_Class_2_CA.pem (You can suppress it with "-ae pem")
* Suspicious file extension found : etc/ssl/certs/ca-cert-AffirmTrust_Premium.pem (You can suppress it with "-ae pem")
* Suspicious file extension found : etc/ssl/certs/ca-cert-D-TRUST_Root_Class_3_CA_2_2009.pem (You can suppress it with "-ae pem")
* Suspicious file extension found : etc/ssl/certs/ca-cert-GlobalSign_Root_CA_-_R3.pem (You can suppress it with "-ae pem")
* Suspicious file extension found : etc/ssl/certs/ca-cert-CA_Disig_Root_R2.pem (You can suppress it with "-ae pem")
* Suspicious file extension found : etc/ssl/certs/ca-cert-SSL.com_EV_Root_Certification_Authority_ECC.pem (You can suppress it with "-ae pem")
* Suspicious file extension found : etc/ssl/certs/ca-cert-Atos_TrustedRoot_2011.pem (You can suppress it with "-ae pem")
* Suspicious file extension found : etc/ssl/certs/ca-cert-thawte_Primary_Root_CA_-_G2.pem (You can suppress it with "-ae pem")
* Suspicious file extension found : etc/ssl/certs/ca-cert-GlobalSign_ECC_Root_CA_-_R4.pem (You can suppress it with "-ae pem")
* Suspicious file extension found : etc/ssl/certs/ca-cert-VeriSign_Class_3_Public_Primary_Certification_Authority_-_G5.pem (You can suppress it with "-ae pem")
* Suspicious file extension found : etc/ssl/certs/ca-cert-EE_Certification_Centre_Root_CA.pem (You can suppress it with "-ae pem")
* Suspicious file extension found : etc/ssl/certs/ca-cert-Hellenic_Academic_and_Research_Institutions_ECC_RootCA_2015.pem (You can suppress it with "-ae pem")
* Suspicious file extension found : etc/ssl/certs/ca-cert-Staat_der_Nederlanden_EV_Root_CA.pem (You can suppress it with "-ae pem")
* Suspicious file extension found : etc/ssl/certs/ca-cert-Amazon_Root_CA_1.pem (You can suppress it with "-ae pem")
* Suspicious file extension found : etc/ssl/certs/ca-cert-DigiCert_Global_Root_G2.pem (You can suppress it with "-ae pem")
* Suspicious file extension found : etc/ssl/certs/ca-cert-Autoridad_de_Certificacion_Firmaprofesional_CIF_A62634068.pem (You can suppress it with "-ae pem")
* Suspicious file extension found : etc/ssl/certs/ca-cert-OISTE_WISeKey_Global_Root_GA_CA.pem (You can suppress it with "-ae pem")
* Suspicious file extension found : etc/ssl/certs/ca-cert-Buypass_Class_2_Root_CA.pem (You can suppress it with "-ae pem")
* Suspicious file extension found : etc/ssl/certs/ca-cert-TeliaSonera_Root_CA_v1.pem (You can suppress it with "-ae pem")
* Suspicious file extension found : etc/ssl/certs/ca-cert-Certum_Trusted_Network_CA_2.pem (You can suppress it with "-ae pem")
* Suspicious file extension found : etc/ssl/certs/ca-cert-SecureSign_RootCA11.pem (You can suppress it with "-ae pem")
* Suspicious file extension found : etc/ssl/certs/ca-cert-QuoVadis_Root_CA.pem (You can suppress it with "-ae pem")
* Suspicious file extension found : etc/ssl/certs/ca-cert-SSL.com_EV_Root_Certification_Authority_RSA_R2.pem (You can suppress it with "-ae pem")
* Suspicious file extension found : etc/ssl/certs/ca-cert-Actalis_Authentication_Root_CA.pem (You can suppress it with "-ae pem")
* Suspicious file extension found : etc/ssl/certs/ca-cert-DigiCert_Assured_ID_Root_G3.pem (You can suppress it with "-ae pem")
* Suspicious file extension found : etc/ssl/certs/ca-cert-GDCA_TrustAUTH_R5_ROOT.pem (You can suppress it with "-ae pem")
* Suspicious file extension found : etc/ssl/certs/ca-cert-ePKI_Root_Certification_Authority.pem (You can suppress it with "-ae pem")
FATAL - DKL-DI-0005: Clear apt-get caches
* Use 'rm -rf /var/lib/apt/lists' after 'apt-get install|update' : /bin/sh -c set -eux; apk add --no-cache --virtual .fetch-deps gnupg; arch="$(apk --print-arch)"; url=; case "$arch" in 'x86_64') export GOARCH='amd64' GOOS='linux'; ;; 'armhf') export GOARCH='arm' GOARM='6' GOOS='linux'; ;; 'armv7') export GOARCH='arm' GOARM='7' GOOS='linux'; ;; 'aarch64') export GOARCH='arm64' GOOS='linux'; ;; 'x86') export GO386='softfloat' GOARCH='386' GOOS='linux'; ;; 'ppc64le') export GOARCH='ppc64le' GOOS='linux'; ;; 's390x') export GOARCH='s390x' GOOS='linux'; ;; *) echo >&2 "error: unsupported architecture '$arch' (likely packaging update needed)"; exit 1 ;; esac; build=; if [ -z "$url" ]; then build=1; url='https://dl.google.com/go/go1.17.1.src.tar.gz'; sha256='49dc08339770acd5613312db8c141eaf61779995577b89d93b541ef83067e5b1'; fi; wget -O go.tgz.asc "$url.asc"; wget -O go.tgz "$url"; echo "$sha256 *go.tgz" | sha256sum -c -; GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; gpg --batch --keyserver keyserver.ubuntu.com --recv-keys 'EB4C 1BFD 4F04 2F6D DDCC EC91 7721 F63B D38B 4796'; gpg --batch --verify go.tgz.asc go.tgz; gpgconf --kill all; rm -rf "$GNUPGHOME" go.tgz.asc; tar -C /usr/local -xzf go.tgz; rm go.tgz; if [ -n "$build" ]; then apk add --no-cache --virtual .build-deps bash gcc go musl-dev ; ( cd /usr/local/go/src; export GOROOT_BOOTSTRAP="$(go env GOROOT)" GOHOSTOS="$GOOS" GOHOSTARCH="$GOARCH"; ./make.bash; ); apk del --no-network .build-deps; go install std; rm -rf /usr/local/go/pkg/*/cmd /usr/local/go/pkg/bootstrap /usr/local/go/pkg/obj /usr/local/go/pkg/tool/*/api /usr/local/go/pkg/tool/*/go_bootstrap /usr/local/go/src/cmd/dist/dist ; fi; apk del --no-network .fetch-deps; go version
WARN - CIS-DI-0001: Create a user for the container
* Last user should not be root
INFO - CIS-DI-0006: Add HEALTHCHECK instruction to the container image
* not found HEALTHCHECK statement
INFO - DKL-LI-0003: Only put necessary files
* unnecessary file : usr/local/go/src/crypto/elliptic/internal/fiat/Dockerfile
IGNORE - CIS-DI-0005: Enable Content trust for Docker
```
Description
What did you expect to happen?
/var/cache/apk/*
is empty instead of/var/lib/apt/lists/*
What happened instead?
apt-get
cache dir/var/lib/apt/lists
(DKL-DI-0005).apk
as a package manager and notapt
, which is the package manager for Debian-ish distros.Output of run with
-debug
:output log
```shellsession $ docker pull golang:1.17.1-alpine alpine: Pulling from library/golang Digest: sha256:13919fb9091f6667cb375d5fdf016ecd6d3a5d5995603000d422b04583de4ef9 Status: Downloaded newer image for golang:alpine docker.io/library/golang:alpine $ dockle -v dockle version 0.4.0 $ dockle --debug golang:1.17.1-alpine 2021-09-11T19:22:50.284+0900 DEBUG Add new ignore code: DKL-DI-0006 2021-09-11T19:22:50.284+0900 DEBUG Add new ignore code: CIS-DI-0005 2021-09-11T19:22:50.284+0900 DEBUG Fetch latest version from github 2021-09-11T19:22:50.732+0900 DEBUG Start assessments... 2021-09-11T19:23:01.288+0900 DEBUG Start scan : password files 2021-09-11T19:23:01.288+0900 DEBUG Start scan : /etc/passwd 2021-09-11T19:23:01.288+0900 DEBUG Start scan : /etc/group 2021-09-11T19:23:01.288+0900 DEBUG Start scan : /etc/hosts 2021-09-11T19:23:01.289+0900 DEBUG Start scan : credential files 2021-09-11T19:23:01.289+0900 DEBUG Scan start : config file 2021-09-11T19:23:01.291+0900 DEBUG Scan start : DOCKER_CONTENT_TRUST 2021-09-11T19:23:01.291+0900 DEBUG Start scan : cache files 2021-09-11T19:23:01.291+0900 DEBUG End assessments... FATAL - CIS-DI-0010: Do not store credential in ENVIRONMENT vars/files * Suspicious file extension found : etc/ssl/certs/ca-cert-Izenpe.com.pem (You can suppress it with "-ae pem") * Suspicious file extension found : etc/ssl/certs/ca-cert-certSIGN_ROOT_CA.pem (You can suppress it with "-ae pem") * Suspicious file extension found : etc/ssl/certs/ca-cert-Comodo_AAA_Services_root.pem (You can suppress it with "-ae pem") * Suspicious file extension found : etc/ssl/certs/ca-cert-thawte_Primary_Root_CA.pem (You can suppress it with "-ae pem") * Suspicious file extension found : etc/ssl/certs/ca-cert-Cybertrust_Global_Root.pem (You can suppress it with "-ae pem") * Suspicious file extension found : etc/ssl/certs/ca-cert-COMODO_RSA_Certification_Authority.pem (You can suppress it with "-ae pem") * Suspicious file extension found : etc/ssl/certs/ca-cert-OISTE_WISeKey_Global_Root_GC_CA.pem (You can suppress it with "-ae pem") * Suspicious file extension found : etc/ssl/certs/ca-cert-QuoVadis_Root_CA_3.pem (You can suppress it with "-ae pem") * Suspicious file extension found : etc/ssl/certs/ca-cert-IdenTrust_Public_Sector_Root_CA_1.pem (You can suppress it with "-ae pem") * Suspicious file extension found : etc/ssl/certs/ca-cert-USERTrust_RSA_Certification_Authority.pem (You can suppress it with "-ae pem") * Suspicious file extension found : etc/ssl/certs/ca-cert-DST_Root_CA_X3.pem (You can suppress it with "-ae pem") * Suspicious file extension found : etc/ssl/certs/ca-cert-GeoTrust_Global_CA.pem (You can suppress it with "-ae pem") * Suspicious file extension found : etc/ssl/certs/ca-cert-Amazon_Root_CA_4.pem (You can suppress it with "-ae pem") * Suspicious file extension found : etc/ssl/certs/ca-cert-SwissSign_Gold_CA_-_G2.pem (You can suppress it with "-ae pem") * Suspicious file extension found : etc/ssl/certs/ca-cert-GeoTrust_Primary_Certification_Authority.pem (You can suppress it with "-ae pem") * Suspicious file extension found : etc/ssl/certs/ca-cert-DigiCert_Assured_ID_Root_CA.pem (You can suppress it with "-ae pem") * Suspicious file extension found : etc/ssl/certs/ca-cert-GeoTrust_Universal_CA.pem (You can suppress it with "-ae pem") * Suspicious file extension found : etc/ssl/certs/ca-cert-E-Tugra_Certification_Authority.pem (You can suppress it with "-ae pem") * Suspicious file extension found : usr/local/go/src/crypto/tls/testdata/example-cert.pem (You can suppress it with "-ae pem") * Suspicious file extension found : etc/ssl/certs/ca-cert-TrustCor_RootCert_CA-2.pem (You can suppress it with "-ae pem") * Suspicious file extension found : etc/ssl/certs/ca-cert-DigiCert_High_Assurance_EV_Root_CA.pem (You can suppress it with "-ae pem") * Suspicious file extension found : etc/ssl/certs/ca-cert-emSign_ECC_Root_CA_-_G3.pem (You can suppress it with "-ae pem") * Suspicious file extension found : etc/ssl/certs/ca-cert-Security_Communication_RootCA2.pem (You can suppress it with "-ae pem") * Suspicious file extension found : etc/ssl/certs/ca-cert-EC-ACC.pem (You can suppress it with "-ae pem") * Suspicious file extension found : etc/ssl/certs/ca-cert-NetLock_Arany_=Class_Gold=_Főtanúsítvány.pem (You can suppress it with "-ae pem") * Suspicious file extension found : etc/ssl/certs/ca-cert-TUBITAK_Kamu_SM_SSL_Kok_Sertifikasi_-_Surum_1.pem (You can suppress it with "-ae pem") * Suspicious file extension found : etc/ssl/certs/ca-cert-Go_Daddy_Root_Certificate_Authority_-_G2.pem (You can suppress it with "-ae pem") * Suspicious file extension found : etc/ssl/cert.pem (You can suppress it with "-ae pem") * Suspicious file extension found : etc/ssl/certs/ca-cert-AC_RAIZ_FNMT-RCM.pem (You can suppress it with "-ae pem") * Suspicious file extension found : etc/ssl/certs/ca-cert-QuoVadis_Root_CA_1_G3.pem (You can suppress it with "-ae pem") * Suspicious file extension found : etc/ssl/certs/ca-cert-GeoTrust_Primary_Certification_Authority_-_G3.pem (You can suppress it with "-ae pem") * Suspicious file extension found : etc/ssl/certs/ca-cert-Amazon_Root_CA_2.pem (You can suppress it with "-ae pem") * Suspicious file extension found : etc/ssl/certs/ca-cert-SSL.com_Root_Certification_Authority_RSA.pem (You can suppress it with "-ae pem") * Suspicious file extension found : etc/ssl/certs/ca-cert-ISRG_Root_X1.pem (You can suppress it with "-ae pem") * Suspicious file extension found : etc/ssl/certs/ca-cert-Buypass_Class_3_Root_CA.pem (You can suppress it with "-ae pem") * Suspicious file extension found : etc/ssl/certs/ca-cert-Global_Chambersign_Root_-_2008.pem (You can suppress it with "-ae pem") * Suspicious file extension found : etc/ssl/certs/ca-cert-TrustCor_RootCert_CA-1.pem (You can suppress it with "-ae pem") * Suspicious file extension found : etc/ssl/certs/ca-cert-Network_Solutions_Certificate_Authority.pem (You can suppress it with "-ae pem") * Suspicious file extension found : etc/ssl/certs/ca-cert-Chambers_of_Commerce_Root_-_2008.pem (You can suppress it with "-ae pem") * Suspicious file extension found : etc/ssl/certs/ca-cert-Hongkong_Post_Root_CA_1.pem (You can suppress it with "-ae pem") * Suspicious file extension found : etc/ssl/certs/ca-cert-Security_Communication_Root_CA.pem (You can suppress it with "-ae pem") * Suspicious file extension found : etc/ssl/certs/ca-cert-GTS_Root_R4.pem (You can suppress it with "-ae pem") * Suspicious file extension found : etc/ssl/certs/ca-cert-GeoTrust_Universal_CA_2.pem (You can suppress it with "-ae pem") * Suspicious file extension found : etc/ssl/certs/ca-cert-Staat_der_Nederlanden_Root_CA_-_G2.pem (You can suppress it with "-ae pem") * Suspicious file extension found : etc/ssl/certs/ca-cert-GeoTrust_Primary_Certification_Authority_-_G2.pem (You can suppress it with "-ae pem") * Suspicious file extension found : etc/ssl/certs/ca-cert-Baltimore_CyberTrust_Root.pem (You can suppress it with "-ae pem") * Suspicious file extension found : etc/ssl/certs/ca-cert-CFCA_EV_ROOT.pem (You can suppress it with "-ae pem") * Suspicious file extension found : etc/ssl/certs/ca-cert-thawte_Primary_Root_CA_-_G3.pem (You can suppress it with "-ae pem") * Suspicious file extension found : etc/ssl/certs/ca-cert-UCA_Extended_Validation_Root.pem (You can suppress it with "-ae pem") * Suspicious file extension found : etc/ssl/certs/ca-cert-Secure_Global_CA.pem (You can suppress it with "-ae pem") * Suspicious file extension found : etc/ssl/certs/ca-cert-GTS_Root_R3.pem (You can suppress it with "-ae pem") * Suspicious file extension found : etc/ssl/certs/ca-cert-Hongkong_Post_Root_CA_3.pem (You can suppress it with "-ae pem") * Suspicious file extension found : etc/ssl/certs/ca-cert-TWCA_Root_Certification_Authority.pem (You can suppress it with "-ae pem") * Suspicious file extension found : etc/ssl/certs/ca-cert-Hellenic_Academic_and_Research_Institutions_RootCA_2015.pem (You can suppress it with "-ae pem") * Suspicious file extension found : etc/ssl/certs/ca-cert-COMODO_Certification_Authority.pem (You can suppress it with "-ae pem") * Suspicious file extension found : etc/ssl/certs/ca-cert-DigiCert_Assured_ID_Root_G2.pem (You can suppress it with "-ae pem") * Suspicious file extension found : etc/ssl/certs/ca-cert-LuxTrust_Global_Root_2.pem (You can suppress it with "-ae pem") * Suspicious file extension found : etc/ssl/certs/ca-cert-Certigna.pem (You can suppress it with "-ae pem") * Suspicious file extension found : etc/ssl/certs/ca-cert-DigiCert_Trusted_Root_G4.pem (You can suppress it with "-ae pem") * Suspicious file extension found : etc/ssl/certs/ca-cert-Taiwan_GRCA.pem (You can suppress it with "-ae pem") * Suspicious file extension found : etc/ssl/certs/ca-cert-Sonera_Class_2_Root_CA.pem (You can suppress it with "-ae pem") * Suspicious file extension found : etc/ssl/certs/ca-cert-TWCA_Global_Root_CA.pem (You can suppress it with "-ae pem") * Suspicious file extension found : etc/ssl/certs/ca-cert-Starfield_Root_Certificate_Authority_-_G2.pem (You can suppress it with "-ae pem") * Suspicious file extension found : etc/ssl/certs/ca-cert-emSign_Root_CA_-_C1.pem (You can suppress it with "-ae pem") * Suspicious file extension found : etc/ssl/certs/ca-cert-Entrust_Root_Certification_Authority_-_EC1.pem (You can suppress it with "-ae pem") * Suspicious file extension found : etc/ssl/certs/ca-cert-Certum_Trusted_Network_CA.pem (You can suppress it with "-ae pem") * Suspicious file extension found : etc/ssl/certs/ca-cert-emSign_ECC_Root_CA_-_C3.pem (You can suppress it with "-ae pem") * Suspicious file extension found : etc/ssl/certs/ca-cert-Staat_der_Nederlanden_Root_CA_-_G3.pem (You can suppress it with "-ae pem") * Suspicious file extension found : etc/ssl/certs/ca-cert-OISTE_WISeKey_Global_Root_GB_CA.pem (You can suppress it with "-ae pem") * Suspicious file extension found : etc/ssl/certs/ca-cert-IdenTrust_Commercial_Root_CA_1.pem (You can suppress it with "-ae pem") * Suspicious file extension found : etc/ssl/certs/ca-cert-GlobalSign_Root_CA.pem (You can suppress it with "-ae pem") * Suspicious file extension found : usr/local/go/src/crypto/tls/testdata/example-key.pem (You can suppress it with "-ae pem") * Suspicious file extension found : etc/ssl/certs/ca-cert-Starfield_Class_2_CA.pem (You can suppress it with "-ae pem") * Suspicious file extension found : etc/ssl/certs/ca-cert-Hellenic_Academic_and_Research_Institutions_RootCA_2011.pem (You can suppress it with "-ae pem") * Suspicious file extension found : etc/ssl/certs/ca-cert-Certigna_Root_CA.pem (You can suppress it with "-ae pem") * Suspicious file extension found : etc/ssl/certs/ca-cert-USERTrust_ECC_Certification_Authority.pem (You can suppress it with "-ae pem") * Suspicious file extension found : etc/ssl/certs/ca-cert-T-TeleSec_GlobalRoot_Class_3.pem (You can suppress it with "-ae pem") * Suspicious file extension found : etc/ssl/certs/ca-cert-COMODO_ECC_Certification_Authority.pem (You can suppress it with "-ae pem") * Suspicious file extension found : etc/ssl/certs/ca-cert-QuoVadis_Root_CA_2_G3.pem (You can suppress it with "-ae pem") * Suspicious file extension found : etc/ssl/certs/ca-cert-GlobalSign_Root_CA_-_R6.pem (You can suppress it with "-ae pem") * Suspicious file extension found : etc/ssl/certs/ca-cert-XRamp_Global_CA_Root.pem (You can suppress it with "-ae pem") * Suspicious file extension found : etc/ssl/certs/ca-cert-AffirmTrust_Networking.pem (You can suppress it with "-ae pem") * Suspicious file extension found : etc/ssl/certs/ca-cert-Entrust_Root_Certification_Authority.pem (You can suppress it with "-ae pem") * Suspicious file extension found : etc/ssl/certs/ca-cert-QuoVadis_Root_CA_3_G3.pem (You can suppress it with "-ae pem") * Suspicious file extension found : etc/ssl/certs/ca-cert-SSL.com_Root_Certification_Authority_ECC.pem (You can suppress it with "-ae pem") * Suspicious file extension found : etc/ssl/certs/ca-cert-GTS_Root_R1.pem (You can suppress it with "-ae pem") * Suspicious file extension found : etc/ssl/certs/ca-cert-DigiCert_Global_Root_CA.pem (You can suppress it with "-ae pem") * Suspicious file extension found : etc/ssl/certs/ca-cert-TrustCor_ECA-1.pem (You can suppress it with "-ae pem") * Suspicious file extension found : etc/ssl/certs/ca-cert-GTS_Root_R2.pem (You can suppress it with "-ae pem") * Suspicious file extension found : etc/ssl/certs/ca-cert-T-TeleSec_GlobalRoot_Class_2.pem (You can suppress it with "-ae pem") * Suspicious file extension found : etc/ssl/certs/ca-cert-AffirmTrust_Premium_ECC.pem (You can suppress it with "-ae pem") * Suspicious file extension found : etc/ssl/certs/ca-cert-AffirmTrust_Commercial.pem (You can suppress it with "-ae pem") * Suspicious file extension found : etc/ssl/certs/ca-cert-SwissSign_Silver_CA_-_G2.pem (You can suppress it with "-ae pem") * Suspicious file extension found : etc/ssl/certs/ca-cert-ACCVRAIZ1.pem (You can suppress it with "-ae pem") * Suspicious file extension found : etc/ssl/certs/ca-cert-Trustis_FPS_Root_CA.pem (You can suppress it with "-ae pem") * Suspicious file extension found : etc/ssl/certs/ca-cert-SecureTrust_CA.pem (You can suppress it with "-ae pem") * Suspicious file extension found : etc/ssl/certs/ca-cert-GlobalSign_ECC_Root_CA_-_R5.pem (You can suppress it with "-ae pem") * Suspicious file extension found : etc/ssl/certs/ca-cert-Verisign_Class_3_Public_Primary_Certification_Authority_-_G3.pem (You can suppress it with "-ae pem") * Suspicious file extension found : etc/ssl/certs/ca-cert-GlobalSign_Root_CA_-_R2.pem (You can suppress it with "-ae pem") * Suspicious file extension found : etc/ssl/certs/ca-cert-DigiCert_Global_Root_G3.pem (You can suppress it with "-ae pem") * Suspicious file extension found : etc/ssl/certs/ca-cert-VeriSign_Class_3_Public_Primary_Certification_Authority_-_G4.pem (You can suppress it with "-ae pem") * Suspicious file extension found : etc/ssl/certs/ca-cert-VeriSign_Universal_Root_Certification_Authority.pem (You can suppress it with "-ae pem") * Suspicious file extension found : etc/ssl/certs/ca-cert-QuoVadis_Root_CA_2.pem (You can suppress it with "-ae pem") * Suspicious file extension found : etc/ssl/certs/ca-cert-Amazon_Root_CA_3.pem (You can suppress it with "-ae pem") * Suspicious file extension found : etc/ssl/certs/ca-cert-Microsec_e-Szigno_Root_CA_2009.pem (You can suppress it with "-ae pem") * Suspicious file extension found : etc/ssl/certs/ca-cert-Entrust.net_Premium_2048_Secure_Server_CA.pem (You can suppress it with "-ae pem") * Suspicious file extension found : etc/ssl/certs/ca-cert-Starfield_Services_Root_Certificate_Authority_-_G2.pem (You can suppress it with "-ae pem") * Suspicious file extension found : etc/ssl/certs/ca-cert-D-TRUST_Root_Class_3_CA_2_EV_2009.pem (You can suppress it with "-ae pem") * Suspicious file extension found : etc/ssl/certs/ca-cert-Entrust_Root_Certification_Authority_-_G4.pem (You can suppress it with "-ae pem") * Suspicious file extension found : etc/ssl/certs/ca-cert-Entrust_Root_Certification_Authority_-_G2.pem (You can suppress it with "-ae pem") * Suspicious file extension found : etc/ssl/certs/ca-cert-UCA_Global_G2_Root.pem (You can suppress it with "-ae pem") * Suspicious file extension found : etc/ssl/certs/ca-cert-emSign_Root_CA_-_G1.pem (You can suppress it with "-ae pem") * Suspicious file extension found : etc/ssl/certs/ca-cert-SZAFIR_ROOT_CA2.pem (You can suppress it with "-ae pem") * Suspicious file extension found : etc/ssl/certs/ca-cert-Go_Daddy_Class_2_CA.pem (You can suppress it with "-ae pem") * Suspicious file extension found : etc/ssl/certs/ca-cert-AffirmTrust_Premium.pem (You can suppress it with "-ae pem") * Suspicious file extension found : etc/ssl/certs/ca-cert-D-TRUST_Root_Class_3_CA_2_2009.pem (You can suppress it with "-ae pem") * Suspicious file extension found : etc/ssl/certs/ca-cert-GlobalSign_Root_CA_-_R3.pem (You can suppress it with "-ae pem") * Suspicious file extension found : etc/ssl/certs/ca-cert-CA_Disig_Root_R2.pem (You can suppress it with "-ae pem") * Suspicious file extension found : etc/ssl/certs/ca-cert-SSL.com_EV_Root_Certification_Authority_ECC.pem (You can suppress it with "-ae pem") * Suspicious file extension found : etc/ssl/certs/ca-cert-Atos_TrustedRoot_2011.pem (You can suppress it with "-ae pem") * Suspicious file extension found : etc/ssl/certs/ca-cert-thawte_Primary_Root_CA_-_G2.pem (You can suppress it with "-ae pem") * Suspicious file extension found : etc/ssl/certs/ca-cert-GlobalSign_ECC_Root_CA_-_R4.pem (You can suppress it with "-ae pem") * Suspicious file extension found : etc/ssl/certs/ca-cert-VeriSign_Class_3_Public_Primary_Certification_Authority_-_G5.pem (You can suppress it with "-ae pem") * Suspicious file extension found : etc/ssl/certs/ca-cert-EE_Certification_Centre_Root_CA.pem (You can suppress it with "-ae pem") * Suspicious file extension found : etc/ssl/certs/ca-cert-Hellenic_Academic_and_Research_Institutions_ECC_RootCA_2015.pem (You can suppress it with "-ae pem") * Suspicious file extension found : etc/ssl/certs/ca-cert-Staat_der_Nederlanden_EV_Root_CA.pem (You can suppress it with "-ae pem") * Suspicious file extension found : etc/ssl/certs/ca-cert-Amazon_Root_CA_1.pem (You can suppress it with "-ae pem") * Suspicious file extension found : etc/ssl/certs/ca-cert-DigiCert_Global_Root_G2.pem (You can suppress it with "-ae pem") * Suspicious file extension found : etc/ssl/certs/ca-cert-Autoridad_de_Certificacion_Firmaprofesional_CIF_A62634068.pem (You can suppress it with "-ae pem") * Suspicious file extension found : etc/ssl/certs/ca-cert-OISTE_WISeKey_Global_Root_GA_CA.pem (You can suppress it with "-ae pem") * Suspicious file extension found : etc/ssl/certs/ca-cert-Buypass_Class_2_Root_CA.pem (You can suppress it with "-ae pem") * Suspicious file extension found : etc/ssl/certs/ca-cert-TeliaSonera_Root_CA_v1.pem (You can suppress it with "-ae pem") * Suspicious file extension found : etc/ssl/certs/ca-cert-Certum_Trusted_Network_CA_2.pem (You can suppress it with "-ae pem") * Suspicious file extension found : etc/ssl/certs/ca-cert-SecureSign_RootCA11.pem (You can suppress it with "-ae pem") * Suspicious file extension found : etc/ssl/certs/ca-cert-QuoVadis_Root_CA.pem (You can suppress it with "-ae pem") * Suspicious file extension found : etc/ssl/certs/ca-cert-SSL.com_EV_Root_Certification_Authority_RSA_R2.pem (You can suppress it with "-ae pem") * Suspicious file extension found : etc/ssl/certs/ca-cert-Actalis_Authentication_Root_CA.pem (You can suppress it with "-ae pem") * Suspicious file extension found : etc/ssl/certs/ca-cert-DigiCert_Assured_ID_Root_G3.pem (You can suppress it with "-ae pem") * Suspicious file extension found : etc/ssl/certs/ca-cert-GDCA_TrustAUTH_R5_ROOT.pem (You can suppress it with "-ae pem") * Suspicious file extension found : etc/ssl/certs/ca-cert-ePKI_Root_Certification_Authority.pem (You can suppress it with "-ae pem") FATAL - DKL-DI-0005: Clear apt-get caches * Use 'rm -rf /var/lib/apt/lists' after 'apt-get install|update' : /bin/sh -c set -eux; apk add --no-cache --virtual .fetch-deps gnupg; arch="$(apk --print-arch)"; url=; case "$arch" in 'x86_64') export GOARCH='amd64' GOOS='linux'; ;; 'armhf') export GOARCH='arm' GOARM='6' GOOS='linux'; ;; 'armv7') export GOARCH='arm' GOARM='7' GOOS='linux'; ;; 'aarch64') export GOARCH='arm64' GOOS='linux'; ;; 'x86') export GO386='softfloat' GOARCH='386' GOOS='linux'; ;; 'ppc64le') export GOARCH='ppc64le' GOOS='linux'; ;; 's390x') export GOARCH='s390x' GOOS='linux'; ;; *) echo >&2 "error: unsupported architecture '$arch' (likely packaging update needed)"; exit 1 ;; esac; build=; if [ -z "$url" ]; then build=1; url='https://dl.google.com/go/go1.17.1.src.tar.gz'; sha256='49dc08339770acd5613312db8c141eaf61779995577b89d93b541ef83067e5b1'; fi; wget -O go.tgz.asc "$url.asc"; wget -O go.tgz "$url"; echo "$sha256 *go.tgz" | sha256sum -c -; GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; gpg --batch --keyserver keyserver.ubuntu.com --recv-keys 'EB4C 1BFD 4F04 2F6D DDCC EC91 7721 F63B D38B 4796'; gpg --batch --verify go.tgz.asc go.tgz; gpgconf --kill all; rm -rf "$GNUPGHOME" go.tgz.asc; tar -C /usr/local -xzf go.tgz; rm go.tgz; if [ -n "$build" ]; then apk add --no-cache --virtual .build-deps bash gcc go musl-dev ; ( cd /usr/local/go/src; export GOROOT_BOOTSTRAP="$(go env GOROOT)" GOHOSTOS="$GOOS" GOHOSTARCH="$GOARCH"; ./make.bash; ); apk del --no-network .build-deps; go install std; rm -rf /usr/local/go/pkg/*/cmd /usr/local/go/pkg/bootstrap /usr/local/go/pkg/obj /usr/local/go/pkg/tool/*/api /usr/local/go/pkg/tool/*/go_bootstrap /usr/local/go/src/cmd/dist/dist ; fi; apk del --no-network .fetch-deps; go version WARN - CIS-DI-0001: Create a user for the container * Last user should not be root INFO - CIS-DI-0006: Add HEALTHCHECK instruction to the container image * not found HEALTHCHECK statement INFO - DKL-LI-0003: Only put necessary files * unnecessary file : usr/local/go/src/crypto/elliptic/internal/fiat/Dockerfile IGNORE - CIS-DI-0005: Enable Content trust for Docker ```Output of
dockle -v
:Additional details (base image name, container registry info...):
I inserted the line break to be readable as below. Doesn't
go install
line seems to cause the mal-detection ofapt-get install
? somehow, maybe?