search

goodwithtech / dockle

Container Image Linter for Security, Helping build the Best-Practice Docker Image, Easy to start
https://containers.goodwith.tech/
Apache License 2.0
2.75k stars 138 forks source link

Stop alerting /tmp as suspicious directory (DKL-LI-0003) #215

Closed zfLQ2qx2 closed 7 months ago

zfLQ2qx2 commented 1 year ago

Description

Dockle 0.4.10 is reporting /tmp as a suspicious directory:

INFO    - DKL-LI-0003: Only put necessary files
--
400 | * unnecessary file : usr/local/share/.cache/yarn/v6/npm-@pm2-io-5.0.0-623cbcaf6fe39375f20ac2e75497477a1b1ec5c5-integrity/node_modules/@pm2/io/docker-compose.yml
401 | * Suspicious directory : tmp

What did you expect to happen?

It makes sense to remove any files in /tmp as part of the container build process, however the /tmp directory itself should always exist in a unix system, there are too many things including system functions that expect that directory to exist. Our developers had started to remove the /tmp directory to appease Dockle which caused issues when the containers tried to start.

What happened instead?

Dockle 0.4.10 reports /tmp as DKL-LI-0003 suspicious directory

tomoyamachi commented 1 year ago

Thank you for your recommendation. I'll think about it.

RoseSecurity commented 10 months ago

@tomoyamachi Hey! Just opened a PR to address this ticket. Feel free to check it out if you have an opportunity.

tomoyamachi commented 7 months ago

@RoseSecurity Thank you for your contribution. Your code has been included in the latest release.

RoseSecurity commented 7 months ago

@RoseSecurity Thank you for your contribution.

Your code has been included in the latest release.

If you ever need help maintaining, just say the word!