search

goodwithtech / dockle

Container Image Linter for Security, Helping build the Best-Practice Docker Image, Easy to start
https://containers.goodwith.tech/
Apache License 2.0
2.8k stars 139 forks source link

Problem scanning ubuntu images #217

Closed zfLQ2qx2 closed 1 year ago

zfLQ2qx2 commented 1 year ago

See https://github.com/dotnet/dotnet-docker/issues/4209 for details why the CIS-DI-0009 finding is false for Ubuntu images, have confirmed same error occurs for ubuntu:latest.

tomoyamachi commented 1 year ago

@zfLQ2qx2 Thank you for your comment.

It is difficult to analyze whether it is a file that can be COPY or needs to be ADD from the Image.

If you get a false positive, you should use .dockleignore file or the ignore flag in that case, as you would with any other Linter. Dockle alerts users who are not aware that ADD is dangerous.

However, I need to think a bit about whether the FATAL level is correct for this item.

tomoyamachi commented 1 year ago

@zfLQ2qx2 I'm sorry. I was wrong. This issue has been fixed in version 0.4.13.