When installing packages an index is cached locally by default. The index can be used on-the-fly and not stored locally.
Rule justification
Cleaning cache after package installation can reduce the size image and can reduce energy consumption.
Why it matters:
For the image itself:
Image Size Reduction : Larger images require more storage, more time to transfer, and more resources to load into memory and execute.
For the containers created from the image:
Startup time: The more layers an image has, the longer it will take for the container to start up because each layer must be pulled from the registry and loaded into memory. This can be noticeable if you have many small layers, as the overhead of loading each layer can add up.
Disk usage: Each layer in an image adds to the size of the final image, which in turn affects the disk usage of the container. This can become a problem if you have many images or if you're working with limited disk space.
Security: Each layer in an image represents a potential attack surface, so minimizing the number of layers can improve the security of your container. This is because each layer can potentially contain vulnerabilities or malicious code that could be exploited
(This rule already exist in Sonarqube but is relevant to ecocode https://rules.sonarsource.com/docker/RSPEC-6587/)
Rule title
Cache should be cleaned after package installation
Language and platform
Docker
Rule description
See rule : https://rules.sonarsource.com/docker/RSPEC-6587/
Rule short description
When installing packages an index is cached locally by default. The index can be used on-the-fly and not stored locally.
Rule justification
Cleaning cache after package installation can reduce the size image and can reduce energy consumption.
Why it matters:
Official documentation : https://docs.docker.com/develop/develop-images/guidelines/
Severity / Remediation Cost
Severity : Major
Implementation principle
Already implemented.