generic.dockerfile.missing-zypper-no-confirm-switch.missing-zypper-no-confirm-switch

profile photo of semgrepsemgrep
Author
unknown
Download Count*
LGPL Commons Clause
License

This 'zypper install' is missing the '-y' switch. This might stall builds because it requires human intervention. Add the '-y' switch.

Run Locally

Run in CI

Semgrep CI docs

Defintion

Edit RuleView Source
Open in Playground 
rules:
  - id: missing-zypper-no-confirm-switch
    severity: WARNING
    languages:
      - dockerfile
    patterns:
      - pattern: |
          RUN ... zypper install ...
      - pattern-not: |
          RUN ... zypper install ... -y ...
      - pattern-not: |
          RUN ... zypper install ... --no-confirm ...
    message: This 'zypper install' is missing the '-y' switch. This might stall
      builds because it requires human intervention. Add the '-y' switch.
    metadata:
      source-rule-url: https://github.com/hadolint/hadolint/wiki/DL3034
      references:
        - https://github.com/hadolint/hadolint/wiki/DL3034
      category: best-practice
      technology:
        - dockerfile
      license: Commons Clause License Condition v1.0[LGPL-2.1-only]
    paths:
      include:
        - "*dockerfile*"
        - "*Dockerfile*"

Examples

missing-zypper-no-confirm-switch.dockerfile

# cf. https://github.com/hadolint/hadolint/wiki/DL3034

FROM debian
# ruleid: missing-zypper-no-confirm-switch
RUN zypper install httpd=2.4.46 && zypper clean

# ok: missing-zypper-no-confirm-switch
RUN zypper install -y httpd=2.4.46 && zypper clean