Verifed by r2c
profile photo of r2cr2c
Download Count*

Selected rules from Hadolint, a Dockerfile linter, rewritten in Semgrep.

Run Locally

Rules (5)

profile photo of returntocorpreturntocorp

By not specifying a USER, a program in the container may run as 'root'. This is a security hazard. If an attacker can control a process running as root, they may have control over the container. Ensure that the last USER in a Dockerfile is a USER other than 'root'.