Semgrep Registry - dockerfile

generic.dockerfile.security.last-user-is-root.last-user-is-root

returntocorp

dockerfile

The last user in the container is 'root'. This is a security hazard because if an attacker gains control of the container they will have root access. Switch back to another user after running commands as 'root'.

dockerfile.security.last-user-is-root.last-user-is-root

returntocorp

dockerfile

The last user in the container is 'root'. This is a security hazard because if an attacker gains control of the container they will have root access. Switch back to another user after running commands as 'root'.

dockerfile.security.missing-user-entrypoint.missing-user-entrypoint

returntocorp

dockerfile

By not specifying a USER, a program in the container may run as 'root'. This is a security hazard. If an attacker can control a process running as root, they may have control over the container. Ensure that the last USER in a Dockerfile is a USER other than 'root'.

dockerfile.security.missing-user.missing-user

returntocorp

dockerfile

By not specifying a USER, a program in the container may run as 'root'. This is a security hazard. If an attacker can control a process running as root, they may have control over the container. Ensure that the last USER in a Dockerfile is a USER other than 'root'.

generic.dockerfile.missing-zypper-no-confirm-switch.missing-zypper-no-confirm-switch

returntocorp

dockerfile

This 'zypper install' is missing the '-y' switch. This might stall builds because it requires human intervention. Add the '-y' switch.

dockerfile

Run Locally

Rules (5)

generic.dockerfile.security.last-user-is-root.last-user-is-root

dockerfile.security.last-user-is-root.last-user-is-root

dockerfile.security.missing-user-entrypoint.missing-user-entrypoint

dockerfile.security.missing-user.missing-user

generic.dockerfile.missing-zypper-no-confirm-switch.missing-zypper-no-confirm-switch