dockerfile

Verifed by r2c

Community Favorite

Semgrep

Author

1,636

Download Count*

LGPL Commons Clause

License

Selected rules from Hadolint, a Dockerfile linter, rewritten in Semgrep.

Run Locally

Rules (5)

dockerfile.security.last-user-is-root.last-user-is-root

semgrep

dockerfile

The last user in the container is 'root'. This is a security hazard because if an attacker gains control of the container they will have root access. Switch back to another user after running commands as 'root'.

dockerfile.security.missing-user-entrypoint.missing-user-entrypoint

semgrep

dockerfile

By not specifying a USER, a program in the container may run as 'root'. This is a security hazard. If an attacker can control a process running as root, they may have control over the container. Ensure that the last USER in a Dockerfile is a USER other than 'root'.

dockerfile.security.missing-user.missing-user

semgrep

dockerfile

dockerfile.security.no-sudo-in-dockerfile.no-sudo-in-dockerfile

semgrep

dockerfile

Avoid using sudo in Dockerfiles. Running processes as a non-root user can help reduce the potential impact of configuration errors and security vulnerabilities.

generic.dockerfile.missing-zypper-no-confirm-switch.missing-zypper-no-confirm-switch

semgrep

dockerfile

This 'zypper install' is missing the '-y' switch. This might stall builds because it requires human intervention. Add the '-y' switch.