[Hackathon 2024][Gadolinium][Docker] Existing rules in Sonar : Cache should be cleaned after package installation

[MP-Aubay]

(This rule already exist in Sonarqube but is relevant to ecocode https://rules.sonarsource.com/docker/RSPEC-6587/)

Rule title

Cache should be cleaned after package installation

Language and platform

Docker

Rule description

See rule : https://rules.sonarsource.com/docker/RSPEC-6587/

Rule short description

When installing packages an index is cached locally by default. The index can be used on-the-fly and not stored locally.

Rule justification

Cleaning cache after package installation can reduce the size image and can reduce energy consumption.

Why it matters:

• For the image itself:
  • Image Size Reduction : Larger images require more storage, more time to transfer, and more resources to load into memory and execute.
• For the containers created from the image:
  • Startup time: The more layers an image has, the longer it will take for the container to start up because each layer must be pulled from the registry and loaded into memory. This can be noticeable if you have many small layers, as the overhead of loading each layer can add up.
  • Disk usage: Each layer in an image adds to the size of the final image, which in turn affects the disk usage of the container. This can become a problem if you have many images or if you're working with limited disk space.
  • Security: Each layer in an image represents a potential attack surface, so minimizing the number of layers can improve the security of your container. This is because each layer can potentially contain vulnerabilities or malicious code that could be exploited

Official documentation :
https://docs.docker.com/develop/develop-images/guidelines/

Severity / Remediation Cost

Severity : Major

Implementation principle

Already implemented.