Vulnerabilities Dashboard - Containerfile

[nullify-security-bot]

3 Potential vulnerability sources found in Containerfile files within this repo

⚠️ CRITICAL	🔴 HIGH	🔵 MEDIUM	⚪ LOW
0	2	1	0

Nullify SAST - Containerfile 🔴 HIGH Severity AVD-DS-0002

Image user should not be 'root'

Running containers with 'root' user can lead to a container escape situation. It is a best practice to run containers as non-root users, which can be done by adding a 'USER' statement to the Dockerfile.

Read more:
https://avd.aquasec.com/misconfig/ds002

https://github.com/tim-thacker-nullify/example-scenarios/blob/48bd9365141e55de5de9321707ccb02895709e8c/docker-build-postgres-sakila/Dockerfile#L0

Nullify SAST - Containerfile 🔴 HIGH Severity AVD-DS-0002

Image user should not be 'root'

Running containers with 'root' user can lead to a container escape situation. It is a best practice to run containers as non-root users, which can be done by adding a 'USER' statement to the Dockerfile.

Read more:
https://avd.aquasec.com/misconfig/ds002

https://github.com/tim-thacker-nullify/example-scenarios/blob/48bd9365141e55de5de9321707ccb02895709e8c/docker-build-security-playground/Dockerfile#L0

Nullify SAST - Containerfile 🔵 MEDIUM Severity AVD-DS-0001

':latest' tag used

When using a 'FROM' statement you should use a specific tag to avoid uncontrolled behavior when the image is updated.

Read more:
https://avd.aquasec.com/misconfig/ds001

example-scenarios/docker-build-hello-app/Dockerfile

Line 21 in 48bd936

FROM gcr.io/distroless/base-debian11