From cc8654a554759af12acc91817499c688367230a5 Mon Sep 17 00:00:00 2001
From: GabinL21 <gabin.laigle@sonarsource.com>
Date: Tue, 10 Dec 2024 11:50:11 +0100
Subject: [PATCH] Update rule S6437: add multi-stage build exceptions

---
 rules/S6437/docker/rule.adoc | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/rules/S6437/docker/rule.adoc b/rules/S6437/docker/rule.adoc
index c3d49dc3563..31d6fa2e258 100644
--- a/rules/S6437/docker/rule.adoc
+++ b/rules/S6437/docker/rule.adoc
@@ -17,6 +17,10 @@ include::../../../shared_content/secrets/impact/financial_loss.adoc[]
 
 include::../../../shared_content/secrets/impact/security_downgrade.adoc[]
 
+=== Exceptions
+
+In multi-stage builds, the rule only checks instructions that are part of the final image.
+
 == How to fix it
 
 Best practices recommend using a secret vault for all secrets that must be