Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix(docker): check the --no-install-recommends flag after packages #1375

Merged
merged 1 commit into from
Jul 20, 2023
Merged

fix(docker): check the --no-install-recommends flag after packages #1375

merged 1 commit into from
Jul 20, 2023

Conversation

nikpivkin
Copy link
Collaborator

We should also check the --no-install-recommends flag after packages

See aquasecurity/trivy#4462

FROM debian:11-slim

RUN apt-get update && \
    DEBIAN_FRONTEND=noninteractive apt-get install -y \
    tzdata \
    postgresql-10 \
    --no-install-recommends && \ 
    rm -rf /var/lib/apt/lists/*

Before

AVD-DS-0026 dockerfile-general-no-healthcheck Dockerfile
AVD-DS-0029 dockerfile-general-use-apt-no-install-recommends Dockerfile:3-8
AVD-DS-0002 dockerfile-general-least-privilege-user Dockerfile

After

AVD-DS-0002 dockerfile-general-least-privilege-user Dockerfile
AVD-DS-0026 dockerfile-general-no-healthcheck Dockerfile

@nikpivkin nikpivkin requested review from giorod3 and simar7 as code owners July 9, 2023 11:44
@nikpivkin nikpivkin changed the title fix(docker): check the flag after packages fix(docker): check the --no-install-recommends flag after packages Jul 9, 2023
simar7
simar7 approved these changes Jul 11, 2023
View reviewed changes
Copy link
Member

@simar7 simar7 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

lgtm

@simar7 simar7 force-pushed the nik-no-install-flag branch from 61fe626 to 0ca8887 Compare July 11, 2023 03:49
@simar7 simar7 force-pushed the nik-no-install-flag branch from 0ca8887 to 9d16aca Compare July 20, 2023 11:57
@simar7 simar7 enabled auto-merge (squash) July 20, 2023 11:59
@simar7 simar7 force-pushed the nik-no-install-flag branch from 9d16aca to 9a5c9a2 Compare July 20, 2023 14:00
@simar7 simar7 merged commit c894f90 into aquasecurity:master Jul 20, 2023
@nikpivkin nikpivkin deleted the nik-no-install-flag branch July 20, 2023 16:10
@simar7 simar7 mentioned this pull request Jul 25, 2023
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@simar7 simar7 simar7 approved these changes

@giorod3 giorod3 Awaiting requested review from giorod3

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@nikpivkin @simar7