Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

bug: False positive "--no-install-recommends" where it is present at the end of the command #4462

Closed
simar7 opened this issue May 24, 2023 Discussed in #4199 · 1 comment
Closed

bug: False positive "--no-install-recommends" where it is present at the end of the command #4462

simar7 opened this issue May 24, 2023 Discussed in #4199 · 1 comment
Assignees
@simar7 @nikpivkin
Labels
kind/bug Categorizes issue or PR as related to a bug. scan/misconfiguration Issues relating to misconfiguration scanning

Comments

@simar7
Copy link
Member

simar7 commented May 24, 2023

Discussed in #4199

Originally posted by daliborfilus April 23, 2023

Description

────────────────────────────────────────
HIGH: '--no-install-recommends' flag is missed: 'env DEBIAN_FRONTEND=noninteractive apt-get update && apt-get install -y tzdata postgresql-10 --no-install-recommends && rm -rf /var/lib/apt/lists/*'
════════════════════════════════════════
'apt-get' install should use '--no-install-recommends' to minimize image size.
See https://avd.aquasec.com/misconfig/ds029
────────────────────────────────────────
 Dockerfile:24-26
────────────────────────────────────────
  24 ┌ RUN --mount=type=cache,mode=0755,target=/var/cache/apt,sharing=locked \
  25 │     --mount=type=cache,mode=0755,target=/var/lib/apt,sharing=locked \
  26 └     env DEBIAN_FRONTEND=noninteractive apt-get update && apt-get install -y tzdata postgresql-10 --no-install-recommends && rm -rf /var/lib/apt/lists/*
────────────────────────────────────────

What did you expect to happen?

Nothing.

What happened instead?

Error is thrown.

Output of trivy -v:

Using docker image sha256:ef0fae9e1a4dfc67cee3eb3db365b0ffb3bb8c00acf8eb18f5228e8a50df3adc for docker.io/aquasec/trivy:latest with digest aquasec/trivy@sha256:de367bfafb18b42df66a85ba896378aecf0c9cf227b10488e66a294d109234a6 

❯ docker run --rm -ti aquasec/trivy@sha256:de367bfafb18b42df66a85ba896378aecf0c9cf227b10488e66a294d109234a6 -v
Version: 0.40.0
@simar7 simar7 added kind/bug Categorizes issue or PR as related to a bug. scan/misconfiguration Issues relating to misconfiguration scanning labels May 24, 2023
@nikpivkin nikpivkin mentioned this issue Jul 9, 2023
Merged
@simar7
Copy link
Member Author

simar7 commented Jul 25, 2023

Closed via aquasecurity/defsec#1375

@simar7 simar7 closed this as completed Jul 25, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@simar7 simar7

@nikpivkin nikpivkin

Labels
kind/bug Categorizes issue or PR as related to a bug. scan/misconfiguration Issues relating to misconfiguration scanning
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@simar7 @nikpivkin