[Snyk] Security upgrade gulp-imagemin from 3.4.0 to 7.0.0 #99
NShiftKey / NShiftKey - Dockerfile & IaC misconfiguration
required action
Apr 28, 2024 in 50s
Summary
- 6 security issue(s)
- High : 5
- Medium : 0
- Low : 1
Details
NShiftKey
-
Image user should not be 'root'
- Description : Running containers with 'root' user can lead to a container escape situation. It is a best practice to run containers as non-root users, which can be done by adding a 'USER' statement to the Dockerfile.
- Countermeasure : Specify at least 1 USER command in Dockerfile with non-root user as argument
-
- Description : The instruction 'RUN update' should always be followed by ' install' in the same RUN statement.
- Countermeasure : The instruction 'RUN update' should always be followed by ' install' in the same RUN statement.
Target Code : lemur/Dockerfile [view change history] [ignore this]
Lines 1 to 3 in c83900e
Lines 4 to 6 in c83900e
-
- Description : 'apt-get' install should use '--no-install-recommends' to minimize image size.
- Countermeasure : '--no-install-recommends' flag is missed: 'apt-get install -y make python-software-properties curl'
Lines 2 to 4 in c83900e
Lines 5 to 7 in c83900e
-
No HEALTHCHECK defined
- Description : You should add HEALTHCHECK instruction in your docker container images to perform the health check on running containers.
- Countermeasure : Add HEALTHCHECK instruction in your Dockerfile
Loading