Skip to content

APT-GET Not Avoiding Additional Packages @ /Dockerfile #29

New issue
New issue
Open
Open
APT-GET Not Avoiding Additional Packages @ /Dockerfile#29
Labels
CheckmarxIaC-Securitybranch:mainproject:YSLCx/Github_demo
@YSLCx

Description

@YSLCx
YSLCx
opened on Oct 13, 2023

Checkmarx (IaC-Security): APT-GET Not Avoiding Additional Packages
Checkmarx Project: YSLCx/Github_demo
Repository URL: https://github.com/YSLCx/Github_demo
Branch: main
Scan ID: f799fc13-25e4-479c-a802-e1aeacbb3e2d

Check if any apt-get installs don't use '--no-install-recommends' flag to avoid installing additional packages.

Locations:

Result #1:
Severity: INFO
State: TO_VERIFY
Status: RECURRENT
    File: /Dockerfile[5,0]
    Expected value: 'RUN apt-get update ; apt-get install maven default-jdk -y ; update-alternatives --config javac' uses '--no-install-recommends' flag to avoid installing additional packages
    Actual value: 'RUN apt-get update ; apt-get install maven default-jdk -y ; update-alternatives --config javac' does not use '--no-install-recommends' flag to avoid installing additional packages
    Review result in Checkmarx One: APT-GET Not Avoiding Additional Packages

Metadata

Metadata

Assignees

No one assigned

    Labels

    CheckmarxIaC-Securitybranch:mainproject:YSLCx/Github_demo

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions