Skip to content

APT-GET Not Avoiding Additional Packages @ /Dockerfile #29

New issue
New issue
Open
Open
APT-GET Not Avoiding Additional Packages @ /Dockerfile#29
Labels
CheckmarxIaC-Securitybranch:mainproject:YSLCx/workshop_demo
@YSLCx

Description

@YSLCx
YSLCx
opened on Oct 11, 2023

Checkmarx (IaC-Security): APT-GET Not Avoiding Additional Packages
Checkmarx Project: YSLCx/workshop_demo
Repository URL: https://github.com/YSLCx/workshop_demo
Branch: main
Scan ID: 85f0b871-dd27-420e-95e1-91e06302f579

Check if any apt-get installs don't use '--no-install-recommends' flag to avoid installing additional packages.

Locations:

Result #1:
Severity: INFO
State: TO_VERIFY
Status: RECURRENT
    File: /Dockerfile[5,0]
    Expected value: 'RUN apt-get update ; apt-get install maven default-jdk -y ; update-alternatives --config javac' uses '--no-install-recommends' flag to avoid installing additional packages
    Actual value: 'RUN apt-get update ; apt-get install maven default-jdk -y ; update-alternatives --config javac' does not use '--no-install-recommends' flag to avoid installing additional packages
    Review result in Checkmarx One: APT-GET Not Avoiding Additional Packages

Metadata

Metadata

Assignees

No one assigned

    Labels

    CheckmarxIaC-Securitybranch:mainproject:YSLCx/workshop_demo

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions