appshield icon indicating copy to clipboard operation
appshield copied to clipboard

Published 20 hours ago verified publisher icon aquasecurity

DS005 issue when source is URL

Open TeroPihlaja opened this issue 3 years ago • 0 comments

I have a problem with DS005 rule where the source is a URL and not a file.

Trivy suggest changing ADD to COPY but COPY doesn't support URL as source.

Would it be possible to modify the rule to ignore this suggestion if the source is a URL?

Rule suggestion:

Consider using
'COPY https://.../co/elastic/apm/elastic-apm-agent/${ELASTIC_APM_AGENT_VERSION}/elastic-apm-agent-${ELASTIC_APM_AGENT_VERSION}.jar elastic-apm-agent.jar'
command instead of
'ADD https://.../co/elastic/apm/elastic-apm-agent/${ELASTIC_APM_AGENT_VERSION}/elastic-apm-agent-${ELASTIC_APM_AGENT_VERSION}.jar elastic-apm-agent.jar'
-->avd.aquasec.com/appshield/ds005

Docker error: COPY failed: source can't be a URL for COPY

TeroPihlaja avatar Aug 19 '21 07:08 TeroPihlaja