checkov icon indicating copy to clipboard operation
checkov copied to clipboard

Published 20 hours ago verified publisher icon bridgecrewio

update-locale triggers CKV_DOCKER_5

Open kates opened this issue 2 years ago • 0 comments

Describe the issue CKV_DOCKER_5 (Ensure update instructions are not use alone in the Dockerfile) fails in anything that has update in it. From reading the source, it. seems that CKV_DOCKER_5 is geared towards apt-get update and apt-get install which, from the code, are cancelling each other out so the update_cnt variable remains 0. I have other update command like update-locale. I'm not sure if it's part of the issue in my Dockerfile that I need to deal or I could just ignore the failure message.

Examples

RUN sed -i -e 's/# en_US.UTF-8 UTF-8/en_US.UTF-8 UTF-8/' /etc/locale.gen && \
  dpkg-reconfigure --frontend noninteractive locales && \
  update-locale LANG=en_US.UTF-8

Version (please complete the following information):

  • Checkov Version 2.2.229

kates avatar Jan 03 '23 09:01 kates