checkov CKV_DOCKER_9 fires when `apt` appears as an argument (e.g. to `rm -rf` )

CKV_DOCKER_9 fires when `apt` appears as an argument (e.g. to `rm -rf` )

Open jeffcasavant opened this issue 9 months ago • 2 comments

Describe the issue CKV_DOCKER_9 correctly pushes me to use apt-get instead of apt. In my current Dockerfile, I am installing several packages with apt-get, and then I do the following:

cd /var/lib && rm -rf apt dpkg cache log

This causes CKV_DOCKER_9 to fire.

Examples

FROM ubuntu

RUN apt-get update && \
    apt-get install --yes --no-install-recommends \
        git && \
    apt-get clean autoclean && \
    apt-get autoremove --yes && \
    cd /var/lib && \
    rm -rf apt dpkg cache log

Version (please complete the following information):

3.2.92

May 15 '24 14:05 jeffcasavant

checkov checkov copied to clipboard

CKV_DOCKER_9 fires when `apt` appears as an argument (e.g. to `rm -rf` )

checkov
checkov copied to clipboard