dockerfile-security
dockerfile-security copied to clipboard
gbrindisi
A collection of OPA rules to statically analyze Dockerfiles to improve security
Hi I'm getting the following error while trying to use the rego file to check my docker image: Error: running test: load: loading policies: get compiler: 1 error occurred: opa-docker-security.rego:88:...
The current check for secrets in the env commands of a Dockerfile can incorrectly flag trivially named variables used in certain image builds such as `ENV CC="/usr/bin/clang"` as potentially containing...
## Enhancement - Suggest using FQDN images (e.g., docker.io/, ghcr.io/ ) to avoid name collisions when using local repos.
# Discussion I found this very interesting PoV https://pythonspeed.com/articles/security-updates-in-docker/ that made it into Hadolint rules. I suggest to replace the `no update` rule with a `no dist-upgrade` rule. See https://github.com/hadolint/hadolint/issues/562