dockle icon indicating copy to clipboard operation
dockle copied to clipboard
verified publisher icon goodwithtech

Invalid detection of CIS-DI-0010 if specfic versions are installed

Open 030 opened this issue 2 years ago • 0 comments

Description

RUN apk add --no-cache
libcrypto3=3.1.4-r1
libssl3=3.1.4-r1

What did you expect to happen?

no CIS-DI-0010 as packages are installed and it are no environment variables

What happened instead?

FATAL - CIS-DI-0010: Do not store credential in environment variables/files * Suspicious ENV key found : libcrypto3 on RUN /bin/sh -c apk add --no-cache libcrypto3=3.1.4-r1 libssl3=3.1.4-r1 # buildkit (You can suppress it with --accept-key)

Output of run with -debug:

(paste your output here)

Output of dockle -v:

v0.4.13

Additional details (base image name, container registry info...):

030 avatar Dec 09 '23 19:12 030