semgrep-rules icon indicating copy to clipboard operation
semgrep-rules copied to clipboard
verified publisher icon semgrep

Rule to detect secrets in build time arguments in Docker

Open Sjord opened this issue 3 years ago • 1 comments

It is not recommended to use build-time variables for passing secrets like github keys, user credentials etc. Build-time variable values are visible to any user of the image with the docker history command.

Sjord avatar Aug 30 '22 10:08 Sjord

@p4p3r Could you take another look at this?

Sjord avatar Sep 13 '22 11:09 Sjord