zaproxy-website
zaproxy-website copied to clipboard
zaproxy
Docker tweaks and node update
Checkmarx One – Scan Summary & Details – a9c06f97-a713-4a63-bd30-138615af3e06
New Issues (2)
Checkmarx found the following issues in this Pull Request
| Severity | Issue | Source File / Package | Checkmarx Insight |
|---|---|---|---|
 |
Missing User Instruction | /Dockerfile: 1 | detailsA user should be specified in the dockerfile, otherwise the image will run as root |
 |
Healthcheck Instruction Missing | /Dockerfile: 1 | detailsEnsure that HEALTHCHECK is being used. The HEALTHCHECK instruction tells Docker how to test a container to check that it is still working |
Fixed Issues (5)
Great job! The following issues were fixed in this Pull Request
| Severity | Issue | Source File / Package |
|---|---|---|
|
CVE-2024-21538 | Npm-cross-spawn-7.0.3 |
|
Missing User Instruction | /Dockerfile: 1 |
 |
CVE-2024-4067 | Npm-micromatch-4.0.5 |
|
Not Using JSON In CMD And ENTRYPOINT Arguments | /Dockerfile: 21 |
|
Healthcheck Instruction Missing | /Dockerfile: 1 |
Establishing/using a non-root user has proven to be a P.I.T.A. so I abandon that part. This image is only meant for local testing so should be less of an issue.
Works for me 😁
I'll getting a load of errors like: WARN Raw HTML omitted while rendering "/app/site/content/blog/2023-05-23-authentication-tester/index.md" but they could just be things we should have spotted before?
I suspect it's because of a more complete build with the changes. They've likely been there for a while.
Edit: In fact if you go back to main and build again you'll have a comparison point.