New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Missing checks for CKV_DOCKER_3 (User exists) #2218
Comments
Hey @adberger ! This is an interesting one. How would checkov know if the first keyword (i.e. Perhaps this should fail: FROM alpine:3.14
ENTRYPOINT ["gosu", "app", "tini", "--", "/app/run.sh" ] But this should pass: FROM alpine:3.14
USER gosu
ENTRYPOINT ["gosu", "app", "tini", "--", "/app/run.sh" ] |
@nimrodkor I would rather check if
|
@adberger Right. However, how would you know |
You could parse it according to the gosu usage: If |
I think I got it now. Want to fix the check and open a PR? We'd love the contribution @adberger ! |
@nimrodkor I prepared some changes in my forked repository, which is currently under review by my colleagues: |
Thanks for contributing to Checkov! We've automatically marked this issue as stale to keep our issues list tidy, because it has not had any activity for 6 months. It will be closed in 14 days if no further activity occurs. Commenting on this issue will remove the stale tag. If you want to talk through the issue or help us understand the priority and context, feel free to add a comment or join us in the Checkov slack channel at https://slack.bridgecrew.io |
My mistake, please close it. |
Thanks for contributing to Checkov! We've automatically marked this issue as stale to keep our issues list tidy, because it has not had any activity for 6 months. It will be closed in 14 days if no further activity occurs. Commenting on this issue will remove the stale tag. If you want to talk through the issue or help us understand the priority and context, feel free to add a comment or join us in the Checkov slack channel at https://slack.bridgecrew.io |
Not stale |
Thanks for contributing to Checkov! We've automatically marked this issue as stale to keep our issues list tidy, because it has not had any activity for 6 months. It will be closed in 14 days if no further activity occurs. Commenting on this issue will remove the stale tag. If you want to talk through the issue or help us understand the priority and context, feel free to add a comment or join us in the Checkov slack channel at https://slack.bridgecrew.io |
Not stale |
Not stale. |
Thanks for contributing to Checkov! We've automatically marked this issue as stale to keep our issues list tidy, because it has not had any activity for 6 months. It will be closed in 14 days if no further activity occurs. Commenting on this issue will remove the stale tag. If you want to talk through the issue or help us understand the priority and context, feel free to add a comment or join us in the Checkov slack channel at codifiedsecurity.slack.com |
Closing issue due to inactivity. If you feel this is in error, please re-open, or reach out to the community via slack: codifiedsecurity.slack.com Thanks! |
Describe the issue
https://github.com/bridgecrewio/checkov/blob/master/checkov/dockerfile/checks/UserExists.py doesn't cover all of https://docs.bridgecrew.io/docs/ensure-that-a-user-for-the-container-has-been-created
Bridgecrew Policy ID: BC_DKR_3
Checkov Check ID: CKV_DOCKER_3
ToDo: Additionally check if
gosu
is executed in eitherCMD
orENTRYPOINT
Examples
should be passing but isn't:
Version (please complete the following information):
The text was updated successfully, but these errors were encountered: