-
Notifications
You must be signed in to change notification settings - Fork 0
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
dockerfile-testt #20
base: master
Are you sure you want to change the base?
dockerfile-testt #20
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
5 findings found with highest severity of medium
COPY .npmrc package.json package-lock.json lerna.json ./ | ||
|
||
# Install git, which is necessary for the install process. | ||
RUN apt-get update && \ |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Finding of type dockerfiles detected.
APT-GET Missing '-y' To Avoid Manual Input
Check if apt-get calls use the flag -y to avoid user manual input.
COPY .npmrc package.json package-lock.json lerna.json ./ | ||
|
||
# Install git, which is necessary for the install process. | ||
RUN apt-get update && \ |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Finding of type dockerfiles detected.
Apt Get Install Pin Version Not Defined
When installing a package, its pin version should be defined
|
||
|
||
# Start from the official Node 6 alpine image. https://hub.docker.com/_/node/ | ||
FROM node:8 |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Finding of type dockerfiles detected.
Healthcheck Instruction Missing
Ensure that HEALTHCHECK is being used. The HEALTHCHECK instruction tells Docker how to test a container to check that it is still working
COPY .npmrc package.json package-lock.json lerna.json ./ | ||
|
||
# Install git, which is necessary for the install process. | ||
RUN apt-get update && \ |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Finding of type dockerfiles detected.
APT-GET Not Avoiding Additional Packages
Check if any apt-get installs don't use '--no-install-recommends' flag to avoid installing additional packages.
COPY .npmrc package.json package-lock.json lerna.json ./ | ||
|
||
# Install git, which is necessary for the install process. | ||
RUN apt-get update && \ |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Finding of type dockerfiles detected.
Apt Get Install Lists Were Not Deleted
After using apt-get install, it is needed to delete apt-get lists
No description provided.