Skip to content

Commit

Permalink
pinning versions as recommended by Wiz IaC Scanner on PR review
Browse files Browse the repository at this point in the history 
Signed-off-by: Alfredo Gutierrez <[email protected]>
  • Loading branch information
@AlfredoG87
AlfredoG87 committed Apr 1, 2024
1 parent 3fb03f4 commit 121aeb6
Showing 1 changed file with 4 additions and 1 deletion.
5 changes: 4 additions & 1 deletion auth-layer-proxy/Dockerfile
View file
Original file line number Diff line number Diff line change
Expand Up @@ -9,7 +9,10 @@ COPY /scripts/start-envoy.sh /etc/envoy/start-envoy.sh
RUN chmod +x /etc/envoy/start-envoy.sh && \

Check notice on line 9 in auth-layer-proxy/Dockerfile

View check run for this annotation

Wiz Inc. (8f76296f7c) / Wiz IaC Scanner

APT-GET Not Avoiding Additional Packages 

Rule ID: 15862929-8b16-4974-b8dc-04bb9db86686
Severity: None
Resource: FROM={{envoyproxy/envoy:v1.28-latest}}.{{RUN chmod +x /etc/envoy/start-envoy.sh &&     chown -R envoy:envoy /etc/envoy &&     apt-get update &&     apt-get install -y gettext-base=0.19.* lua5.1=5.1.* luarocks=2.4.* git=1:2.* &&     luarocks install lua-cjson &&     luarocks install luasocket &&     rm -rf /var/lib/apt/lists/*}}

Check if any apt-get installs don't use '--no-install-recommends' flag to avoid installing additional packages.
Raw output 
Expected: 'RUN chmod +x /etc/envoy/start-envoy.sh &&     chown -R envoy:envoy /etc/envoy &&     apt-get update &&     apt-get install -y gettext-base=0.19.* lua5.1=5.1.* luarocks=2.4.* git=1:2.* &&     luarocks install lua-cjson &&     luarocks install luasocket &&     rm -rf /var/lib/apt/lists/*' uses '--no-install-recommends' flag to avoid installing additional packages
Found: 'RUN chmod +x /etc/envoy/start-envoy.sh &&     chown -R envoy:envoy /etc/envoy &&     apt-get update &&     apt-get install -y gettext-base=0.19.* lua5.1=5.1.* luarocks=2.4.* git=1:2.* &&     luarocks install lua-cjson &&     luarocks install luasocket &&     rm -rf /var/lib/apt/lists/*' does not use '--no-install-recommends' flag to avoid installing additional packages
chown -R envoy:envoy /etc/envoy && \
apt-get update && \
apt-get install -y gettext-base lua5.1 luarocks git && \
apt-get install -y gettext-base=0.19.* lua5.1=5.1.* luarocks=2.4.* git=1:2.* && \
luarocks install lua-cjson && \
luarocks install luasocket && \
rm -rf /var/lib/apt/lists/*

# Use the non-root 'envoy' user to run the container
USER envoy

0 comments on commit 121aeb6

Please sign in to comment.