Docker Image Scan results for bitnami/nginx-exporter

Scan performed at 2022-12-12 15:23:07 using the CoGuard CLI

Summary

4 Total failed checks. 0 High / 1 Medium / 3 Low.

Details

Rule identifier Severity Documentation
dockerfile_create_volume_for_var_log 3 In linux systems, important operating system logs are stored in the /var/log subfolder. This folder should always be made available to the host through a volume, so that log tracking and log analysis systems can capture them.
Remediation: In every Dockerfile, there should be a VOLUME directive which has /var/log as an argument.
Source: https://docs.docker.com/engine/reference/builder/
dockerfile_container_healthcheck_parameter 2 Dockerfiles have an instruction called HEALTHCHECK. It enables a user to define a command to figure out if the program(s) running inside the container are working properly. It is generally advisable to have healthchecks in place to assist monitoring of running containers.
Remediation: Have at least one HEALTHCHECK instruction in your Dockerfile.
Source: https://docs.docker.com/engine/reference/builder/#healthcheck
dockerfile_env_and_arg_defined_and_right_away_used 1 When creating Docker images that use environment variables or build arguments, it is advisable to position the ARG or ENV directives close to their actual uses, since otherwise the caching for building the images is not greatly used.
Remediation: Every variable defined by an ENV or ARG directive should be used within the next five commands inside the Dockerfile.
dockerfile_only_one_definition_per_env_statement 1 The ENV statement allows multiple definitions. This should be avoided for readability reasons, as well as pitfalls like variables not being evaluated if defined within the same ENV directive.
Remediation: Ensure that every ENV directive has only one assignment.

Scan performed at 2022-12-12 15:23:07 using the CoGuard CLI