Docker Image Scan results for hello-world
Scan performed at 2022-12-12 15:23:07 using the CoGuard CLI
Summary
3 Total failed checks. 1 High / 1 Medium / 1 Low.
Details
Rule identifier | Severity | Documentation |
---|---|---|
dockerfile_last_user_should_be_non_root | 4 | When creating a Docker container, it is possible to set the user who is actually running the application and any command on the container. It is important to specifically use the USER directive in any Dockerfile to ensure that the user is not root and has unnecessary privileges. Remediation: Have at least one USER directive in your Dockerfile, and the last user directive should not reference the root user or root group. Source: https://docs.docker.com/engine/reference/builder/#user |
dockerfile_create_volume_for_var_log | 3 | In linux systems, important operating system logs are stored in the /var/log subfolder. This folder should always be made available to the host through a volume, so that log tracking and log analysis systems can capture them. Remediation: In every Dockerfile, there should be a VOLUME directive which has /var/log as an argument.Source: https://docs.docker.com/engine/reference/builder/ |
dockerfile_container_healthcheck_parameter | 2 | Dockerfiles have an instruction called HEALTHCHECK . It enables a user to define a command to figure out if the program(s) running inside the container are working properly. It is generally advisable to have healthchecks in place to assist monitoring of running containers. Remediation: Have at least one HEALTHCHECK instruction in your Dockerfile.Source: https://docs.docker.com/engine/reference/builder/#healthcheck |
Scan performed at 2022-12-12 15:23:07 using the CoGuard CLI