Docker Image Scan results for ibmcom/kafka-nodejs-console-sample

Scan performed at 2022-12-12 15:23:07 using the CoGuard CLI

Summary

6 Total failed checks. 1 High / 1 Medium / 4 Low.

Details

Rule identifier Severity Documentation
dockerfile_last_user_should_be_non_root 4 When creating a Docker container, it is possible to set the user who is actually running the application and any command on the container. It is important to specifically use the USER directive in any Dockerfile to ensure that the user is not root and has unnecessary privileges.
Remediation: Have at least one USER directive in your Dockerfile, and the last user directive should not reference the root user or root group.
Source: https://docs.docker.com/engine/reference/builder/#user
dockerfile_create_volume_for_var_log 3 In linux systems, important operating system logs are stored in the /var/log subfolder. This folder should always be made available to the host through a volume, so that log tracking and log analysis systems can capture them.
Remediation: In every Dockerfile, there should be a VOLUME directive which has /var/log as an argument.
Source: https://docs.docker.com/engine/reference/builder/
dockerfile_only_one_cmd_instruction 2 The CMD directive specifies the final command that is executed when running the container. This should be unique.
Remediation: Ensure that there is at most one CMD directive in the Dockerfile.
dockerfile_container_healthcheck_parameter 2 Dockerfiles have an instruction called HEALTHCHECK. It enables a user to define a command to figure out if the program(s) running inside the container are working properly. It is generally advisable to have healthchecks in place to assist monitoring of running containers.
Remediation: Have at least one HEALTHCHECK instruction in your Dockerfile.
Source: https://docs.docker.com/engine/reference/builder/#healthcheck
dockerfile_env_and_arg_defined_and_right_away_used 1 When creating Docker images that use environment variables or build arguments, it is advisable to position the ARG or ENV directives close to their actual uses, since otherwise the caching for building the images is not greatly used.
Remediation: Every variable defined by an ENV or ARG directive should be used within the next five commands inside the Dockerfile.
dockerfile_do_not_use_add 1 Dockerfiles have two directives that allow you to add files from the machine where you build the image into the image, namely COPY and ADD. Both are technically similar, but ADD also has side-effects like automated decompression of archives. It is generally recommended to only use COPY
Remediation: Remove any ADD directive in your dockerfile and replace it with COPY.
Source: https://docs.docker.com/engine/reference/builder/#copy

Scan performed at 2022-12-12 15:23:07 using the CoGuard CLI