shivasurya/code-pathfinder

critical Docker Socket Exposed to Container

sast-engine/docker-compose.yml:17

[Service: web] Service mounts Docker socket. The owner of this socket is root. Giving container access to it is equivalent to giving unrestricted root access to host.

CWE-250 open

Code

sast-engine/docker-compose.yml

14      - seccomp:unconfined
15      - label:disable
16    volumes:
17      - /var/run/docker.sock:/var/run/docker.sock
18  
19  app:
20    image: myapp:latest

Seen on 8 scans

a7e137f line 17 2026-05-22
8a39ca7 line 17 2026-05-22
181f52c line 17 2026-05-22
91c7b3d line 17· PR #693 2026-05-22
00a5753 line 17 2026-05-22
490d33f line 17· PR #693 2026-05-22
9e00502 line 17 2026-05-22
1faca6c line 17 2026-05-21

Get this for your repo.

Pathfinder runs the same scan on your own repos free. Connect via GitHub in 30 seconds.

Get started View the open-source rules →