Scan results · 8a39ca7
main · 2 critical · 14 high · 59 medium · 82 low
- low Use WORKDIR Instead of cd sast-engine/Dockerfile:13
Use WORKDIR instruction instead of 'cd' in RUN commands.
- low Prefer apt-get over apt sast-engine/Dockerfile:13
Use apt-get instead of apt for better script stability in Dockerfiles.
- low Nonsensical Command sast-engine/Dockerfile:13
RUN command uses 'cd' which doesn't persist. Use WORKDIR instead.
- low Prefer apt-get over apt sast-engine/Dockerfile:16
Use apt-get instead of apt for better script stability in Dockerfiles.
- low Missing -y flag for yum sast-engine/Dockerfile:16
yum install without -y flag. Add -y for non-interactive builds.
- low Missing yum clean all sast-engine/Dockerfile:16
RUN instruction uses 'yum install' without 'yum clean all'. This leaves package cache and increases image size.
- low Nonsensical Command sast-engine/Dockerfile:16
RUN command uses 'cd' which doesn't persist. Use WORKDIR instead.
- low Use WORKDIR Instead of cd sast-engine/Dockerfile:16
Use WORKDIR instruction instead of 'cd' in RUN commands.
- low Prefer JSON Notation for CMD/ENTRYPOINT sast-engine/Dockerfile:23
Use JSON notation (exec form) for CMD/ENTRYPOINT for proper signal handling.
- low Container Filesystem is Writable sast-engine/docker-compose.yml:5
[Service: web] Service has writable root filesystem. Consider making it read-only for better security.
Get this for your repo.
Pathfinder runs the same scan on your own repos free. Connect via GitHub in 30 seconds.