Scan results · 181f52c
main · 2 critical · 14 high · 59 medium · 82 low
- low Missing HEALTHCHECK Instruction sast-engine/Dockerfile:1
No HEALTHCHECK instruction. Container health cannot be monitored by orchestrators, reducing reliability and observability.
- low Missing -y flag for apt-get sast-engine/Dockerfile:6
apt-get install without -y flag. Add -y or --yes for non-interactive builds.
- low Remove apt Package Lists sast-engine/Dockerfile:6
apt-get install without removing /var/lib/apt/lists/*. This wastes image space.
- low Prefer apt-get over apt sast-engine/Dockerfile:6
Use apt-get instead of apt for better script stability in Dockerfiles.
- low Use WORKDIR Instead of cd sast-engine/Dockerfile:6
Use WORKDIR instruction instead of 'cd' in RUN commands.
- low Nonsensical Command sast-engine/Dockerfile:6
RUN command uses 'cd' which doesn't persist. Use WORKDIR instead.
- low apt-get Without --no-install-recommends sast-engine/Dockerfile:6
apt-get install without --no-install-recommends. This installs unnecessary packages, increasing image size and attack surface.
- low Nonsensical Command sast-engine/Dockerfile:10
RUN command uses 'cd' which doesn't persist. Use WORKDIR instead.
- low Prefer apt-get over apt sast-engine/Dockerfile:10
Use apt-get instead of apt for better script stability in Dockerfiles.
- low Use WORKDIR Instead of cd sast-engine/Dockerfile:10
Use WORKDIR instruction instead of 'cd' in RUN commands.
Get this for your repo.
Pathfinder runs the same scan on your own repos free. Connect via GitHub in 30 seconds.