Scan results · 181f52c
main · 2 critical · 14 high · 59 medium · 82 low
- medium Base Image Uses :latest Tag Dockerfile:1
Base image uses ':latest' tag or no tag (defaults to latest). This makes builds non-reproducible.
- medium Sudo Usage in Dockerfile Dockerfile:15
Dockerfile uses 'sudo' in RUN instructions. This is unnecessary during build (already root) and increases security risk if sudo remains in the final image. Use USER instruction for privilege changes instead.
- medium Sudo Usage in Dockerfile Dockerfile:17
Dockerfile uses 'sudo' in RUN instructions. This is unnecessary during build (already root) and increases security risk if sudo remains in the final image. Use USER instruction for privilege changes instead.
- medium Sudo Usage in Dockerfile Dockerfile:19
Dockerfile uses 'sudo' in RUN instructions. This is unnecessary during build (already root) and increases security risk if sudo remains in the final image. Use USER instruction for privilege changes instead.
- medium Base Image Uses :latest Tag Dockerfile:21
Base image uses ':latest' tag or no tag (defaults to latest). This makes builds non-reproducible.
- medium Sudo Usage in Dockerfile Dockerfile:26
Dockerfile uses 'sudo' in RUN instructions. This is unnecessary during build (already root) and increases security risk if sudo remains in the final image. Use USER instruction for privilege changes instead.
- medium Sudo Usage in Dockerfile Dockerfile:31
Dockerfile uses 'sudo' in RUN instructions. This is unnecessary during build (already root) and increases security risk if sudo remains in the final image. Use USER instruction for privilege changes instead.
- medium Sudo Usage in Dockerfile Dockerfile:38
Dockerfile uses 'sudo' in RUN instructions. This is unnecessary during build (already root) and increases security risk if sudo remains in the final image. Use USER instruction for privilege changes instead.
- medium Sudo Usage in Dockerfile Dockerfile:40
Dockerfile uses 'sudo' in RUN instructions. This is unnecessary during build (already root) and increases security risk if sudo remains in the final image. Use USER instruction for privilege changes instead.
- medium Multiple ENTRYPOINT Instructions Dockerfile:49
Dockerfile has multiple ENTRYPOINT instructions. Only the last one takes effect, making earlier ones misleading.
Get this for your repo.
Pathfinder runs the same scan on your own repos free. Connect via GitHub in 30 seconds.