Scan results · a7e137f

main · 2 critical · 14 high · 59 medium · 82 low

All 157 critical 2 high 14 medium 59 low 82

low Prefer apt-get over apt extension/secureflow/packages/secureflow-cli/Dockerfile:16
Use apt-get instead of apt for better script stability in Dockerfiles.
low Use Absolute Path in WORKDIR extension/secureflow/packages/secureflow-cli/Dockerfile:23
WORKDIR should use absolute paths starting with /.
low Prefer apt-get over apt extension/secureflow/packages/secureflow-cli/Dockerfile:35
Use apt-get instead of apt for better script stability in Dockerfiles.
low Nonsensical Command extension/secureflow/packages/secureflow-cli/Dockerfile:35
RUN command uses 'cd' which doesn't persist. Use WORKDIR instead.
low Prefer apt-get over apt extension/secureflow/packages/secureflow-cli/Dockerfile:40
Use apt-get instead of apt for better script stability in Dockerfiles.
low Nonsensical Command extension/secureflow/packages/secureflow-cli/Dockerfile:40
RUN command uses 'cd' which doesn't persist. Use WORKDIR instead.
low Use Absolute Path in WORKDIR extension/secureflow/packages/secureflow-cli/Dockerfile:52
WORKDIR should use absolute paths starting with /.
low Prefer JSON Notation for CMD/ENTRYPOINT extension/secureflow/packages/secureflow-cli/Dockerfile:59
Use JSON notation (exec form) for CMD/ENTRYPOINT for proper signal handling.
low Container Filesystem is Writable extension/secureflow/packages/secureflow-cli/docker-compose.yml:3
[Service: secureflow-analyzer] Service has writable root filesystem. Consider making it read-only for better security.
low Dockerfile Source Not Pinned sast-engine/Dockerfile:1
FROM instruction without digest pinning. Consider using @sha256:... for immutable builds.

Get this for your repo.

Pathfinder runs the same scan on your own repos free. Connect via GitHub in 30 seconds.

Get started View the open-source rules →