Scan results · a7e137f

Dockerfile uses 'sudo' in RUN instructions. This is unnecessary during build (already root) and increases security risk if sudo remains in the final image. Use USER instruction for privilege changes instead.

Avoid apt-get upgrade in Dockerfiles. Use specific base image versions instead.

Dockerfile uses 'sudo' in RUN instructions. This is unnecessary during build (already root) and increases security risk if sudo remains in the final image. Use USER instruction for privilege changes instead.

Dockerfile uses 'sudo' in RUN instructions. This is unnecessary during build (already root) and increases security risk if sudo remains in the final image. Use USER instruction for privilege changes instead.

RUN instruction uses pipes without 'set -o pipefail'. This masks failures in piped commands.

Dockerfile uses 'sudo' in RUN instructions. This is unnecessary during build (already root) and increases security risk if sudo remains in the final image. Use USER instruction for privilege changes instead.

Exposing port below 1024 typically requires root privileges to bind. Consider using non-privileged ports (>1024) with port mapping or granting CAP_NET_BIND_SERVICE capability.

Multiple CMD instructions detected. Only the last one takes effect.

[Service: web] Service uses host IPC namespace. Container shares inter-process communication with host.

[Service: web] Service has 'label:disable' in security_opt, which disables SELinux mandatory access control. This removes a critical security layer and increases the impact of container compromises. Remove label:disable or use custom SELinux labels instead.