Scan results · 9e00502
main · 2 critical · 14 high · 59 medium · 82 low
- low Prefer apt-get over apt Dockerfile.mcp:33
Use apt-get instead of apt for better script stability in Dockerfiles.
- low Nonsensical Command Dockerfile.mcp:33
RUN command uses 'cd' which doesn't persist. Use WORKDIR instead.
- low Prefer JSON Notation for CMD/ENTRYPOINT Dockerfile.mcp:49
Use JSON notation (exec form) for CMD/ENTRYPOINT for proper signal handling.
- low Dockerfile Source Not Pinned extension/secureflow/packages/secureflow-cli/Dockerfile:2
FROM instruction without digest pinning. Consider using @sha256:... for immutable builds.
- low Remove apt Package Lists extension/secureflow/packages/secureflow-cli/Dockerfile:5
apt-get install without removing /var/lib/apt/lists/*. This wastes image space.
- low Prefer apt-get over apt extension/secureflow/packages/secureflow-cli/Dockerfile:5
Use apt-get instead of apt for better script stability in Dockerfiles.
- low Nonsensical Command extension/secureflow/packages/secureflow-cli/Dockerfile:5
RUN command uses 'cd' which doesn't persist. Use WORKDIR instead.
- low Missing -y flag for apt-get extension/secureflow/packages/secureflow-cli/Dockerfile:5
apt-get install without -y flag. Add -y or --yes for non-interactive builds.
- low apt-get Without --no-install-recommends extension/secureflow/packages/secureflow-cli/Dockerfile:5
apt-get install without --no-install-recommends. This installs unnecessary packages, increasing image size and attack surface.
- low Nonsensical Command extension/secureflow/packages/secureflow-cli/Dockerfile:16
RUN command uses 'cd' which doesn't persist. Use WORKDIR instead.
Get this for your repo.
Pathfinder runs the same scan on your own repos free. Connect via GitHub in 30 seconds.