Scan results · 9e00502
main · 2 critical · 14 high · 59 medium · 82 low
- medium Sudo Usage in Dockerfile Dockerfile.mcp:15
Dockerfile uses 'sudo' in RUN instructions. This is unnecessary during build (already root) and increases security risk if sudo remains in the final image. Use USER instruction for privilege changes instead.
- medium Sudo Usage in Dockerfile Dockerfile.mcp:22
Dockerfile uses 'sudo' in RUN instructions. This is unnecessary during build (already root) and increases security risk if sudo remains in the final image. Use USER instruction for privilege changes instead.
- medium Sudo Usage in Dockerfile Dockerfile.mcp:25
Dockerfile uses 'sudo' in RUN instructions. This is unnecessary during build (already root) and increases security risk if sudo remains in the final image. Use USER instruction for privilege changes instead.
- medium Missing pipefail in Shell Commands Dockerfile.mcp:25
RUN instruction uses pipes without 'set -o pipefail'. This masks failures in piped commands.
- medium Sudo Usage in Dockerfile Dockerfile.mcp:30
Dockerfile uses 'sudo' in RUN instructions. This is unnecessary during build (already root) and increases security risk if sudo remains in the final image. Use USER instruction for privilege changes instead.
- medium Sudo Usage in Dockerfile Dockerfile.mcp:33
Dockerfile uses 'sudo' in RUN instructions. This is unnecessary during build (already root) and increases security risk if sudo remains in the final image. Use USER instruction for privilege changes instead.
- medium Multiple ENTRYPOINT Instructions Dockerfile.mcp:49
Dockerfile has multiple ENTRYPOINT instructions. Only the last one takes effect, making earlier ones misleading.
- medium Sudo Usage in Dockerfile extension/secureflow/packages/secureflow-cli/Dockerfile:5
Dockerfile uses 'sudo' in RUN instructions. This is unnecessary during build (already root) and increases security risk if sudo remains in the final image. Use USER instruction for privilege changes instead.
- medium Sudo Usage in Dockerfile extension/secureflow/packages/secureflow-cli/Dockerfile:16
Dockerfile uses 'sudo' in RUN instructions. This is unnecessary during build (already root) and increases security risk if sudo remains in the final image. Use USER instruction for privilege changes instead.
- medium Sudo Usage in Dockerfile extension/secureflow/packages/secureflow-cli/Dockerfile:35
Dockerfile uses 'sudo' in RUN instructions. This is unnecessary during build (already root) and increases security risk if sudo remains in the final image. Use USER instruction for privilege changes instead.
Get this for your repo.
Pathfinder runs the same scan on your own repos free. Connect via GitHub in 30 seconds.