Dockerfile Rules
IaC rules for Dockerfile that identify insecure configurations in infrastructure and cloud resources.
Dockerfile Rule Catalog
| ID | Title | Severity |
|---|---|---|
IAC-0846 | Dockerfile certificate validation is disabled with curl | HIGH |
IAC-0847 | Dockerfile certificate validation is disabled with wget | HIGH |
IAC-0848 | Dockerfile certificate validation is disabled with the pip '--trusted-host' option | HIGH |
IAC-0849 | Dockerfile certificate validation is disabled with the PYTHONHTTPSVERIFY environmnet variable | HIGH |
IAC-0850 | Dockerfile Node.js certificate validation is disabled with the NODE_TLS_REJECT_UNAUTHORIZED environment variable | HIGH |
IAC-0854 | Dockerfile RPM package manager is configured to skip package signature checks | HIGH |
IAC-0855 | Dockerfile APT package manager is configured to force package installations without prompts or verifications | HIGH |
IAC-0856 | Dockerfile configuration disables strict SSL for NPM | HIGH |
IAC-0857 | Dockerfile sets NPM configuration to disable strict SSL | HIGH |
IAC-0858 | Dockerfile configures GIT to disable SSL verification | HIGH |
IAC-0859 | Dockerfile sets YUM configuration to disable SSL verification | HIGH |
IAC-0851 | Dockerfile APK package manager is configured to allow untrusted repositories | MEDIUM |
IAC-0852 | Dockerfile APT package manager is configured to allow unauthenticated packages | MEDIUM |
IAC-0853 | Dockerfile YUM package manager is configured to skip GPG signature checks | MEDIUM |
IAC-0860 | Dockerfile uses a trusted host with pip | MEDIUM |
IAC-0861 | 'chpasswd' is used to set or remove passwords | MEDIUM |
IAC-0834 | Port 22 is exposed | LOW |
IAC-0835 | Healthcheck instructions have not been added to container images | LOW |
IAC-0836 | A user for the container has not been created | LOW |
IAC-0837 | Copy is not used instead of Add in Dockerfiles | LOW |
IAC-0838 | Update instructions are used alone in a Dockerfile | LOW |
IAC-0839 | LABEL maintainer is used instead of MAINTAINER (deprecated) | LOW |
IAC-0840 | Base image uses a latest version tag | LOW |
IAC-0841 | Last USER is root | LOW |
IAC-0842 | Docker APT is used | LOW |
IAC-0843 | Docker WORKDIR values are not absolute paths | LOW |
IAC-0844 | Docker From alias is not unique for multistage builds | LOW |
IAC-0845 | Dockerfile contains the use of 'sudo' | LOW |
Total Rules: 28
Click on any rule ID to view detailed information, examples, and remediation guidance.