Copy is not used instead of Add in Dockerfiles

Description

The Copy instruction simply copies files from the local host machine to the container file system. The Add instruction could potentially retrieve files from remote URLs and perform operations such as unpacking them. The Add instruction, therefore, introduces security risks. For example, malicious files may be directly accessed from URLs without scanning, or there may be vulnerabilities associated with decompressing them We recommend you use the Copy instruction instead of the Add instruction in the Dockerfile.

Code Example

dockerfile

- ADD config.txt /app/

Remediation

Docker

Rule Details

Field	Value
ID	IAC-0837
Severity	LOW
IaC Type	dockerfile
Frameworks	Docker
Checkov ID	CKV_DOCKER_4

References

Checkov Rule

Overview

SAST (Application Security)

SCA (Dependencies)

Secrets Detection

IaC Security

License Compliance

SAST Rules

IaC Rules

License Rules

Copy is not used instead of Add in Dockerfiles

Description

Code Example

Remediation

Rule Details

References

SAST Rules

IaC Rules

License Rules

Copy is not used instead of Add in Dockerfiles ​

Description ​

Code Example ​

Remediation ​

Rule Details ​

References ​

Copy is not used instead of Add in Dockerfiles

Description

Code Example

Remediation

Rule Details

References