Dockerfile APT package manager is configured to force package installations without prompts or verifications

Description

Using the `--force-yes` option with the APT package manager (`apt-get`) in Dockerfiles is perilous. This flag forces APT to acknowledge all prompts and can potentially permit unauthenticated packages, which significantly jeopardizes the integrity of the installed software.

When `--force-yes` is enabled, the automated acceptance of prompts can allow potentially malicious or compromised packages to be installed without any user intervention or verification. This can lead to the embedding of malicious software or insecure versions into your Docker images.

Code Example

dockerfile

- RUN apt-get update && apt-get install -y --force-yes somepackage
+ RUN apt-get update && apt-get install -y somepackage

Remediation

Docker

Rule Details

Field	Value
ID	IAC-0855
Severity	HIGH
IaC Type	dockerfile
Frameworks	Docker
Checkov ID	CKV2_DOCKER_11

References

Checkov Rule

Overview

SAST (Application Security)

SCA (Dependencies)

Secrets Detection

IaC Security

License Compliance

SAST Rules

IaC Rules

License Rules

Dockerfile APT package manager is configured to force package installations without prompts or verifications

Description

Code Example

Remediation

Rule Details

References

SAST Rules

IaC Rules

License Rules

Dockerfile APT package manager is configured to force package installations without prompts or verifications ​

Description ​

Code Example ​

Remediation ​

Rule Details ​

References ​

Dockerfile APT package manager is configured to force package installations without prompts or verifications

Description

Code Example

Remediation

Rule Details

References