Add docker release to the full release process for final releases #51
Wiz IaC Scanner
G'Day, Magician of Memory Heaps! 🪄
The elixirs of revelation brewed by Wiz unearthed concealed truths in this code. 🧪📜
Revealing IaC misconfigurations with Wiz 🪄
🔮 IaC Misconfigurations Detected: 4
― Note from Wiz: "Keep casting your code spells, magician of the digital realm! ✨"
Annotations
Check failure on line 28 in docker/Dockerfile
wiz-inc-266a8a9c32 / Wiz IaC Scanner
Missing User Instruction
Rule ID: e54afcf9-dc71-484a-8967-d930e3044062
Severity: High
Resource: FROM={{base as dbt-postgres}}
A user should be specified in the dockerfile, otherwise the image will run as root
Raw output
Expected: The 'Dockerfile' should contain the 'USER' instruction
Found: The 'Dockerfile' does not contain any 'USER' instruction
Check failure on line 42 in docker/dev.Dockerfile
wiz-inc-266a8a9c32 / Wiz IaC Scanner
Missing User Instruction
Rule ID: e54afcf9-dc71-484a-8967-d930e3044062
Severity: High
Resource: FROM={{base as dbt-postgres-dev}}
A user should be specified in the dockerfile, otherwise the image will run as root
Raw output
Expected: The 'Dockerfile' should contain the 'USER' instruction
Found: The 'Dockerfile' does not contain any 'USER' instruction
Check warning on line 37 in docker/Dockerfile
wiz-inc-266a8a9c32 / Wiz IaC Scanner
Unpinned Package Version in Pip Install
Rule ID: 1f0d05d7-8caf-4f04-bc60-332d472de5a9
Severity: Medium
Resource: FROM={{base as dbt-postgres}}.{{RUN python -m pip install --no-cache-dir "dbt-postgres @ git+https://github.com/dbt-labs/dbt-postgres@${commit_ref}"}}
Package version pinning reduces the range of versions that can be installed, reducing the chances of failure due to unanticipated changes
Raw output
Expected: RUN instruction with 'pip/pip3 install <package>' should use package pinning form 'pip/pip3 install <package>=<version>'
Found: RUN instruction python -m pip install --no-cache-dir "dbt-postgres @ git+https://github.com/dbt-labs/dbt-postgres@main" does not use package pinning form
Check notice on line 8 in docker/dev.Dockerfile
wiz-inc-266a8a9c32 / Wiz IaC Scanner
APT-GET Not Avoiding Additional Packages
Rule ID: 0cbafd91-7f35-4000-b40a-bebedb7bb5f8
Severity: None
Resource: FROM={{ubuntu:22.04 as base}}.{{RUN apt-get update && apt-get install -y software-properties-common=0.99.22.9 && add-apt-repository -y ppa:deadsnakes/ppa && apt-get clean && rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/*}}
Check if any apt-get installs don't use '--no-install-recommends' flag to avoid installing additional packages.
Raw output
Expected: 'RUN apt-get update && apt-get install -y software-properties-common=0.99.22.9 && add-apt-repository -y ppa:deadsnakes/ppa && apt-get clean && rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/*' uses '--no-install-recommends' flag to avoid installing additional packages
Found: 'RUN apt-get update && apt-get install -y software-properties-common=0.99.22.9 && add-apt-repository -y ppa:deadsnakes/ppa && apt-get clean && rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/*' does not use '--no-install-recommends' flag to avoid installing additional packages