Ledger Wiz (CSPM & secret detection) / Wiz IaC Scanner
completed
May 13, 2024 in 3s
Wiz IaC Scanner
Alakazam, Maestro of Machines! 🎵
The ink of insight unveiled tales of uncharted territories within this PR. 🖋️🗺️
Revealing IaC misconfigurations with Wiz 🪄
🔮 IaC Misconfigurations Detected: 2
― Note from Wiz: "Wizards envy your code-casting abilities, digital enchanter! 🔮"
Annotations
Check warning on line 37 in lite/Dockerfile
ledger-wiz-cspm-secret-detection / Wiz IaC Scanner
Unpinned Package Version in Apk Add
Rule ID: 9b55ae16-9e49-41dc-885f-a59ee0bb54bd
Severity: Medium
Resource: FROM={{alpine:3.15}}.{{RUN apk add --repository=http://dl-cdn.alpinelinux.org/alpine/edge/testing/ --repository=http://dl-cdn.alpinelinux.org/alpine/edge/community lcov}}
Package version pinning reduces the range of versions that can be installed, reducing the chances of failure due to unanticipated changes
Raw output
Expected: RUN instruction with 'apk add <package>' should use package pinning form 'apk add <package>=<version>'
Found: RUN instruction apk add --repository=http://dl-cdn.alpinelinux.org/alpine/edge/testing/ --repository=http://dl-cdn.alpinelinux.org/alpine/edge/community lcov does not use package pinning form
Check notice on line 37 in lite/Dockerfile
ledger-wiz-cspm-secret-detection / Wiz IaC Scanner
Apk Add Using Local Cache Path
Rule ID: 8ac96529-88bd-41af-ad98-b24bf7a8a85c
Severity: None
Resource: FROM={{alpine:3.15}}.{{RUN apk add --repository=http://dl-cdn.alpinelinux.org/alpine/edge/testing/ --repository=http://dl-cdn.alpinelinux.org/alpine/edge/community lcov}}
When installing packages, use the '--no-cache' switch to avoid the need to use '--update' and remove '/var/cache/apk/*'
Raw output
Expected: 'RUN' should not contain 'apk add' command without '--no-cache' switch
Found: 'RUN' contains 'apk add' command without '--no-cache' switch
Loading