[ { "check_type": "dockerfile", "results": { "passed_checks": [ { "check_id": "CKV_DOCKER_9", "bc_check_id": "BC_DKR_NETWORKING_1", "check_name": "Ensure that APT isn't used", "check_result": { "result": "PASSED", "results_configuration": null }, "code_block": [ [ 1, "FROM node:20-bookworm AS builder\n" ], [ 2, "\n" ], [ 3, "WORKDIR /app\n" ], [ 4, "\n" ], [ 5, "RUN corepack enable && corepack prepare npm@10.5.0 --activate\n" ], [ 6, "\n" ], [ 7, "COPY package.json package-lock.json turbo.json tsconfig.base.json ./\n" ], [ 8, "COPY apps ./apps\n" ], [ 9, "COPY packages ./packages\n" ], [ 10, "\n" ], [ 11, "# NEXT_PUBLIC_* vars must be present at build time \u2014 they are inlined into JS bundles\n" ], [ 12, "ARG NEXT_PUBLIC_API_URL\n" ], [ 13, "ARG NEXT_PUBLIC_MARKETPLACE_URL\n" ], [ 14, "ARG NEXT_PUBLIC_DASHBOARD_URL\n" ], [ 15, "ARG NEXT_PUBLIC_ADMIN_URL\n" ], [ 16, "ENV NEXT_PUBLIC_API_URL=$NEXT_PUBLIC_API_URL \\\n" ], [ 17, " NEXT_PUBLIC_MARKETPLACE_URL=$NEXT_PUBLIC_MARKETPLACE_URL \\\n" ], [ 18, " NEXT_PUBLIC_DASHBOARD_URL=$NEXT_PUBLIC_DASHBOARD_URL \\\n" ], [ 19, " NEXT_PUBLIC_ADMIN_URL=$NEXT_PUBLIC_ADMIN_URL\n" ], [ 20, "\n" ], [ 21, "RUN npm install\n" ], [ 22, "RUN npm run db:generate\n" ], [ 23, "RUN npm run build\n" ], [ 24, "\n" ], [ 25, "FROM node:20-bookworm AS runner\n" ], [ 26, "\n" ], [ 27, "WORKDIR /app\n" ], [ 28, "\n" ], [ 29, "ENV NODE_ENV=production\n" ], [ 30, "\n" ], [ 31, "RUN corepack enable && corepack prepare npm@10.5.0 --activate\n" ], [ 32, "\n" ], [ 33, "COPY --from=builder /app/package.json /app/package-lock.json /app/turbo.json /app/tsconfig.base.json ./\n" ], [ 34, "COPY --from=builder /app/node_modules ./node_modules\n" ], [ 35, "COPY --from=builder /app/apps ./apps\n" ], [ 36, "COPY --from=builder /app/packages ./packages\n" ], [ 37, "\n" ], [ 38, "EXPOSE 3000 3001 3002 4000\n" ], [ 39, "\n" ], [ 40, "CMD [\"npm\", \"run\", \"start\", \"--workspace\", \"@rentaldrivego/api\"]" ] ], "file_path": "/Dockerfile.production", "file_abs_path": "/scan/Dockerfile.production", "repo_file_path": "/Dockerfile.production", "file_line_range": [ 1, 40 ], "resource": "/Dockerfile.production.", "evaluations": null, "check_class": "checkov.dockerfile.checks.RunUsingAPT", "fixed_definition": null, "entity_tags": null, "caller_file_path": null, "caller_file_line_range": null, "resource_address": null, "severity": null, "bc_category": null, "benchmarks": null, "description": null, "short_description": null, "vulnerability_details": null, "connected_node": null, "guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-apt-is-not-used", "details": [], "check_len": null, "definition_context_file_path": null }, { "check_id": "CKV_DOCKER_5", "bc_check_id": "BC_DKR_4", "check_name": "Ensure update instructions are not use alone in the Dockerfile", "check_result": { "result": "PASSED", "results_configuration": null }, "code_block": [ [ 1, "FROM node:20-bookworm AS builder\n" ], [ 2, "\n" ], [ 3, "WORKDIR /app\n" ], [ 4, "\n" ], [ 5, "RUN corepack enable && corepack prepare npm@10.5.0 --activate\n" ], [ 6, "\n" ], [ 7, "COPY package.json package-lock.json turbo.json tsconfig.base.json ./\n" ], [ 8, "COPY apps ./apps\n" ], [ 9, "COPY packages ./packages\n" ], [ 10, "\n" ], [ 11, "# NEXT_PUBLIC_* vars must be present at build time \u2014 they are inlined into JS bundles\n" ], [ 12, "ARG NEXT_PUBLIC_API_URL\n" ], [ 13, "ARG NEXT_PUBLIC_MARKETPLACE_URL\n" ], [ 14, "ARG NEXT_PUBLIC_DASHBOARD_URL\n" ], [ 15, "ARG NEXT_PUBLIC_ADMIN_URL\n" ], [ 16, "ENV NEXT_PUBLIC_API_URL=$NEXT_PUBLIC_API_URL \\\n" ], [ 17, " NEXT_PUBLIC_MARKETPLACE_URL=$NEXT_PUBLIC_MARKETPLACE_URL \\\n" ], [ 18, " NEXT_PUBLIC_DASHBOARD_URL=$NEXT_PUBLIC_DASHBOARD_URL \\\n" ], [ 19, " NEXT_PUBLIC_ADMIN_URL=$NEXT_PUBLIC_ADMIN_URL\n" ], [ 20, "\n" ], [ 21, "RUN npm install\n" ], [ 22, "RUN npm run db:generate\n" ], [ 23, "RUN npm run build\n" ], [ 24, "\n" ], [ 25, "FROM node:20-bookworm AS runner\n" ], [ 26, "\n" ], [ 27, "WORKDIR /app\n" ], [ 28, "\n" ], [ 29, "ENV NODE_ENV=production\n" ], [ 30, "\n" ], [ 31, "RUN corepack enable && corepack prepare npm@10.5.0 --activate\n" ], [ 32, "\n" ], [ 33, "COPY --from=builder /app/package.json /app/package-lock.json /app/turbo.json /app/tsconfig.base.json ./\n" ], [ 34, "COPY --from=builder /app/node_modules ./node_modules\n" ], [ 35, "COPY --from=builder /app/apps ./apps\n" ], [ 36, "COPY --from=builder /app/packages ./packages\n" ], [ 37, "\n" ], [ 38, "EXPOSE 3000 3001 3002 4000\n" ], [ 39, "\n" ], [ 40, "CMD [\"npm\", \"run\", \"start\", \"--workspace\", \"@rentaldrivego/api\"]" ] ], "file_path": "/Dockerfile.production", "file_abs_path": "/scan/Dockerfile.production", "repo_file_path": "/Dockerfile.production", "file_line_range": [ 1, 40 ], "resource": "/Dockerfile.production.", "evaluations": null, "check_class": "checkov.dockerfile.checks.UpdateNotAlone", "fixed_definition": null, "entity_tags": null, "caller_file_path": null, "caller_file_line_range": null, "resource_address": null, "severity": null, "bc_category": null, "benchmarks": null, "description": null, "short_description": null, "vulnerability_details": null, "connected_node": null, "guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-update-instructions-are-not-used-alone-in-the-dockerfile", "details": [], "check_len": null, "definition_context_file_path": null }, { "check_id": "CKV_DOCKER_11", "bc_check_id": "BC_DKR_GENERAL_9", "check_name": "Ensure From Alias are unique for multistage builds.", "check_result": { "result": "PASSED", "results_configuration": null }, "code_block": [ [ 1, "FROM node:20-bookworm AS builder\n" ], [ 2, "\n" ], [ 3, "WORKDIR /app\n" ], [ 4, "\n" ], [ 5, "RUN corepack enable && corepack prepare npm@10.5.0 --activate\n" ], [ 6, "\n" ], [ 7, "COPY package.json package-lock.json turbo.json tsconfig.base.json ./\n" ], [ 8, "COPY apps ./apps\n" ], [ 9, "COPY packages ./packages\n" ], [ 10, "\n" ], [ 11, "# NEXT_PUBLIC_* vars must be present at build time \u2014 they are inlined into JS bundles\n" ], [ 12, "ARG NEXT_PUBLIC_API_URL\n" ], [ 13, "ARG NEXT_PUBLIC_MARKETPLACE_URL\n" ], [ 14, "ARG NEXT_PUBLIC_DASHBOARD_URL\n" ], [ 15, "ARG NEXT_PUBLIC_ADMIN_URL\n" ], [ 16, "ENV NEXT_PUBLIC_API_URL=$NEXT_PUBLIC_API_URL \\\n" ], [ 17, " NEXT_PUBLIC_MARKETPLACE_URL=$NEXT_PUBLIC_MARKETPLACE_URL \\\n" ], [ 18, " NEXT_PUBLIC_DASHBOARD_URL=$NEXT_PUBLIC_DASHBOARD_URL \\\n" ], [ 19, " NEXT_PUBLIC_ADMIN_URL=$NEXT_PUBLIC_ADMIN_URL\n" ], [ 20, "\n" ], [ 21, "RUN npm install\n" ], [ 22, "RUN npm run db:generate\n" ], [ 23, "RUN npm run build\n" ], [ 24, "\n" ], [ 25, "FROM node:20-bookworm AS runner\n" ], [ 26, "\n" ], [ 27, "WORKDIR /app\n" ], [ 28, "\n" ], [ 29, "ENV NODE_ENV=production\n" ], [ 30, "\n" ], [ 31, "RUN corepack enable && corepack prepare npm@10.5.0 --activate\n" ], [ 32, "\n" ], [ 33, "COPY --from=builder /app/package.json /app/package-lock.json /app/turbo.json /app/tsconfig.base.json ./\n" ], [ 34, "COPY --from=builder /app/node_modules ./node_modules\n" ], [ 35, "COPY --from=builder /app/apps ./apps\n" ], [ 36, "COPY --from=builder /app/packages ./packages\n" ], [ 37, "\n" ], [ 38, "EXPOSE 3000 3001 3002 4000\n" ], [ 39, "\n" ], [ 40, "CMD [\"npm\", \"run\", \"start\", \"--workspace\", \"@rentaldrivego/api\"]" ] ], "file_path": "/Dockerfile.production", "file_abs_path": "/scan/Dockerfile.production", "repo_file_path": "/Dockerfile.production", "file_line_range": [ 1, 40 ], "resource": "/Dockerfile.production.", "evaluations": null, "check_class": "checkov.dockerfile.checks.AliasIsUnique", "fixed_definition": null, "entity_tags": null, "caller_file_path": null, "caller_file_line_range": null, "resource_address": null, "severity": null, "bc_category": null, "benchmarks": null, "description": null, "short_description": null, "vulnerability_details": null, "connected_node": null, "guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-from-alias-is-unique-for-multistage-builds", "details": [], "check_len": null, "definition_context_file_path": null }, { "check_id": "CKV_DOCKER_7", "bc_check_id": "BC_DKR_7", "check_name": "Ensure the base image uses a non latest version tag", "check_result": { "result": "PASSED", "results_configuration": [ { "instruction": "FROM", "startline": 24, "endline": 24, "content": "FROM node:20-bookworm AS runner\n", "value": "node:20-bookworm AS runner" } ] }, "code_block": [ [ 25, "FROM node:20-bookworm AS runner\n" ] ], "file_path": "/Dockerfile.production", "file_abs_path": "/scan/Dockerfile.production", "repo_file_path": "/Dockerfile.production", "file_line_range": [ 25, 25 ], "resource": "/Dockerfile.production.FROM", "evaluations": null, "check_class": "checkov.dockerfile.checks.ReferenceLatestTag", "fixed_definition": null, "entity_tags": null, "caller_file_path": null, "caller_file_line_range": null, "resource_address": null, "severity": null, "bc_category": null, "benchmarks": null, "description": null, "short_description": null, "vulnerability_details": null, "connected_node": null, "guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-the-base-image-uses-a-non-latest-version-tag", "details": [], "check_len": null, "definition_context_file_path": null }, { "check_id": "CKV_DOCKER_1", "bc_check_id": "BC_DKR_1", "check_name": "Ensure port 22 is not exposed", "check_result": { "result": "PASSED", "results_configuration": null }, "code_block": [ [ 1, "FROM node:20-bookworm AS builder\n" ], [ 2, "\n" ], [ 3, "WORKDIR /app\n" ], [ 4, "\n" ], [ 5, "RUN corepack enable && corepack prepare npm@10.5.0 --activate\n" ], [ 6, "\n" ], [ 7, "COPY package.json package-lock.json turbo.json tsconfig.base.json ./\n" ], [ 8, "COPY apps ./apps\n" ], [ 9, "COPY packages ./packages\n" ], [ 10, "\n" ], [ 11, "# NEXT_PUBLIC_* vars must be present at build time \u2014 they are inlined into JS bundles\n" ], [ 12, "ARG NEXT_PUBLIC_API_URL\n" ], [ 13, "ARG NEXT_PUBLIC_MARKETPLACE_URL\n" ], [ 14, "ARG NEXT_PUBLIC_DASHBOARD_URL\n" ], [ 15, "ARG NEXT_PUBLIC_ADMIN_URL\n" ], [ 16, "ENV NEXT_PUBLIC_API_URL=$NEXT_PUBLIC_API_URL \\\n" ], [ 17, " NEXT_PUBLIC_MARKETPLACE_URL=$NEXT_PUBLIC_MARKETPLACE_URL \\\n" ], [ 18, " NEXT_PUBLIC_DASHBOARD_URL=$NEXT_PUBLIC_DASHBOARD_URL \\\n" ], [ 19, " NEXT_PUBLIC_ADMIN_URL=$NEXT_PUBLIC_ADMIN_URL\n" ], [ 20, "\n" ], [ 21, "RUN npm install\n" ], [ 22, "RUN npm run db:generate\n" ], [ 23, "RUN npm run build\n" ], [ 24, "\n" ], [ 25, "FROM node:20-bookworm AS runner\n" ], [ 26, "\n" ], [ 27, "WORKDIR /app\n" ], [ 28, "\n" ], [ 29, "ENV NODE_ENV=production\n" ], [ 30, "\n" ], [ 31, "RUN corepack enable && corepack prepare npm@10.5.0 --activate\n" ], [ 32, "\n" ], [ 33, "COPY --from=builder /app/package.json /app/package-lock.json /app/turbo.json /app/tsconfig.base.json ./\n" ], [ 34, "COPY --from=builder /app/node_modules ./node_modules\n" ], [ 35, "COPY --from=builder /app/apps ./apps\n" ], [ 36, "COPY --from=builder /app/packages ./packages\n" ], [ 37, "\n" ], [ 38, "EXPOSE 3000 3001 3002 4000\n" ], [ 39, "\n" ], [ 40, "CMD [\"npm\", \"run\", \"start\", \"--workspace\", \"@rentaldrivego/api\"]" ] ], "file_path": "/Dockerfile.production", "file_abs_path": "/scan/Dockerfile.production", "repo_file_path": "/Dockerfile.production", "file_line_range": [ 1, 40 ], "resource": "/Dockerfile.production.", "evaluations": null, "check_class": "checkov.dockerfile.checks.ExposePort22", "fixed_definition": null, "entity_tags": null, "caller_file_path": null, "caller_file_line_range": null, "resource_address": null, "severity": null, "bc_category": null, "benchmarks": null, "description": null, "short_description": null, "vulnerability_details": null, "connected_node": null, "guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-port-22-is-not-exposed", "details": [], "check_len": null, "definition_context_file_path": null }, { "check_id": "CKV_DOCKER_10", "bc_check_id": "BC_DKR_GENERAL_10", "check_name": "Ensure that WORKDIR values are absolute paths", "check_result": { "result": "PASSED", "results_configuration": null }, "code_block": [ [ 1, "FROM node:20-bookworm AS builder\n" ], [ 2, "\n" ], [ 3, "WORKDIR /app\n" ], [ 4, "\n" ], [ 5, "RUN corepack enable && corepack prepare npm@10.5.0 --activate\n" ], [ 6, "\n" ], [ 7, "COPY package.json package-lock.json turbo.json tsconfig.base.json ./\n" ], [ 8, "COPY apps ./apps\n" ], [ 9, "COPY packages ./packages\n" ], [ 10, "\n" ], [ 11, "# NEXT_PUBLIC_* vars must be present at build time \u2014 they are inlined into JS bundles\n" ], [ 12, "ARG NEXT_PUBLIC_API_URL\n" ], [ 13, "ARG NEXT_PUBLIC_MARKETPLACE_URL\n" ], [ 14, "ARG NEXT_PUBLIC_DASHBOARD_URL\n" ], [ 15, "ARG NEXT_PUBLIC_ADMIN_URL\n" ], [ 16, "ENV NEXT_PUBLIC_API_URL=$NEXT_PUBLIC_API_URL \\\n" ], [ 17, " NEXT_PUBLIC_MARKETPLACE_URL=$NEXT_PUBLIC_MARKETPLACE_URL \\\n" ], [ 18, " NEXT_PUBLIC_DASHBOARD_URL=$NEXT_PUBLIC_DASHBOARD_URL \\\n" ], [ 19, " NEXT_PUBLIC_ADMIN_URL=$NEXT_PUBLIC_ADMIN_URL\n" ], [ 20, "\n" ], [ 21, "RUN npm install\n" ], [ 22, "RUN npm run db:generate\n" ], [ 23, "RUN npm run build\n" ], [ 24, "\n" ], [ 25, "FROM node:20-bookworm AS runner\n" ], [ 26, "\n" ], [ 27, "WORKDIR /app\n" ], [ 28, "\n" ], [ 29, "ENV NODE_ENV=production\n" ], [ 30, "\n" ], [ 31, "RUN corepack enable && corepack prepare npm@10.5.0 --activate\n" ], [ 32, "\n" ], [ 33, "COPY --from=builder /app/package.json /app/package-lock.json /app/turbo.json /app/tsconfig.base.json ./\n" ], [ 34, "COPY --from=builder /app/node_modules ./node_modules\n" ], [ 35, "COPY --from=builder /app/apps ./apps\n" ], [ 36, "COPY --from=builder /app/packages ./packages\n" ], [ 37, "\n" ], [ 38, "EXPOSE 3000 3001 3002 4000\n" ], [ 39, "\n" ], [ 40, "CMD [\"npm\", \"run\", \"start\", \"--workspace\", \"@rentaldrivego/api\"]" ] ], "file_path": "/Dockerfile.production", "file_abs_path": "/scan/Dockerfile.production", "repo_file_path": "/Dockerfile.production", "file_line_range": [ 1, 40 ], "resource": "/Dockerfile.production.", "evaluations": null, "check_class": "checkov.dockerfile.checks.WorkdirIsAbsolute", "fixed_definition": null, "entity_tags": null, "caller_file_path": null, "caller_file_line_range": null, "resource_address": null, "severity": null, "bc_category": null, "benchmarks": null, "description": null, "short_description": null, "vulnerability_details": null, "connected_node": null, "guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-workdir-values-are-absolute-paths", "details": [], "check_len": null, "definition_context_file_path": null }, { "check_id": "CKV_DOCKER_9", "bc_check_id": "BC_DKR_NETWORKING_1", "check_name": "Ensure that APT isn't used", "check_result": { "result": "PASSED", "results_configuration": null }, "code_block": [ [ 1, "FROM node:20-bookworm\n" ], [ 2, "\n" ], [ 3, "WORKDIR /app\n" ], [ 4, "\n" ], [ 5, "RUN corepack enable && corepack prepare npm@10.5.0 --activate\n" ], [ 6, "\n" ], [ 7, "COPY package.json package-lock.json turbo.json tsconfig.base.json ./\n" ], [ 8, "COPY apps ./apps\n" ], [ 9, "COPY packages ./packages\n" ], [ 10, "\n" ], [ 11, "RUN npm install\n" ], [ 12, "\n" ], [ 13, "ENV NODE_ENV=test\n" ], [ 14, "\n" ], [ 15, "CMD [\"sh\", \"-c\", \"npm run db:deploy && npm run db:generate && npm run type-check && npm run build && npm run test:api:integration\"]" ] ], "file_path": "/Dockerfile.test", "file_abs_path": "/scan/Dockerfile.test", "repo_file_path": "/Dockerfile.test", "file_line_range": [ 1, 15 ], "resource": "/Dockerfile.test.", "evaluations": null, "check_class": "checkov.dockerfile.checks.RunUsingAPT", "fixed_definition": null, "entity_tags": null, "caller_file_path": null, "caller_file_line_range": null, "resource_address": null, "severity": null, "bc_category": null, "benchmarks": null, "description": null, "short_description": null, "vulnerability_details": null, "connected_node": null, "guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-apt-is-not-used", "details": [], "check_len": null, "definition_context_file_path": null }, { "check_id": "CKV_DOCKER_5", "bc_check_id": "BC_DKR_4", "check_name": "Ensure update instructions are not use alone in the Dockerfile", "check_result": { "result": "PASSED", "results_configuration": null }, "code_block": [ [ 1, "FROM node:20-bookworm\n" ], [ 2, "\n" ], [ 3, "WORKDIR /app\n" ], [ 4, "\n" ], [ 5, "RUN corepack enable && corepack prepare npm@10.5.0 --activate\n" ], [ 6, "\n" ], [ 7, "COPY package.json package-lock.json turbo.json tsconfig.base.json ./\n" ], [ 8, "COPY apps ./apps\n" ], [ 9, "COPY packages ./packages\n" ], [ 10, "\n" ], [ 11, "RUN npm install\n" ], [ 12, "\n" ], [ 13, "ENV NODE_ENV=test\n" ], [ 14, "\n" ], [ 15, "CMD [\"sh\", \"-c\", \"npm run db:deploy && npm run db:generate && npm run type-check && npm run build && npm run test:api:integration\"]" ] ], "file_path": "/Dockerfile.test", "file_abs_path": "/scan/Dockerfile.test", "repo_file_path": "/Dockerfile.test", "file_line_range": [ 1, 15 ], "resource": "/Dockerfile.test.", "evaluations": null, "check_class": "checkov.dockerfile.checks.UpdateNotAlone", "fixed_definition": null, "entity_tags": null, "caller_file_path": null, "caller_file_line_range": null, "resource_address": null, "severity": null, "bc_category": null, "benchmarks": null, "description": null, "short_description": null, "vulnerability_details": null, "connected_node": null, "guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-update-instructions-are-not-used-alone-in-the-dockerfile", "details": [], "check_len": null, "definition_context_file_path": null }, { "check_id": "CKV_DOCKER_11", "bc_check_id": "BC_DKR_GENERAL_9", "check_name": "Ensure From Alias are unique for multistage builds.", "check_result": { "result": "PASSED", "results_configuration": null }, "code_block": [ [ 1, "FROM node:20-bookworm\n" ], [ 2, "\n" ], [ 3, "WORKDIR /app\n" ], [ 4, "\n" ], [ 5, "RUN corepack enable && corepack prepare npm@10.5.0 --activate\n" ], [ 6, "\n" ], [ 7, "COPY package.json package-lock.json turbo.json tsconfig.base.json ./\n" ], [ 8, "COPY apps ./apps\n" ], [ 9, "COPY packages ./packages\n" ], [ 10, "\n" ], [ 11, "RUN npm install\n" ], [ 12, "\n" ], [ 13, "ENV NODE_ENV=test\n" ], [ 14, "\n" ], [ 15, "CMD [\"sh\", \"-c\", \"npm run db:deploy && npm run db:generate && npm run type-check && npm run build && npm run test:api:integration\"]" ] ], "file_path": "/Dockerfile.test", "file_abs_path": "/scan/Dockerfile.test", "repo_file_path": "/Dockerfile.test", "file_line_range": [ 1, 15 ], "resource": "/Dockerfile.test.", "evaluations": null, "check_class": "checkov.dockerfile.checks.AliasIsUnique", "fixed_definition": null, "entity_tags": null, "caller_file_path": null, "caller_file_line_range": null, "resource_address": null, "severity": null, "bc_category": null, "benchmarks": null, "description": null, "short_description": null, "vulnerability_details": null, "connected_node": null, "guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-from-alias-is-unique-for-multistage-builds", "details": [], "check_len": null, "definition_context_file_path": null }, { "check_id": "CKV_DOCKER_7", "bc_check_id": "BC_DKR_7", "check_name": "Ensure the base image uses a non latest version tag", "check_result": { "result": "PASSED", "results_configuration": [ { "instruction": "FROM", "startline": 0, "endline": 0, "content": "FROM node:20-bookworm\n", "value": "node:20-bookworm" } ] }, "code_block": [ [ 1, "FROM node:20-bookworm\n" ] ], "file_path": "/Dockerfile.test", "file_abs_path": "/scan/Dockerfile.test", "repo_file_path": "/Dockerfile.test", "file_line_range": [ 1, 1 ], "resource": "/Dockerfile.test.FROM", "evaluations": null, "check_class": "checkov.dockerfile.checks.ReferenceLatestTag", "fixed_definition": null, "entity_tags": null, "caller_file_path": null, "caller_file_line_range": null, "resource_address": null, "severity": null, "bc_category": null, "benchmarks": null, "description": null, "short_description": null, "vulnerability_details": null, "connected_node": null, "guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-the-base-image-uses-a-non-latest-version-tag", "details": [], "check_len": null, "definition_context_file_path": null }, { "check_id": "CKV_DOCKER_10", "bc_check_id": "BC_DKR_GENERAL_10", "check_name": "Ensure that WORKDIR values are absolute paths", "check_result": { "result": "PASSED", "results_configuration": null }, "code_block": [ [ 1, "FROM node:20-bookworm\n" ], [ 2, "\n" ], [ 3, "WORKDIR /app\n" ], [ 4, "\n" ], [ 5, "RUN corepack enable && corepack prepare npm@10.5.0 --activate\n" ], [ 6, "\n" ], [ 7, "COPY package.json package-lock.json turbo.json tsconfig.base.json ./\n" ], [ 8, "COPY apps ./apps\n" ], [ 9, "COPY packages ./packages\n" ], [ 10, "\n" ], [ 11, "RUN npm install\n" ], [ 12, "\n" ], [ 13, "ENV NODE_ENV=test\n" ], [ 14, "\n" ], [ 15, "CMD [\"sh\", \"-c\", \"npm run db:deploy && npm run db:generate && npm run type-check && npm run build && npm run test:api:integration\"]" ] ], "file_path": "/Dockerfile.test", "file_abs_path": "/scan/Dockerfile.test", "repo_file_path": "/Dockerfile.test", "file_line_range": [ 1, 15 ], "resource": "/Dockerfile.test.", "evaluations": null, "check_class": "checkov.dockerfile.checks.WorkdirIsAbsolute", "fixed_definition": null, "entity_tags": null, "caller_file_path": null, "caller_file_line_range": null, "resource_address": null, "severity": null, "bc_category": null, "benchmarks": null, "description": null, "short_description": null, "vulnerability_details": null, "connected_node": null, "guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-workdir-values-are-absolute-paths", "details": [], "check_len": null, "definition_context_file_path": null }, { "check_id": "CKV_DOCKER_9", "bc_check_id": "BC_DKR_NETWORKING_1", "check_name": "Ensure that APT isn't used", "check_result": { "result": "PASSED", "results_configuration": null }, "code_block": [ [ 1, "FROM node:20-bookworm\n" ], [ 2, "\n" ], [ 3, "WORKDIR /app\n" ], [ 4, "\n" ], [ 5, "RUN npm install -g npm@10.5.0 --no-fund --no-audit\n" ], [ 6, "\n" ], [ 7, "COPY package.json package-lock.json turbo.json tsconfig.base.json ./\n" ], [ 8, "COPY apps ./apps\n" ], [ 9, "COPY packages ./packages\n" ], [ 10, "\n" ], [ 11, "RUN npm ci --no-fund --no-audit\n" ], [ 12, "\n" ], [ 13, "EXPOSE 3000 3001 3002 3003 4000\n" ], [ 14, "\n" ], [ 15, "CMD [\"sh\", \"-c\", \"npm run db:generate && npm run dev\"]" ] ], "file_path": "/Dockerfile.dev", "file_abs_path": "/scan/Dockerfile.dev", "repo_file_path": "/Dockerfile.dev", "file_line_range": [ 1, 15 ], "resource": "/Dockerfile.dev.", "evaluations": null, "check_class": "checkov.dockerfile.checks.RunUsingAPT", "fixed_definition": null, "entity_tags": null, "caller_file_path": null, "caller_file_line_range": null, "resource_address": null, "severity": null, "bc_category": null, "benchmarks": null, "description": null, "short_description": null, "vulnerability_details": null, "connected_node": null, "guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-apt-is-not-used", "details": [], "check_len": null, "definition_context_file_path": null }, { "check_id": "CKV_DOCKER_5", "bc_check_id": "BC_DKR_4", "check_name": "Ensure update instructions are not use alone in the Dockerfile", "check_result": { "result": "PASSED", "results_configuration": null }, "code_block": [ [ 1, "FROM node:20-bookworm\n" ], [ 2, "\n" ], [ 3, "WORKDIR /app\n" ], [ 4, "\n" ], [ 5, "RUN npm install -g npm@10.5.0 --no-fund --no-audit\n" ], [ 6, "\n" ], [ 7, "COPY package.json package-lock.json turbo.json tsconfig.base.json ./\n" ], [ 8, "COPY apps ./apps\n" ], [ 9, "COPY packages ./packages\n" ], [ 10, "\n" ], [ 11, "RUN npm ci --no-fund --no-audit\n" ], [ 12, "\n" ], [ 13, "EXPOSE 3000 3001 3002 3003 4000\n" ], [ 14, "\n" ], [ 15, "CMD [\"sh\", \"-c\", \"npm run db:generate && npm run dev\"]" ] ], "file_path": "/Dockerfile.dev", "file_abs_path": "/scan/Dockerfile.dev", "repo_file_path": "/Dockerfile.dev", "file_line_range": [ 1, 15 ], "resource": "/Dockerfile.dev.", "evaluations": null, "check_class": "checkov.dockerfile.checks.UpdateNotAlone", "fixed_definition": null, "entity_tags": null, "caller_file_path": null, "caller_file_line_range": null, "resource_address": null, "severity": null, "bc_category": null, "benchmarks": null, "description": null, "short_description": null, "vulnerability_details": null, "connected_node": null, "guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-update-instructions-are-not-used-alone-in-the-dockerfile", "details": [], "check_len": null, "definition_context_file_path": null }, { "check_id": "CKV_DOCKER_11", "bc_check_id": "BC_DKR_GENERAL_9", "check_name": "Ensure From Alias are unique for multistage builds.", "check_result": { "result": "PASSED", "results_configuration": null }, "code_block": [ [ 1, "FROM node:20-bookworm\n" ], [ 2, "\n" ], [ 3, "WORKDIR /app\n" ], [ 4, "\n" ], [ 5, "RUN npm install -g npm@10.5.0 --no-fund --no-audit\n" ], [ 6, "\n" ], [ 7, "COPY package.json package-lock.json turbo.json tsconfig.base.json ./\n" ], [ 8, "COPY apps ./apps\n" ], [ 9, "COPY packages ./packages\n" ], [ 10, "\n" ], [ 11, "RUN npm ci --no-fund --no-audit\n" ], [ 12, "\n" ], [ 13, "EXPOSE 3000 3001 3002 3003 4000\n" ], [ 14, "\n" ], [ 15, "CMD [\"sh\", \"-c\", \"npm run db:generate && npm run dev\"]" ] ], "file_path": "/Dockerfile.dev", "file_abs_path": "/scan/Dockerfile.dev", "repo_file_path": "/Dockerfile.dev", "file_line_range": [ 1, 15 ], "resource": "/Dockerfile.dev.", "evaluations": null, "check_class": "checkov.dockerfile.checks.AliasIsUnique", "fixed_definition": null, "entity_tags": null, "caller_file_path": null, "caller_file_line_range": null, "resource_address": null, "severity": null, "bc_category": null, "benchmarks": null, "description": null, "short_description": null, "vulnerability_details": null, "connected_node": null, "guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-from-alias-is-unique-for-multistage-builds", "details": [], "check_len": null, "definition_context_file_path": null }, { "check_id": "CKV_DOCKER_7", "bc_check_id": "BC_DKR_7", "check_name": "Ensure the base image uses a non latest version tag", "check_result": { "result": "PASSED", "results_configuration": [ { "instruction": "FROM", "startline": 0, "endline": 0, "content": "FROM node:20-bookworm\n", "value": "node:20-bookworm" } ] }, "code_block": [ [ 1, "FROM node:20-bookworm\n" ] ], "file_path": "/Dockerfile.dev", "file_abs_path": "/scan/Dockerfile.dev", "repo_file_path": "/Dockerfile.dev", "file_line_range": [ 1, 1 ], "resource": "/Dockerfile.dev.FROM", "evaluations": null, "check_class": "checkov.dockerfile.checks.ReferenceLatestTag", "fixed_definition": null, "entity_tags": null, "caller_file_path": null, "caller_file_line_range": null, "resource_address": null, "severity": null, "bc_category": null, "benchmarks": null, "description": null, "short_description": null, "vulnerability_details": null, "connected_node": null, "guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-the-base-image-uses-a-non-latest-version-tag", "details": [], "check_len": null, "definition_context_file_path": null }, { "check_id": "CKV_DOCKER_1", "bc_check_id": "BC_DKR_1", "check_name": "Ensure port 22 is not exposed", "check_result": { "result": "PASSED", "results_configuration": null }, "code_block": [ [ 1, "FROM node:20-bookworm\n" ], [ 2, "\n" ], [ 3, "WORKDIR /app\n" ], [ 4, "\n" ], [ 5, "RUN npm install -g npm@10.5.0 --no-fund --no-audit\n" ], [ 6, "\n" ], [ 7, "COPY package.json package-lock.json turbo.json tsconfig.base.json ./\n" ], [ 8, "COPY apps ./apps\n" ], [ 9, "COPY packages ./packages\n" ], [ 10, "\n" ], [ 11, "RUN npm ci --no-fund --no-audit\n" ], [ 12, "\n" ], [ 13, "EXPOSE 3000 3001 3002 3003 4000\n" ], [ 14, "\n" ], [ 15, "CMD [\"sh\", \"-c\", \"npm run db:generate && npm run dev\"]" ] ], "file_path": "/Dockerfile.dev", "file_abs_path": "/scan/Dockerfile.dev", "repo_file_path": "/Dockerfile.dev", "file_line_range": [ 1, 15 ], "resource": "/Dockerfile.dev.", "evaluations": null, "check_class": "checkov.dockerfile.checks.ExposePort22", "fixed_definition": null, "entity_tags": null, "caller_file_path": null, "caller_file_line_range": null, "resource_address": null, "severity": null, "bc_category": null, "benchmarks": null, "description": null, "short_description": null, "vulnerability_details": null, "connected_node": null, "guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-port-22-is-not-exposed", "details": [], "check_len": null, "definition_context_file_path": null }, { "check_id": "CKV_DOCKER_10", "bc_check_id": "BC_DKR_GENERAL_10", "check_name": "Ensure that WORKDIR values are absolute paths", "check_result": { "result": "PASSED", "results_configuration": null }, "code_block": [ [ 1, "FROM node:20-bookworm\n" ], [ 2, "\n" ], [ 3, "WORKDIR /app\n" ], [ 4, "\n" ], [ 5, "RUN npm install -g npm@10.5.0 --no-fund --no-audit\n" ], [ 6, "\n" ], [ 7, "COPY package.json package-lock.json turbo.json tsconfig.base.json ./\n" ], [ 8, "COPY apps ./apps\n" ], [ 9, "COPY packages ./packages\n" ], [ 10, "\n" ], [ 11, "RUN npm ci --no-fund --no-audit\n" ], [ 12, "\n" ], [ 13, "EXPOSE 3000 3001 3002 3003 4000\n" ], [ 14, "\n" ], [ 15, "CMD [\"sh\", \"-c\", \"npm run db:generate && npm run dev\"]" ] ], "file_path": "/Dockerfile.dev", "file_abs_path": "/scan/Dockerfile.dev", "repo_file_path": "/Dockerfile.dev", "file_line_range": [ 1, 15 ], "resource": "/Dockerfile.dev.", "evaluations": null, "check_class": "checkov.dockerfile.checks.WorkdirIsAbsolute", "fixed_definition": null, "entity_tags": null, "caller_file_path": null, "caller_file_line_range": null, "resource_address": null, "severity": null, "bc_category": null, "benchmarks": null, "description": null, "short_description": null, "vulnerability_details": null, "connected_node": null, "guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-workdir-values-are-absolute-paths", "details": [], "check_len": null, "definition_context_file_path": null }, { "check_id": "CKV2_DOCKER_1", "bc_check_id": null, "check_name": "Ensure that sudo isn't used", "check_result": { "result": "PASSED", "entity": { "block_name_": "RUN", "block_type_": "resource", "file_path_": "/Dockerfile.production", "config_": { "content": "RUN corepack enable && corepack prepare npm@10.5.0 --activate\n", "value": "corepack enable && corepack prepare npm@10.5.0 --activate", "__startline__": 4, "__endline__": 4 }, "label_": "resource: RUN", "id_": "RUN", "source_": "Dockerfile", "content": "RUN corepack enable && corepack prepare npm@10.5.0 --activate\n", "value": "corepack enable && corepack prepare npm@10.5.0 --activate", "__startline__": 4, "__endline__": 4, "resource_type": "RUN", "hash": "dbd32b6bad6b728919787011f82d60c50d7b2d1c079f814de2b1640696c98816" }, "evaluated_keys": [ "value" ] }, "code_block": [ [ 5, "RUN corepack enable && corepack prepare npm@10.5.0 --activate\n" ] ], "file_path": "/Dockerfile.production", "file_abs_path": "/scan/Dockerfile.production", "repo_file_path": "/Dockerfile.production", "file_line_range": [ 5, 5 ], "resource": "/Dockerfile.production.RUN", "evaluations": null, "check_class": "checkov.common.graph.checks_infra.base_check", "fixed_definition": null, "entity_tags": null, "caller_file_path": null, "caller_file_line_range": null, "resource_address": null, "severity": null, "bc_category": null, "benchmarks": null, "description": null, "short_description": null, "vulnerability_details": null, "connected_node": null, "guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-dont-use-sudo", "details": [], "check_len": null, "definition_context_file_path": null }, { "check_id": "CKV2_DOCKER_1", "bc_check_id": null, "check_name": "Ensure that sudo isn't used", "check_result": { "result": "PASSED", "entity": { "block_name_": "RUN", "block_type_": "resource", "file_path_": "/Dockerfile.production", "config_": { "content": "RUN npm install\n", "value": "npm install", "__startline__": 20, "__endline__": 20 }, "label_": "resource: RUN", "id_": "RUN", "source_": "Dockerfile", "content": "RUN npm install\n", "value": "npm install", "__startline__": 20, "__endline__": 20, "resource_type": "RUN", "hash": "6979b14e6a853ac150ffef85c5e28fd49c956054ea2cb1d01440e13b17260c4a" }, "evaluated_keys": [ "value" ] }, "code_block": [ [ 21, "RUN npm install\n" ] ], "file_path": "/Dockerfile.production", "file_abs_path": "/scan/Dockerfile.production", "repo_file_path": "/Dockerfile.production", "file_line_range": [ 21, 21 ], "resource": "/Dockerfile.production.RUN", "evaluations": null, "check_class": "checkov.common.graph.checks_infra.base_check", "fixed_definition": null, "entity_tags": null, "caller_file_path": null, "caller_file_line_range": null, "resource_address": null, "severity": null, "bc_category": null, "benchmarks": null, "description": null, "short_description": null, "vulnerability_details": null, "connected_node": null, "guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-dont-use-sudo", "details": [], "check_len": null, "definition_context_file_path": null }, { "check_id": "CKV2_DOCKER_1", "bc_check_id": null, "check_name": "Ensure that sudo isn't used", "check_result": { "result": "PASSED", "entity": { "block_name_": "RUN", "block_type_": "resource", "file_path_": "/Dockerfile.production", "config_": { "content": "RUN npm run db:generate\n", "value": "npm run db:generate", "__startline__": 21, "__endline__": 21 }, "label_": "resource: RUN", "id_": "RUN", "source_": "Dockerfile", "content": "RUN npm run db:generate\n", "value": "npm run db:generate", "__startline__": 21, "__endline__": 21, "resource_type": "RUN", "hash": "c1f9cc0c42260bb0183d7e7b9ec2edab99837111ad42dbbdd7fad09ff3e37ab0" }, "evaluated_keys": [ "value" ] }, "code_block": [ [ 22, "RUN npm run db:generate\n" ] ], "file_path": "/Dockerfile.production", "file_abs_path": "/scan/Dockerfile.production", "repo_file_path": "/Dockerfile.production", "file_line_range": [ 22, 22 ], "resource": "/Dockerfile.production.RUN", "evaluations": null, "check_class": "checkov.common.graph.checks_infra.base_check", "fixed_definition": null, "entity_tags": null, "caller_file_path": null, "caller_file_line_range": null, "resource_address": null, "severity": null, "bc_category": null, "benchmarks": null, "description": null, "short_description": null, "vulnerability_details": null, "connected_node": null, "guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-dont-use-sudo", "details": [], "check_len": null, "definition_context_file_path": null }, { "check_id": "CKV2_DOCKER_1", "bc_check_id": null, "check_name": "Ensure that sudo isn't used", "check_result": { "result": "PASSED", "entity": { "block_name_": "RUN", "block_type_": "resource", "file_path_": "/Dockerfile.production", "config_": { "content": "RUN npm run build\n", "value": "npm run build", "__startline__": 22, "__endline__": 22 }, "label_": "resource: RUN", "id_": "RUN", "source_": "Dockerfile", "content": "RUN npm run build\n", "value": "npm run build", "__startline__": 22, "__endline__": 22, "resource_type": "RUN", "hash": "1bf185fb6038f1b491f2a2686de4dd9869ccdd9c3e34d2772cf43bd368377aa6" }, "evaluated_keys": [ "value" ] }, "code_block": [ [ 23, "RUN npm run build\n" ] ], "file_path": "/Dockerfile.production", "file_abs_path": "/scan/Dockerfile.production", "repo_file_path": "/Dockerfile.production", "file_line_range": [ 23, 23 ], "resource": "/Dockerfile.production.RUN", "evaluations": null, "check_class": "checkov.common.graph.checks_infra.base_check", "fixed_definition": null, "entity_tags": null, "caller_file_path": null, "caller_file_line_range": null, "resource_address": null, "severity": null, "bc_category": null, "benchmarks": null, "description": null, "short_description": null, "vulnerability_details": null, "connected_node": null, "guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-dont-use-sudo", "details": [], "check_len": null, "definition_context_file_path": null }, { "check_id": "CKV2_DOCKER_1", "bc_check_id": null, "check_name": "Ensure that sudo isn't used", "check_result": { "result": "PASSED", "entity": { "block_name_": "RUN", "block_type_": "resource", "file_path_": "/Dockerfile.production", "config_": { "content": "RUN corepack enable && corepack prepare npm@10.5.0 --activate\n", "value": "corepack enable && corepack prepare npm@10.5.0 --activate", "__startline__": 30, "__endline__": 30 }, "label_": "resource: RUN", "id_": "RUN", "source_": "Dockerfile", "content": "RUN corepack enable && corepack prepare npm@10.5.0 --activate\n", "value": "corepack enable && corepack prepare npm@10.5.0 --activate", "__startline__": 30, "__endline__": 30, "resource_type": "RUN", "hash": "01c88e306f7db45ae7136e3bdb63c4b15978dd024f6ed18210961fc3db3df382" }, "evaluated_keys": [ "value" ] }, "code_block": [ [ 31, "RUN corepack enable && corepack prepare npm@10.5.0 --activate\n" ] ], "file_path": "/Dockerfile.production", "file_abs_path": "/scan/Dockerfile.production", "repo_file_path": "/Dockerfile.production", "file_line_range": [ 31, 31 ], "resource": "/Dockerfile.production.RUN", "evaluations": null, "check_class": "checkov.common.graph.checks_infra.base_check", "fixed_definition": null, "entity_tags": null, "caller_file_path": null, "caller_file_line_range": null, "resource_address": null, "severity": null, "bc_category": null, "benchmarks": null, "description": null, "short_description": null, "vulnerability_details": null, "connected_node": null, "guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-dont-use-sudo", "details": [], "check_len": null, "definition_context_file_path": null }, { "check_id": "CKV2_DOCKER_1", "bc_check_id": null, "check_name": "Ensure that sudo isn't used", "check_result": { "result": "PASSED", "entity": { "block_name_": "RUN", "block_type_": "resource", "file_path_": "/Dockerfile.test", "config_": { "content": "RUN corepack enable && corepack prepare npm@10.5.0 --activate\n", "value": "corepack enable && corepack prepare npm@10.5.0 --activate", "__startline__": 4, "__endline__": 4 }, "label_": "resource: RUN", "id_": "RUN", "source_": "Dockerfile", "content": "RUN corepack enable && corepack prepare npm@10.5.0 --activate\n", "value": "corepack enable && corepack prepare npm@10.5.0 --activate", "__startline__": 4, "__endline__": 4, "resource_type": "RUN", "hash": "1d5fb0a211498b8baf37e5744578ad03459da7798534298981f23fdefb7eb757" }, "evaluated_keys": [ "value" ] }, "code_block": [ [ 5, "RUN corepack enable && corepack prepare npm@10.5.0 --activate\n" ] ], "file_path": "/Dockerfile.test", "file_abs_path": "/scan/Dockerfile.test", "repo_file_path": "/Dockerfile.test", "file_line_range": [ 5, 5 ], "resource": "/Dockerfile.test.RUN", "evaluations": null, "check_class": "checkov.common.graph.checks_infra.base_check", "fixed_definition": null, "entity_tags": null, "caller_file_path": null, "caller_file_line_range": null, "resource_address": null, "severity": null, "bc_category": null, "benchmarks": null, "description": null, "short_description": null, "vulnerability_details": null, "connected_node": null, "guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-dont-use-sudo", "details": [], "check_len": null, "definition_context_file_path": null }, { "check_id": "CKV2_DOCKER_1", "bc_check_id": null, "check_name": "Ensure that sudo isn't used", "check_result": { "result": "PASSED", "entity": { "block_name_": "RUN", "block_type_": "resource", "file_path_": "/Dockerfile.test", "config_": { "content": "RUN npm install\n", "value": "npm install", "__startline__": 10, "__endline__": 10 }, "label_": "resource: RUN", "id_": "RUN", "source_": "Dockerfile", "content": "RUN npm install\n", "value": "npm install", "__startline__": 10, "__endline__": 10, "resource_type": "RUN", "hash": "fb809e4860a3131df821aea9480445cc6e2f66dd52744dab5f3d2ef5b2848436" }, "evaluated_keys": [ "value" ] }, "code_block": [ [ 11, "RUN npm install\n" ] ], "file_path": "/Dockerfile.test", "file_abs_path": "/scan/Dockerfile.test", "repo_file_path": "/Dockerfile.test", "file_line_range": [ 11, 11 ], "resource": "/Dockerfile.test.RUN", "evaluations": null, "check_class": "checkov.common.graph.checks_infra.base_check", "fixed_definition": null, "entity_tags": null, "caller_file_path": null, "caller_file_line_range": null, "resource_address": null, "severity": null, "bc_category": null, "benchmarks": null, "description": null, "short_description": null, "vulnerability_details": null, "connected_node": null, "guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-dont-use-sudo", "details": [], "check_len": null, "definition_context_file_path": null }, { "check_id": "CKV2_DOCKER_1", "bc_check_id": null, "check_name": "Ensure that sudo isn't used", "check_result": { "result": "PASSED", "entity": { "block_name_": "RUN", "block_type_": "resource", "file_path_": "/Dockerfile.dev", "config_": { "content": "RUN npm install -g npm@10.5.0 --no-fund --no-audit\n", "value": "npm install -g npm@10.5.0 --no-fund --no-audit", "__startline__": 4, "__endline__": 4 }, "label_": "resource: RUN", "id_": "RUN", "source_": "Dockerfile", "content": "RUN npm install -g npm@10.5.0 --no-fund --no-audit\n", "value": "npm install -g npm@10.5.0 --no-fund --no-audit", "__startline__": 4, "__endline__": 4, "resource_type": "RUN", "hash": "435bba968d1d0b4c410ea33851637829a16b2ad878f0b9531a737c7a444f91b9" }, "evaluated_keys": [ "value" ] }, "code_block": [ [ 5, "RUN npm install -g npm@10.5.0 --no-fund --no-audit\n" ] ], "file_path": "/Dockerfile.dev", "file_abs_path": "/scan/Dockerfile.dev", "repo_file_path": "/Dockerfile.dev", "file_line_range": [ 5, 5 ], "resource": "/Dockerfile.dev.RUN", "evaluations": null, "check_class": "checkov.common.graph.checks_infra.base_check", "fixed_definition": null, "entity_tags": null, "caller_file_path": null, "caller_file_line_range": null, "resource_address": null, "severity": null, "bc_category": null, "benchmarks": null, "description": null, "short_description": null, "vulnerability_details": null, "connected_node": null, "guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-dont-use-sudo", "details": [], "check_len": null, "definition_context_file_path": null }, { "check_id": "CKV2_DOCKER_1", "bc_check_id": null, "check_name": "Ensure that sudo isn't used", "check_result": { "result": "PASSED", "entity": { "block_name_": "RUN", "block_type_": "resource", "file_path_": "/Dockerfile.dev", "config_": { "content": "RUN npm ci --no-fund --no-audit\n", "value": "npm ci --no-fund --no-audit", "__startline__": 10, "__endline__": 10 }, "label_": "resource: RUN", "id_": "RUN", "source_": "Dockerfile", "content": "RUN npm ci --no-fund --no-audit\n", "value": "npm ci --no-fund --no-audit", "__startline__": 10, "__endline__": 10, "resource_type": "RUN", "hash": "57abb1bbe03890ab19f47e5f96b9cbcee02aab65f6980d523df42faf41b709fa" }, "evaluated_keys": [ "value" ] }, "code_block": [ [ 11, "RUN npm ci --no-fund --no-audit\n" ] ], "file_path": "/Dockerfile.dev", "file_abs_path": "/scan/Dockerfile.dev", "repo_file_path": "/Dockerfile.dev", "file_line_range": [ 11, 11 ], "resource": "/Dockerfile.dev.RUN", "evaluations": null, "check_class": "checkov.common.graph.checks_infra.base_check", "fixed_definition": null, "entity_tags": null, "caller_file_path": null, "caller_file_line_range": null, "resource_address": null, "severity": null, "bc_category": null, "benchmarks": null, "description": null, "short_description": null, "vulnerability_details": null, "connected_node": null, "guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-dont-use-sudo", "details": [], "check_len": null, "definition_context_file_path": null }, { "check_id": "CKV2_DOCKER_16", "bc_check_id": null, "check_name": "Ensure that certificate validation isn't disabled with pip via the 'PIP_TRUSTED_HOST' environment variable", "check_result": { "result": "PASSED", "entity": { "block_name_": "RUN", "block_type_": "resource", "file_path_": "/Dockerfile.production", "config_": { "content": "RUN corepack enable && corepack prepare npm@10.5.0 --activate\n", "value": "corepack enable && corepack prepare npm@10.5.0 --activate", "__startline__": 4, "__endline__": 4 }, "label_": "resource: RUN", "id_": "RUN", "source_": "Dockerfile", "content": "RUN corepack enable && corepack prepare npm@10.5.0 --activate\n", "value": "corepack enable && corepack prepare npm@10.5.0 --activate", "__startline__": 4, "__endline__": 4, "resource_type": "RUN", "hash": "dbd32b6bad6b728919787011f82d60c50d7b2d1c079f814de2b1640696c98816" }, "evaluated_keys": [ "value" ] }, "code_block": [ [ 5, "RUN corepack enable && corepack prepare npm@10.5.0 --activate\n" ] ], "file_path": "/Dockerfile.production", "file_abs_path": "/scan/Dockerfile.production", "repo_file_path": "/Dockerfile.production", "file_line_range": [ 5, 5 ], "resource": "/Dockerfile.production.RUN", "evaluations": null, "check_class": "checkov.common.graph.checks_infra.base_check", "fixed_definition": null, "entity_tags": null, "caller_file_path": null, "caller_file_line_range": null, "resource_address": null, "severity": null, "bc_category": null, "benchmarks": null, "description": null, "short_description": null, "vulnerability_details": null, "connected_node": null, "guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-pip-trusted-host", "details": [], "check_len": null, "definition_context_file_path": null }, { "check_id": "CKV2_DOCKER_16", "bc_check_id": null, "check_name": "Ensure that certificate validation isn't disabled with pip via the 'PIP_TRUSTED_HOST' environment variable", "check_result": { "result": "PASSED", "entity": { "block_name_": "RUN", "block_type_": "resource", "file_path_": "/Dockerfile.production", "config_": { "content": "RUN npm install\n", "value": "npm install", "__startline__": 20, "__endline__": 20 }, "label_": "resource: RUN", "id_": "RUN", "source_": "Dockerfile", "content": "RUN npm install\n", "value": "npm install", "__startline__": 20, "__endline__": 20, "resource_type": "RUN", "hash": "6979b14e6a853ac150ffef85c5e28fd49c956054ea2cb1d01440e13b17260c4a" }, "evaluated_keys": [ "value" ] }, "code_block": [ [ 21, "RUN npm install\n" ] ], "file_path": "/Dockerfile.production", "file_abs_path": "/scan/Dockerfile.production", "repo_file_path": "/Dockerfile.production", "file_line_range": [ 21, 21 ], "resource": "/Dockerfile.production.RUN", "evaluations": null, "check_class": "checkov.common.graph.checks_infra.base_check", "fixed_definition": null, "entity_tags": null, "caller_file_path": null, "caller_file_line_range": null, "resource_address": null, "severity": null, "bc_category": null, "benchmarks": null, "description": null, "short_description": null, "vulnerability_details": null, "connected_node": null, "guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-pip-trusted-host", "details": [], "check_len": null, "definition_context_file_path": null }, { "check_id": "CKV2_DOCKER_16", "bc_check_id": null, "check_name": "Ensure that certificate validation isn't disabled with pip via the 'PIP_TRUSTED_HOST' environment variable", "check_result": { "result": "PASSED", "entity": { "block_name_": "RUN", "block_type_": "resource", "file_path_": "/Dockerfile.production", "config_": { "content": "RUN npm run db:generate\n", "value": "npm run db:generate", "__startline__": 21, "__endline__": 21 }, "label_": "resource: RUN", "id_": "RUN", "source_": "Dockerfile", "content": "RUN npm run db:generate\n", "value": "npm run db:generate", "__startline__": 21, "__endline__": 21, "resource_type": "RUN", "hash": "c1f9cc0c42260bb0183d7e7b9ec2edab99837111ad42dbbdd7fad09ff3e37ab0" }, "evaluated_keys": [ "value" ] }, "code_block": [ [ 22, "RUN npm run db:generate\n" ] ], "file_path": "/Dockerfile.production", "file_abs_path": "/scan/Dockerfile.production", "repo_file_path": "/Dockerfile.production", "file_line_range": [ 22, 22 ], "resource": "/Dockerfile.production.RUN", "evaluations": null, "check_class": "checkov.common.graph.checks_infra.base_check", "fixed_definition": null, "entity_tags": null, "caller_file_path": null, "caller_file_line_range": null, "resource_address": null, "severity": null, "bc_category": null, "benchmarks": null, "description": null, "short_description": null, "vulnerability_details": null, "connected_node": null, "guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-pip-trusted-host", "details": [], "check_len": null, "definition_context_file_path": null }, { "check_id": "CKV2_DOCKER_16", "bc_check_id": null, "check_name": "Ensure that certificate validation isn't disabled with pip via the 'PIP_TRUSTED_HOST' environment variable", "check_result": { "result": "PASSED", "entity": { "block_name_": "RUN", "block_type_": "resource", "file_path_": "/Dockerfile.production", "config_": { "content": "RUN npm run build\n", "value": "npm run build", "__startline__": 22, "__endline__": 22 }, "label_": "resource: RUN", "id_": "RUN", "source_": "Dockerfile", "content": "RUN npm run build\n", "value": "npm run build", "__startline__": 22, "__endline__": 22, "resource_type": "RUN", "hash": "1bf185fb6038f1b491f2a2686de4dd9869ccdd9c3e34d2772cf43bd368377aa6" }, "evaluated_keys": [ "value" ] }, "code_block": [ [ 23, "RUN npm run build\n" ] ], "file_path": "/Dockerfile.production", "file_abs_path": "/scan/Dockerfile.production", "repo_file_path": "/Dockerfile.production", "file_line_range": [ 23, 23 ], "resource": "/Dockerfile.production.RUN", "evaluations": null, "check_class": "checkov.common.graph.checks_infra.base_check", "fixed_definition": null, "entity_tags": null, "caller_file_path": null, "caller_file_line_range": null, "resource_address": null, "severity": null, "bc_category": null, "benchmarks": null, "description": null, "short_description": null, "vulnerability_details": null, "connected_node": null, "guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-pip-trusted-host", "details": [], "check_len": null, "definition_context_file_path": null }, { "check_id": "CKV2_DOCKER_16", "bc_check_id": null, "check_name": "Ensure that certificate validation isn't disabled with pip via the 'PIP_TRUSTED_HOST' environment variable", "check_result": { "result": "PASSED", "entity": { "block_name_": "RUN", "block_type_": "resource", "file_path_": "/Dockerfile.production", "config_": { "content": "RUN corepack enable && corepack prepare npm@10.5.0 --activate\n", "value": "corepack enable && corepack prepare npm@10.5.0 --activate", "__startline__": 30, "__endline__": 30 }, "label_": "resource: RUN", "id_": "RUN", "source_": "Dockerfile", "content": "RUN corepack enable && corepack prepare npm@10.5.0 --activate\n", "value": "corepack enable && corepack prepare npm@10.5.0 --activate", "__startline__": 30, "__endline__": 30, "resource_type": "RUN", "hash": "01c88e306f7db45ae7136e3bdb63c4b15978dd024f6ed18210961fc3db3df382" }, "evaluated_keys": [ "value" ] }, "code_block": [ [ 31, "RUN corepack enable && corepack prepare npm@10.5.0 --activate\n" ] ], "file_path": "/Dockerfile.production", "file_abs_path": "/scan/Dockerfile.production", "repo_file_path": "/Dockerfile.production", "file_line_range": [ 31, 31 ], "resource": "/Dockerfile.production.RUN", "evaluations": null, "check_class": "checkov.common.graph.checks_infra.base_check", "fixed_definition": null, "entity_tags": null, "caller_file_path": null, "caller_file_line_range": null, "resource_address": null, "severity": null, "bc_category": null, "benchmarks": null, "description": null, "short_description": null, "vulnerability_details": null, "connected_node": null, "guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-pip-trusted-host", "details": [], "check_len": null, "definition_context_file_path": null }, { "check_id": "CKV2_DOCKER_16", "bc_check_id": null, "check_name": "Ensure that certificate validation isn't disabled with pip via the 'PIP_TRUSTED_HOST' environment variable", "check_result": { "result": "PASSED", "entity": { "block_name_": "ARG", "block_type_": "resource", "file_path_": "/Dockerfile.production", "config_": { "content": "ARG NEXT_PUBLIC_API_URL\n", "value": "NEXT_PUBLIC_API_URL", "__startline__": 11, "__endline__": 11 }, "label_": "resource: ARG", "id_": "ARG", "source_": "Dockerfile", "content": "ARG NEXT_PUBLIC_API_URL\n", "value": "NEXT_PUBLIC_API_URL", "__startline__": 11, "__endline__": 11, "resource_type": "ARG", "hash": "fded00a21c81cd45d8985324636a2acafc73bef594a45811ca0d68265da3f9dc" }, "evaluated_keys": [ "value" ] }, "code_block": [ [ 12, "ARG NEXT_PUBLIC_API_URL\n" ] ], "file_path": "/Dockerfile.production", "file_abs_path": "/scan/Dockerfile.production", "repo_file_path": "/Dockerfile.production", "file_line_range": [ 12, 12 ], "resource": "/Dockerfile.production.ARG", "evaluations": null, "check_class": "checkov.common.graph.checks_infra.base_check", "fixed_definition": null, "entity_tags": null, "caller_file_path": null, "caller_file_line_range": null, "resource_address": null, "severity": null, "bc_category": null, "benchmarks": null, "description": null, "short_description": null, "vulnerability_details": null, "connected_node": null, "guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-pip-trusted-host", "details": [], "check_len": null, "definition_context_file_path": null }, { "check_id": "CKV2_DOCKER_16", "bc_check_id": null, "check_name": "Ensure that certificate validation isn't disabled with pip via the 'PIP_TRUSTED_HOST' environment variable", "check_result": { "result": "PASSED", "entity": { "block_name_": "ARG", "block_type_": "resource", "file_path_": "/Dockerfile.production", "config_": { "content": "ARG NEXT_PUBLIC_MARKETPLACE_URL\n", "value": "NEXT_PUBLIC_MARKETPLACE_URL", "__startline__": 12, "__endline__": 12 }, "label_": "resource: ARG", "id_": "ARG", "source_": "Dockerfile", "content": "ARG NEXT_PUBLIC_MARKETPLACE_URL\n", "value": "NEXT_PUBLIC_MARKETPLACE_URL", "__startline__": 12, "__endline__": 12, "resource_type": "ARG", "hash": "11d98758a432fc03021573afe4df769dc34ff0a4aec966f558b5e00c71c6cf3b" }, "evaluated_keys": [ "value" ] }, "code_block": [ [ 13, "ARG NEXT_PUBLIC_MARKETPLACE_URL\n" ] ], "file_path": "/Dockerfile.production", "file_abs_path": "/scan/Dockerfile.production", "repo_file_path": "/Dockerfile.production", "file_line_range": [ 13, 13 ], "resource": "/Dockerfile.production.ARG", "evaluations": null, "check_class": "checkov.common.graph.checks_infra.base_check", "fixed_definition": null, "entity_tags": null, "caller_file_path": null, "caller_file_line_range": null, "resource_address": null, "severity": null, "bc_category": null, "benchmarks": null, "description": null, "short_description": null, "vulnerability_details": null, "connected_node": null, "guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-pip-trusted-host", "details": [], "check_len": null, "definition_context_file_path": null }, { "check_id": "CKV2_DOCKER_16", "bc_check_id": null, "check_name": "Ensure that certificate validation isn't disabled with pip via the 'PIP_TRUSTED_HOST' environment variable", "check_result": { "result": "PASSED", "entity": { "block_name_": "ARG", "block_type_": "resource", "file_path_": "/Dockerfile.production", "config_": { "content": "ARG NEXT_PUBLIC_DASHBOARD_URL\n", "value": "NEXT_PUBLIC_DASHBOARD_URL", "__startline__": 13, "__endline__": 13 }, "label_": "resource: ARG", "id_": "ARG", "source_": "Dockerfile", "content": "ARG NEXT_PUBLIC_DASHBOARD_URL\n", "value": "NEXT_PUBLIC_DASHBOARD_URL", "__startline__": 13, "__endline__": 13, "resource_type": "ARG", "hash": "4075db881e0d222faeb86e03db8a05d9a998deab344c05aee0e89d2426e01383" }, "evaluated_keys": [ "value" ] }, "code_block": [ [ 14, "ARG NEXT_PUBLIC_DASHBOARD_URL\n" ] ], "file_path": "/Dockerfile.production", "file_abs_path": "/scan/Dockerfile.production", "repo_file_path": "/Dockerfile.production", "file_line_range": [ 14, 14 ], "resource": "/Dockerfile.production.ARG", "evaluations": null, "check_class": "checkov.common.graph.checks_infra.base_check", "fixed_definition": null, "entity_tags": null, "caller_file_path": null, "caller_file_line_range": null, "resource_address": null, "severity": null, "bc_category": null, "benchmarks": null, "description": null, "short_description": null, "vulnerability_details": null, "connected_node": null, "guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-pip-trusted-host", "details": [], "check_len": null, "definition_context_file_path": null }, { "check_id": "CKV2_DOCKER_16", "bc_check_id": null, "check_name": "Ensure that certificate validation isn't disabled with pip via the 'PIP_TRUSTED_HOST' environment variable", "check_result": { "result": "PASSED", "entity": { "block_name_": "ARG", "block_type_": "resource", "file_path_": "/Dockerfile.production", "config_": { "content": "ARG NEXT_PUBLIC_ADMIN_URL\n", "value": "NEXT_PUBLIC_ADMIN_URL", "__startline__": 14, "__endline__": 14 }, "label_": "resource: ARG", "id_": "ARG", "source_": "Dockerfile", "content": "ARG NEXT_PUBLIC_ADMIN_URL\n", "value": "NEXT_PUBLIC_ADMIN_URL", "__startline__": 14, "__endline__": 14, "resource_type": "ARG", "hash": "a4c9bf1c4e349946074fb4c606d0db63c06a809d125e58ddd09427e4d929fd6a" }, "evaluated_keys": [ "value" ] }, "code_block": [ [ 15, "ARG NEXT_PUBLIC_ADMIN_URL\n" ] ], "file_path": "/Dockerfile.production", "file_abs_path": "/scan/Dockerfile.production", "repo_file_path": "/Dockerfile.production", "file_line_range": [ 15, 15 ], "resource": "/Dockerfile.production.ARG", "evaluations": null, "check_class": "checkov.common.graph.checks_infra.base_check", "fixed_definition": null, "entity_tags": null, "caller_file_path": null, "caller_file_line_range": null, "resource_address": null, "severity": null, "bc_category": null, "benchmarks": null, "description": null, "short_description": null, "vulnerability_details": null, "connected_node": null, "guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-pip-trusted-host", "details": [], "check_len": null, "definition_context_file_path": null }, { "check_id": "CKV2_DOCKER_16", "bc_check_id": null, "check_name": "Ensure that certificate validation isn't disabled with pip via the 'PIP_TRUSTED_HOST' environment variable", "check_result": { "result": "PASSED", "entity": { "block_name_": "ENV", "block_type_": "resource", "file_path_": "/Dockerfile.production", "config_": { "content": "ENV NEXT_PUBLIC_API_URL=$NEXT_PUBLIC_API_URL \\\n NEXT_PUBLIC_MARKETPLACE_URL=$NEXT_PUBLIC_MARKETPLACE_URL \\\n NEXT_PUBLIC_DASHBOARD_URL=$NEXT_PUBLIC_DASHBOARD_URL \\\n NEXT_PUBLIC_ADMIN_URL=$NEXT_PUBLIC_ADMIN_URL\n", "value": "NEXT_PUBLIC_API_URL=$NEXT_PUBLIC_API_URL NEXT_PUBLIC_MARKETPLACE_URL=$NEXT_PUBLIC_MARKETPLACE_URL NEXT_PUBLIC_DASHBOARD_URL=$NEXT_PUBLIC_DASHBOARD_URL NEXT_PUBLIC_ADMIN_URL=$NEXT_PUBLIC_ADMIN_URL", "__startline__": 15, "__endline__": 18 }, "label_": "resource: ENV", "id_": "ENV", "source_": "Dockerfile", "content": "ENV NEXT_PUBLIC_API_URL=$NEXT_PUBLIC_API_URL \\\n NEXT_PUBLIC_MARKETPLACE_URL=$NEXT_PUBLIC_MARKETPLACE_URL \\\n NEXT_PUBLIC_DASHBOARD_URL=$NEXT_PUBLIC_DASHBOARD_URL \\\n NEXT_PUBLIC_ADMIN_URL=$NEXT_PUBLIC_ADMIN_URL\n", "value": "NEXT_PUBLIC_API_URL=$NEXT_PUBLIC_API_URL NEXT_PUBLIC_MARKETPLACE_URL=$NEXT_PUBLIC_MARKETPLACE_URL NEXT_PUBLIC_DASHBOARD_URL=$NEXT_PUBLIC_DASHBOARD_URL NEXT_PUBLIC_ADMIN_URL=$NEXT_PUBLIC_ADMIN_URL", "__startline__": 15, "__endline__": 18, "resource_type": "ENV", "hash": "65abe3eb0aadfa3b1ed513b9e21f4f8c4524ec8c298e7123de46806870b90557" }, "evaluated_keys": [ "value" ] }, "code_block": [ [ 16, "ENV NEXT_PUBLIC_API_URL=$NEXT_PUBLIC_API_URL \\\n" ], [ 17, " NEXT_PUBLIC_MARKETPLACE_URL=$NEXT_PUBLIC_MARKETPLACE_URL \\\n" ], [ 18, " NEXT_PUBLIC_DASHBOARD_URL=$NEXT_PUBLIC_DASHBOARD_URL \\\n" ], [ 19, " NEXT_PUBLIC_ADMIN_URL=$NEXT_PUBLIC_ADMIN_URL\n" ] ], "file_path": "/Dockerfile.production", "file_abs_path": "/scan/Dockerfile.production", "repo_file_path": "/Dockerfile.production", "file_line_range": [ 16, 19 ], "resource": "/Dockerfile.production.ENV", "evaluations": null, "check_class": "checkov.common.graph.checks_infra.base_check", "fixed_definition": null, "entity_tags": null, "caller_file_path": null, "caller_file_line_range": null, "resource_address": null, "severity": null, "bc_category": null, "benchmarks": null, "description": null, "short_description": null, "vulnerability_details": null, "connected_node": null, "guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-pip-trusted-host", "details": [], "check_len": null, "definition_context_file_path": null }, { "check_id": "CKV2_DOCKER_16", "bc_check_id": null, "check_name": "Ensure that certificate validation isn't disabled with pip via the 'PIP_TRUSTED_HOST' environment variable", "check_result": { "result": "PASSED", "entity": { "block_name_": "ENV", "block_type_": "resource", "file_path_": "/Dockerfile.production", "config_": { "content": "ENV NODE_ENV=production\n", "value": "NODE_ENV=production", "__startline__": 28, "__endline__": 28 }, "label_": "resource: ENV", "id_": "ENV", "source_": "Dockerfile", "content": "ENV NODE_ENV=production\n", "value": "NODE_ENV=production", "__startline__": 28, "__endline__": 28, "resource_type": "ENV", "hash": "5a6afcff0e4c111b04ace6d372feb2943096034796456739be650482e87f3e0e" }, "evaluated_keys": [ "value" ] }, "code_block": [ [ 29, "ENV NODE_ENV=production\n" ] ], "file_path": "/Dockerfile.production", "file_abs_path": "/scan/Dockerfile.production", "repo_file_path": "/Dockerfile.production", "file_line_range": [ 29, 29 ], "resource": "/Dockerfile.production.ENV", "evaluations": null, "check_class": "checkov.common.graph.checks_infra.base_check", "fixed_definition": null, "entity_tags": null, "caller_file_path": null, "caller_file_line_range": null, "resource_address": null, "severity": null, "bc_category": null, "benchmarks": null, "description": null, "short_description": null, "vulnerability_details": null, "connected_node": null, "guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-pip-trusted-host", "details": [], "check_len": null, "definition_context_file_path": null }, { "check_id": "CKV2_DOCKER_16", "bc_check_id": null, "check_name": "Ensure that certificate validation isn't disabled with pip via the 'PIP_TRUSTED_HOST' environment variable", "check_result": { "result": "PASSED", "entity": { "block_name_": "RUN", "block_type_": "resource", "file_path_": "/Dockerfile.test", "config_": { "content": "RUN corepack enable && corepack prepare npm@10.5.0 --activate\n", "value": "corepack enable && corepack prepare npm@10.5.0 --activate", "__startline__": 4, "__endline__": 4 }, "label_": "resource: RUN", "id_": "RUN", "source_": "Dockerfile", "content": "RUN corepack enable && corepack prepare npm@10.5.0 --activate\n", "value": "corepack enable && corepack prepare npm@10.5.0 --activate", "__startline__": 4, "__endline__": 4, "resource_type": "RUN", "hash": "1d5fb0a211498b8baf37e5744578ad03459da7798534298981f23fdefb7eb757" }, "evaluated_keys": [ "value" ] }, "code_block": [ [ 5, "RUN corepack enable && corepack prepare npm@10.5.0 --activate\n" ] ], "file_path": "/Dockerfile.test", "file_abs_path": "/scan/Dockerfile.test", "repo_file_path": "/Dockerfile.test", "file_line_range": [ 5, 5 ], "resource": "/Dockerfile.test.RUN", "evaluations": null, "check_class": "checkov.common.graph.checks_infra.base_check", "fixed_definition": null, "entity_tags": null, "caller_file_path": null, "caller_file_line_range": null, "resource_address": null, "severity": null, "bc_category": null, "benchmarks": null, "description": null, "short_description": null, "vulnerability_details": null, "connected_node": null, "guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-pip-trusted-host", "details": [], "check_len": null, "definition_context_file_path": null }, { "check_id": "CKV2_DOCKER_16", "bc_check_id": null, "check_name": "Ensure that certificate validation isn't disabled with pip via the 'PIP_TRUSTED_HOST' environment variable", "check_result": { "result": "PASSED", "entity": { "block_name_": "RUN", "block_type_": "resource", "file_path_": "/Dockerfile.test", "config_": { "content": "RUN npm install\n", "value": "npm install", "__startline__": 10, "__endline__": 10 }, "label_": "resource: RUN", "id_": "RUN", "source_": "Dockerfile", "content": "RUN npm install\n", "value": "npm install", "__startline__": 10, "__endline__": 10, "resource_type": "RUN", "hash": "fb809e4860a3131df821aea9480445cc6e2f66dd52744dab5f3d2ef5b2848436" }, "evaluated_keys": [ "value" ] }, "code_block": [ [ 11, "RUN npm install\n" ] ], "file_path": "/Dockerfile.test", "file_abs_path": "/scan/Dockerfile.test", "repo_file_path": "/Dockerfile.test", "file_line_range": [ 11, 11 ], "resource": "/Dockerfile.test.RUN", "evaluations": null, "check_class": "checkov.common.graph.checks_infra.base_check", "fixed_definition": null, "entity_tags": null, "caller_file_path": null, "caller_file_line_range": null, "resource_address": null, "severity": null, "bc_category": null, "benchmarks": null, "description": null, "short_description": null, "vulnerability_details": null, "connected_node": null, "guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-pip-trusted-host", "details": [], "check_len": null, "definition_context_file_path": null }, { "check_id": "CKV2_DOCKER_16", "bc_check_id": null, "check_name": "Ensure that certificate validation isn't disabled with pip via the 'PIP_TRUSTED_HOST' environment variable", "check_result": { "result": "PASSED", "entity": { "block_name_": "ENV", "block_type_": "resource", "file_path_": "/Dockerfile.test", "config_": { "content": "ENV NODE_ENV=test\n", "value": "NODE_ENV=test", "__startline__": 12, "__endline__": 12 }, "label_": "resource: ENV", "id_": "ENV", "source_": "Dockerfile", "content": "ENV NODE_ENV=test\n", "value": "NODE_ENV=test", "__startline__": 12, "__endline__": 12, "resource_type": "ENV", "hash": "14d83a642c69d4cf67fcdbeb6dace7ba464024fdcad52f8129d63c78042457cb" }, "evaluated_keys": [ "value" ] }, "code_block": [ [ 13, "ENV NODE_ENV=test\n" ] ], "file_path": "/Dockerfile.test", "file_abs_path": "/scan/Dockerfile.test", "repo_file_path": "/Dockerfile.test", "file_line_range": [ 13, 13 ], "resource": "/Dockerfile.test.ENV", "evaluations": null, "check_class": "checkov.common.graph.checks_infra.base_check", "fixed_definition": null, "entity_tags": null, "caller_file_path": null, "caller_file_line_range": null, "resource_address": null, "severity": null, "bc_category": null, "benchmarks": null, "description": null, "short_description": null, "vulnerability_details": null, "connected_node": null, "guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-pip-trusted-host", "details": [], "check_len": null, "definition_context_file_path": null }, { "check_id": "CKV2_DOCKER_16", "bc_check_id": null, "check_name": "Ensure that certificate validation isn't disabled with pip via the 'PIP_TRUSTED_HOST' environment variable", "check_result": { "result": "PASSED", "entity": { "block_name_": "RUN", "block_type_": "resource", "file_path_": "/Dockerfile.dev", "config_": { "content": "RUN npm install -g npm@10.5.0 --no-fund --no-audit\n", "value": "npm install -g npm@10.5.0 --no-fund --no-audit", "__startline__": 4, "__endline__": 4 }, "label_": "resource: RUN", "id_": "RUN", "source_": "Dockerfile", "content": "RUN npm install -g npm@10.5.0 --no-fund --no-audit\n", "value": "npm install -g npm@10.5.0 --no-fund --no-audit", "__startline__": 4, "__endline__": 4, "resource_type": "RUN", "hash": "435bba968d1d0b4c410ea33851637829a16b2ad878f0b9531a737c7a444f91b9" }, "evaluated_keys": [ "value" ] }, "code_block": [ [ 5, "RUN npm install -g npm@10.5.0 --no-fund --no-audit\n" ] ], "file_path": "/Dockerfile.dev", "file_abs_path": "/scan/Dockerfile.dev", "repo_file_path": "/Dockerfile.dev", "file_line_range": [ 5, 5 ], "resource": "/Dockerfile.dev.RUN", "evaluations": null, "check_class": "checkov.common.graph.checks_infra.base_check", "fixed_definition": null, "entity_tags": null, "caller_file_path": null, "caller_file_line_range": null, "resource_address": null, "severity": null, "bc_category": null, "benchmarks": null, "description": null, "short_description": null, "vulnerability_details": null, "connected_node": null, "guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-pip-trusted-host", "details": [], "check_len": null, "definition_context_file_path": null }, { "check_id": "CKV2_DOCKER_16", "bc_check_id": null, "check_name": "Ensure that certificate validation isn't disabled with pip via the 'PIP_TRUSTED_HOST' environment variable", "check_result": { "result": "PASSED", "entity": { "block_name_": "RUN", "block_type_": "resource", "file_path_": "/Dockerfile.dev", "config_": { "content": "RUN npm ci --no-fund --no-audit\n", "value": "npm ci --no-fund --no-audit", "__startline__": 10, "__endline__": 10 }, "label_": "resource: RUN", "id_": "RUN", "source_": "Dockerfile", "content": "RUN npm ci --no-fund --no-audit\n", "value": "npm ci --no-fund --no-audit", "__startline__": 10, "__endline__": 10, "resource_type": "RUN", "hash": "57abb1bbe03890ab19f47e5f96b9cbcee02aab65f6980d523df42faf41b709fa" }, "evaluated_keys": [ "value" ] }, "code_block": [ [ 11, "RUN npm ci --no-fund --no-audit\n" ] ], "file_path": "/Dockerfile.dev", "file_abs_path": "/scan/Dockerfile.dev", "repo_file_path": "/Dockerfile.dev", "file_line_range": [ 11, 11 ], "resource": "/Dockerfile.dev.RUN", "evaluations": null, "check_class": "checkov.common.graph.checks_infra.base_check", "fixed_definition": null, "entity_tags": null, "caller_file_path": null, "caller_file_line_range": null, "resource_address": null, "severity": null, "bc_category": null, "benchmarks": null, "description": null, "short_description": null, "vulnerability_details": null, "connected_node": null, "guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-pip-trusted-host", "details": [], "check_len": null, "definition_context_file_path": null }, { "check_id": "CKV2_DOCKER_5", "bc_check_id": null, "check_name": "Ensure that certificate validation isn't disabled with the PYTHONHTTPSVERIFY environment variable", "check_result": { "result": "PASSED", "entity": { "block_name_": "RUN", "block_type_": "resource", "file_path_": "/Dockerfile.production", "config_": { "content": "RUN corepack enable && corepack prepare npm@10.5.0 --activate\n", "value": "corepack enable && corepack prepare npm@10.5.0 --activate", "__startline__": 4, "__endline__": 4 }, "label_": "resource: RUN", "id_": "RUN", "source_": "Dockerfile", "content": "RUN corepack enable && corepack prepare npm@10.5.0 --activate\n", "value": "corepack enable && corepack prepare npm@10.5.0 --activate", "__startline__": 4, "__endline__": 4, "resource_type": "RUN", "hash": "dbd32b6bad6b728919787011f82d60c50d7b2d1c079f814de2b1640696c98816" }, "evaluated_keys": [ "value" ] }, "code_block": [ [ 5, "RUN corepack enable && corepack prepare npm@10.5.0 --activate\n" ] ], "file_path": "/Dockerfile.production", "file_abs_path": "/scan/Dockerfile.production", "repo_file_path": "/Dockerfile.production", "file_line_range": [ 5, 5 ], "resource": "/Dockerfile.production.RUN", "evaluations": null, "check_class": "checkov.common.graph.checks_infra.base_check", "fixed_definition": null, "entity_tags": null, "caller_file_path": null, "caller_file_line_range": null, "resource_address": null, "severity": null, "bc_category": null, "benchmarks": null, "description": null, "short_description": null, "vulnerability_details": null, "connected_node": null, "guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-PYTHONHTTPSVERIFY-secure", "details": [], "check_len": null, "definition_context_file_path": null }, { "check_id": "CKV2_DOCKER_5", "bc_check_id": null, "check_name": "Ensure that certificate validation isn't disabled with the PYTHONHTTPSVERIFY environment variable", "check_result": { "result": "PASSED", "entity": { "block_name_": "RUN", "block_type_": "resource", "file_path_": "/Dockerfile.production", "config_": { "content": "RUN npm install\n", "value": "npm install", "__startline__": 20, "__endline__": 20 }, "label_": "resource: RUN", "id_": "RUN", "source_": "Dockerfile", "content": "RUN npm install\n", "value": "npm install", "__startline__": 20, "__endline__": 20, "resource_type": "RUN", "hash": "6979b14e6a853ac150ffef85c5e28fd49c956054ea2cb1d01440e13b17260c4a" }, "evaluated_keys": [ "value" ] }, "code_block": [ [ 21, "RUN npm install\n" ] ], "file_path": "/Dockerfile.production", "file_abs_path": "/scan/Dockerfile.production", "repo_file_path": "/Dockerfile.production", "file_line_range": [ 21, 21 ], "resource": "/Dockerfile.production.RUN", "evaluations": null, "check_class": "checkov.common.graph.checks_infra.base_check", "fixed_definition": null, "entity_tags": null, "caller_file_path": null, "caller_file_line_range": null, "resource_address": null, "severity": null, "bc_category": null, "benchmarks": null, "description": null, "short_description": null, "vulnerability_details": null, "connected_node": null, "guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-PYTHONHTTPSVERIFY-secure", "details": [], "check_len": null, "definition_context_file_path": null }, { "check_id": "CKV2_DOCKER_5", "bc_check_id": null, "check_name": "Ensure that certificate validation isn't disabled with the PYTHONHTTPSVERIFY environment variable", "check_result": { "result": "PASSED", "entity": { "block_name_": "RUN", "block_type_": "resource", "file_path_": "/Dockerfile.production", "config_": { "content": "RUN npm run db:generate\n", "value": "npm run db:generate", "__startline__": 21, "__endline__": 21 }, "label_": "resource: RUN", "id_": "RUN", "source_": "Dockerfile", "content": "RUN npm run db:generate\n", "value": "npm run db:generate", "__startline__": 21, "__endline__": 21, "resource_type": "RUN", "hash": "c1f9cc0c42260bb0183d7e7b9ec2edab99837111ad42dbbdd7fad09ff3e37ab0" }, "evaluated_keys": [ "value" ] }, "code_block": [ [ 22, "RUN npm run db:generate\n" ] ], "file_path": "/Dockerfile.production", "file_abs_path": "/scan/Dockerfile.production", "repo_file_path": "/Dockerfile.production", "file_line_range": [ 22, 22 ], "resource": "/Dockerfile.production.RUN", "evaluations": null, "check_class": "checkov.common.graph.checks_infra.base_check", "fixed_definition": null, "entity_tags": null, "caller_file_path": null, "caller_file_line_range": null, "resource_address": null, "severity": null, "bc_category": null, "benchmarks": null, "description": null, "short_description": null, "vulnerability_details": null, "connected_node": null, "guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-PYTHONHTTPSVERIFY-secure", "details": [], "check_len": null, "definition_context_file_path": null }, { "check_id": "CKV2_DOCKER_5", "bc_check_id": null, "check_name": "Ensure that certificate validation isn't disabled with the PYTHONHTTPSVERIFY environment variable", "check_result": { "result": "PASSED", "entity": { "block_name_": "RUN", "block_type_": "resource", "file_path_": "/Dockerfile.production", "config_": { "content": "RUN npm run build\n", "value": "npm run build", "__startline__": 22, "__endline__": 22 }, "label_": "resource: RUN", "id_": "RUN", "source_": "Dockerfile", "content": "RUN npm run build\n", "value": "npm run build", "__startline__": 22, "__endline__": 22, "resource_type": "RUN", "hash": "1bf185fb6038f1b491f2a2686de4dd9869ccdd9c3e34d2772cf43bd368377aa6" }, "evaluated_keys": [ "value" ] }, "code_block": [ [ 23, "RUN npm run build\n" ] ], "file_path": "/Dockerfile.production", "file_abs_path": "/scan/Dockerfile.production", "repo_file_path": "/Dockerfile.production", "file_line_range": [ 23, 23 ], "resource": "/Dockerfile.production.RUN", "evaluations": null, "check_class": "checkov.common.graph.checks_infra.base_check", "fixed_definition": null, "entity_tags": null, "caller_file_path": null, "caller_file_line_range": null, "resource_address": null, "severity": null, "bc_category": null, "benchmarks": null, "description": null, "short_description": null, "vulnerability_details": null, "connected_node": null, "guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-PYTHONHTTPSVERIFY-secure", "details": [], "check_len": null, "definition_context_file_path": null }, { "check_id": "CKV2_DOCKER_5", "bc_check_id": null, "check_name": "Ensure that certificate validation isn't disabled with the PYTHONHTTPSVERIFY environment variable", "check_result": { "result": "PASSED", "entity": { "block_name_": "RUN", "block_type_": "resource", "file_path_": "/Dockerfile.production", "config_": { "content": "RUN corepack enable && corepack prepare npm@10.5.0 --activate\n", "value": "corepack enable && corepack prepare npm@10.5.0 --activate", "__startline__": 30, "__endline__": 30 }, "label_": "resource: RUN", "id_": "RUN", "source_": "Dockerfile", "content": "RUN corepack enable && corepack prepare npm@10.5.0 --activate\n", "value": "corepack enable && corepack prepare npm@10.5.0 --activate", "__startline__": 30, "__endline__": 30, "resource_type": "RUN", "hash": "01c88e306f7db45ae7136e3bdb63c4b15978dd024f6ed18210961fc3db3df382" }, "evaluated_keys": [ "value" ] }, "code_block": [ [ 31, "RUN corepack enable && corepack prepare npm@10.5.0 --activate\n" ] ], "file_path": "/Dockerfile.production", "file_abs_path": "/scan/Dockerfile.production", "repo_file_path": "/Dockerfile.production", "file_line_range": [ 31, 31 ], "resource": "/Dockerfile.production.RUN", "evaluations": null, "check_class": "checkov.common.graph.checks_infra.base_check", "fixed_definition": null, "entity_tags": null, "caller_file_path": null, "caller_file_line_range": null, "resource_address": null, "severity": null, "bc_category": null, "benchmarks": null, "description": null, "short_description": null, "vulnerability_details": null, "connected_node": null, "guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-PYTHONHTTPSVERIFY-secure", "details": [], "check_len": null, "definition_context_file_path": null }, { "check_id": "CKV2_DOCKER_5", "bc_check_id": null, "check_name": "Ensure that certificate validation isn't disabled with the PYTHONHTTPSVERIFY environment variable", "check_result": { "result": "PASSED", "entity": { "block_name_": "ARG", "block_type_": "resource", "file_path_": "/Dockerfile.production", "config_": { "content": "ARG NEXT_PUBLIC_API_URL\n", "value": "NEXT_PUBLIC_API_URL", "__startline__": 11, "__endline__": 11 }, "label_": "resource: ARG", "id_": "ARG", "source_": "Dockerfile", "content": "ARG NEXT_PUBLIC_API_URL\n", "value": "NEXT_PUBLIC_API_URL", "__startline__": 11, "__endline__": 11, "resource_type": "ARG", "hash": "fded00a21c81cd45d8985324636a2acafc73bef594a45811ca0d68265da3f9dc" }, "evaluated_keys": [ "value" ] }, "code_block": [ [ 12, "ARG NEXT_PUBLIC_API_URL\n" ] ], "file_path": "/Dockerfile.production", "file_abs_path": "/scan/Dockerfile.production", "repo_file_path": "/Dockerfile.production", "file_line_range": [ 12, 12 ], "resource": "/Dockerfile.production.ARG", "evaluations": null, "check_class": "checkov.common.graph.checks_infra.base_check", "fixed_definition": null, "entity_tags": null, "caller_file_path": null, "caller_file_line_range": null, "resource_address": null, "severity": null, "bc_category": null, "benchmarks": null, "description": null, "short_description": null, "vulnerability_details": null, "connected_node": null, "guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-PYTHONHTTPSVERIFY-secure", "details": [], "check_len": null, "definition_context_file_path": null }, { "check_id": "CKV2_DOCKER_5", "bc_check_id": null, "check_name": "Ensure that certificate validation isn't disabled with the PYTHONHTTPSVERIFY environment variable", "check_result": { "result": "PASSED", "entity": { "block_name_": "ARG", "block_type_": "resource", "file_path_": "/Dockerfile.production", "config_": { "content": "ARG NEXT_PUBLIC_MARKETPLACE_URL\n", "value": "NEXT_PUBLIC_MARKETPLACE_URL", "__startline__": 12, "__endline__": 12 }, "label_": "resource: ARG", "id_": "ARG", "source_": "Dockerfile", "content": "ARG NEXT_PUBLIC_MARKETPLACE_URL\n", "value": "NEXT_PUBLIC_MARKETPLACE_URL", "__startline__": 12, "__endline__": 12, "resource_type": "ARG", "hash": "11d98758a432fc03021573afe4df769dc34ff0a4aec966f558b5e00c71c6cf3b" }, "evaluated_keys": [ "value" ] }, "code_block": [ [ 13, "ARG NEXT_PUBLIC_MARKETPLACE_URL\n" ] ], "file_path": "/Dockerfile.production", "file_abs_path": "/scan/Dockerfile.production", "repo_file_path": "/Dockerfile.production", "file_line_range": [ 13, 13 ], "resource": "/Dockerfile.production.ARG", "evaluations": null, "check_class": "checkov.common.graph.checks_infra.base_check", "fixed_definition": null, "entity_tags": null, "caller_file_path": null, "caller_file_line_range": null, "resource_address": null, "severity": null, "bc_category": null, "benchmarks": null, "description": null, "short_description": null, "vulnerability_details": null, "connected_node": null, "guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-PYTHONHTTPSVERIFY-secure", "details": [], "check_len": null, "definition_context_file_path": null }, { "check_id": "CKV2_DOCKER_5", "bc_check_id": null, "check_name": "Ensure that certificate validation isn't disabled with the PYTHONHTTPSVERIFY environment variable", "check_result": { "result": "PASSED", "entity": { "block_name_": "ARG", "block_type_": "resource", "file_path_": "/Dockerfile.production", "config_": { "content": "ARG NEXT_PUBLIC_DASHBOARD_URL\n", "value": "NEXT_PUBLIC_DASHBOARD_URL", "__startline__": 13, "__endline__": 13 }, "label_": "resource: ARG", "id_": "ARG", "source_": "Dockerfile", "content": "ARG NEXT_PUBLIC_DASHBOARD_URL\n", "value": "NEXT_PUBLIC_DASHBOARD_URL", "__startline__": 13, "__endline__": 13, "resource_type": "ARG", "hash": "4075db881e0d222faeb86e03db8a05d9a998deab344c05aee0e89d2426e01383" }, "evaluated_keys": [ "value" ] }, "code_block": [ [ 14, "ARG NEXT_PUBLIC_DASHBOARD_URL\n" ] ], "file_path": "/Dockerfile.production", "file_abs_path": "/scan/Dockerfile.production", "repo_file_path": "/Dockerfile.production", "file_line_range": [ 14, 14 ], "resource": "/Dockerfile.production.ARG", "evaluations": null, "check_class": "checkov.common.graph.checks_infra.base_check", "fixed_definition": null, "entity_tags": null, "caller_file_path": null, "caller_file_line_range": null, "resource_address": null, "severity": null, "bc_category": null, "benchmarks": null, "description": null, "short_description": null, "vulnerability_details": null, "connected_node": null, "guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-PYTHONHTTPSVERIFY-secure", "details": [], "check_len": null, "definition_context_file_path": null }, { "check_id": "CKV2_DOCKER_5", "bc_check_id": null, "check_name": "Ensure that certificate validation isn't disabled with the PYTHONHTTPSVERIFY environment variable", "check_result": { "result": "PASSED", "entity": { "block_name_": "ARG", "block_type_": "resource", "file_path_": "/Dockerfile.production", "config_": { "content": "ARG NEXT_PUBLIC_ADMIN_URL\n", "value": "NEXT_PUBLIC_ADMIN_URL", "__startline__": 14, "__endline__": 14 }, "label_": "resource: ARG", "id_": "ARG", "source_": "Dockerfile", "content": "ARG NEXT_PUBLIC_ADMIN_URL\n", "value": "NEXT_PUBLIC_ADMIN_URL", "__startline__": 14, "__endline__": 14, "resource_type": "ARG", "hash": "a4c9bf1c4e349946074fb4c606d0db63c06a809d125e58ddd09427e4d929fd6a" }, "evaluated_keys": [ "value" ] }, "code_block": [ [ 15, "ARG NEXT_PUBLIC_ADMIN_URL\n" ] ], "file_path": "/Dockerfile.production", "file_abs_path": "/scan/Dockerfile.production", "repo_file_path": "/Dockerfile.production", "file_line_range": [ 15, 15 ], "resource": "/Dockerfile.production.ARG", "evaluations": null, "check_class": "checkov.common.graph.checks_infra.base_check", "fixed_definition": null, "entity_tags": null, "caller_file_path": null, "caller_file_line_range": null, "resource_address": null, "severity": null, "bc_category": null, "benchmarks": null, "description": null, "short_description": null, "vulnerability_details": null, "connected_node": null, "guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-PYTHONHTTPSVERIFY-secure", "details": [], "check_len": null, "definition_context_file_path": null }, { "check_id": "CKV2_DOCKER_5", "bc_check_id": null, "check_name": "Ensure that certificate validation isn't disabled with the PYTHONHTTPSVERIFY environment variable", "check_result": { "result": "PASSED", "entity": { "block_name_": "ENV", "block_type_": "resource", "file_path_": "/Dockerfile.production", "config_": { "content": "ENV NEXT_PUBLIC_API_URL=$NEXT_PUBLIC_API_URL \\\n NEXT_PUBLIC_MARKETPLACE_URL=$NEXT_PUBLIC_MARKETPLACE_URL \\\n NEXT_PUBLIC_DASHBOARD_URL=$NEXT_PUBLIC_DASHBOARD_URL \\\n NEXT_PUBLIC_ADMIN_URL=$NEXT_PUBLIC_ADMIN_URL\n", "value": "NEXT_PUBLIC_API_URL=$NEXT_PUBLIC_API_URL NEXT_PUBLIC_MARKETPLACE_URL=$NEXT_PUBLIC_MARKETPLACE_URL NEXT_PUBLIC_DASHBOARD_URL=$NEXT_PUBLIC_DASHBOARD_URL NEXT_PUBLIC_ADMIN_URL=$NEXT_PUBLIC_ADMIN_URL", "__startline__": 15, "__endline__": 18 }, "label_": "resource: ENV", "id_": "ENV", "source_": "Dockerfile", "content": "ENV NEXT_PUBLIC_API_URL=$NEXT_PUBLIC_API_URL \\\n NEXT_PUBLIC_MARKETPLACE_URL=$NEXT_PUBLIC_MARKETPLACE_URL \\\n NEXT_PUBLIC_DASHBOARD_URL=$NEXT_PUBLIC_DASHBOARD_URL \\\n NEXT_PUBLIC_ADMIN_URL=$NEXT_PUBLIC_ADMIN_URL\n", "value": "NEXT_PUBLIC_API_URL=$NEXT_PUBLIC_API_URL NEXT_PUBLIC_MARKETPLACE_URL=$NEXT_PUBLIC_MARKETPLACE_URL NEXT_PUBLIC_DASHBOARD_URL=$NEXT_PUBLIC_DASHBOARD_URL NEXT_PUBLIC_ADMIN_URL=$NEXT_PUBLIC_ADMIN_URL", "__startline__": 15, "__endline__": 18, "resource_type": "ENV", "hash": "65abe3eb0aadfa3b1ed513b9e21f4f8c4524ec8c298e7123de46806870b90557" }, "evaluated_keys": [ "value" ] }, "code_block": [ [ 16, "ENV NEXT_PUBLIC_API_URL=$NEXT_PUBLIC_API_URL \\\n" ], [ 17, " NEXT_PUBLIC_MARKETPLACE_URL=$NEXT_PUBLIC_MARKETPLACE_URL \\\n" ], [ 18, " NEXT_PUBLIC_DASHBOARD_URL=$NEXT_PUBLIC_DASHBOARD_URL \\\n" ], [ 19, " NEXT_PUBLIC_ADMIN_URL=$NEXT_PUBLIC_ADMIN_URL\n" ] ], "file_path": "/Dockerfile.production", "file_abs_path": "/scan/Dockerfile.production", "repo_file_path": "/Dockerfile.production", "file_line_range": [ 16, 19 ], "resource": "/Dockerfile.production.ENV", "evaluations": null, "check_class": "checkov.common.graph.checks_infra.base_check", "fixed_definition": null, "entity_tags": null, "caller_file_path": null, "caller_file_line_range": null, "resource_address": null, "severity": null, "bc_category": null, "benchmarks": null, "description": null, "short_description": null, "vulnerability_details": null, "connected_node": null, "guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-PYTHONHTTPSVERIFY-secure", "details": [], "check_len": null, "definition_context_file_path": null }, { "check_id": "CKV2_DOCKER_5", "bc_check_id": null, "check_name": "Ensure that certificate validation isn't disabled with the PYTHONHTTPSVERIFY environment variable", "check_result": { "result": "PASSED", "entity": { "block_name_": "ENV", "block_type_": "resource", "file_path_": "/Dockerfile.production", "config_": { "content": "ENV NODE_ENV=production\n", "value": "NODE_ENV=production", "__startline__": 28, "__endline__": 28 }, "label_": "resource: ENV", "id_": "ENV", "source_": "Dockerfile", "content": "ENV NODE_ENV=production\n", "value": "NODE_ENV=production", "__startline__": 28, "__endline__": 28, "resource_type": "ENV", "hash": "5a6afcff0e4c111b04ace6d372feb2943096034796456739be650482e87f3e0e" }, "evaluated_keys": [ "value" ] }, "code_block": [ [ 29, "ENV NODE_ENV=production\n" ] ], "file_path": "/Dockerfile.production", "file_abs_path": "/scan/Dockerfile.production", "repo_file_path": "/Dockerfile.production", "file_line_range": [ 29, 29 ], "resource": "/Dockerfile.production.ENV", "evaluations": null, "check_class": "checkov.common.graph.checks_infra.base_check", "fixed_definition": null, "entity_tags": null, "caller_file_path": null, "caller_file_line_range": null, "resource_address": null, "severity": null, "bc_category": null, "benchmarks": null, "description": null, "short_description": null, "vulnerability_details": null, "connected_node": null, "guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-PYTHONHTTPSVERIFY-secure", "details": [], "check_len": null, "definition_context_file_path": null }, { "check_id": "CKV2_DOCKER_5", "bc_check_id": null, "check_name": "Ensure that certificate validation isn't disabled with the PYTHONHTTPSVERIFY environment variable", "check_result": { "result": "PASSED", "entity": { "block_name_": "RUN", "block_type_": "resource", "file_path_": "/Dockerfile.test", "config_": { "content": "RUN corepack enable && corepack prepare npm@10.5.0 --activate\n", "value": "corepack enable && corepack prepare npm@10.5.0 --activate", "__startline__": 4, "__endline__": 4 }, "label_": "resource: RUN", "id_": "RUN", "source_": "Dockerfile", "content": "RUN corepack enable && corepack prepare npm@10.5.0 --activate\n", "value": "corepack enable && corepack prepare npm@10.5.0 --activate", "__startline__": 4, "__endline__": 4, "resource_type": "RUN", "hash": "1d5fb0a211498b8baf37e5744578ad03459da7798534298981f23fdefb7eb757" }, "evaluated_keys": [ "value" ] }, "code_block": [ [ 5, "RUN corepack enable && corepack prepare npm@10.5.0 --activate\n" ] ], "file_path": "/Dockerfile.test", "file_abs_path": "/scan/Dockerfile.test", "repo_file_path": "/Dockerfile.test", "file_line_range": [ 5, 5 ], "resource": "/Dockerfile.test.RUN", "evaluations": null, "check_class": "checkov.common.graph.checks_infra.base_check", "fixed_definition": null, "entity_tags": null, "caller_file_path": null, "caller_file_line_range": null, "resource_address": null, "severity": null, "bc_category": null, "benchmarks": null, "description": null, "short_description": null, "vulnerability_details": null, "connected_node": null, "guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-PYTHONHTTPSVERIFY-secure", "details": [], "check_len": null, "definition_context_file_path": null }, { "check_id": "CKV2_DOCKER_5", "bc_check_id": null, "check_name": "Ensure that certificate validation isn't disabled with the PYTHONHTTPSVERIFY environment variable", "check_result": { "result": "PASSED", "entity": { "block_name_": "RUN", "block_type_": "resource", "file_path_": "/Dockerfile.test", "config_": { "content": "RUN npm install\n", "value": "npm install", "__startline__": 10, "__endline__": 10 }, "label_": "resource: RUN", "id_": "RUN", "source_": "Dockerfile", "content": "RUN npm install\n", "value": "npm install", "__startline__": 10, "__endline__": 10, "resource_type": "RUN", "hash": "fb809e4860a3131df821aea9480445cc6e2f66dd52744dab5f3d2ef5b2848436" }, "evaluated_keys": [ "value" ] }, "code_block": [ [ 11, "RUN npm install\n" ] ], "file_path": "/Dockerfile.test", "file_abs_path": "/scan/Dockerfile.test", "repo_file_path": "/Dockerfile.test", "file_line_range": [ 11, 11 ], "resource": "/Dockerfile.test.RUN", "evaluations": null, "check_class": "checkov.common.graph.checks_infra.base_check", "fixed_definition": null, "entity_tags": null, "caller_file_path": null, "caller_file_line_range": null, "resource_address": null, "severity": null, "bc_category": null, "benchmarks": null, "description": null, "short_description": null, "vulnerability_details": null, "connected_node": null, "guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-PYTHONHTTPSVERIFY-secure", "details": [], "check_len": null, "definition_context_file_path": null }, { "check_id": "CKV2_DOCKER_5", "bc_check_id": null, "check_name": "Ensure that certificate validation isn't disabled with the PYTHONHTTPSVERIFY environment variable", "check_result": { "result": "PASSED", "entity": { "block_name_": "ENV", "block_type_": "resource", "file_path_": "/Dockerfile.test", "config_": { "content": "ENV NODE_ENV=test\n", "value": "NODE_ENV=test", "__startline__": 12, "__endline__": 12 }, "label_": "resource: ENV", "id_": "ENV", "source_": "Dockerfile", "content": "ENV NODE_ENV=test\n", "value": "NODE_ENV=test", "__startline__": 12, "__endline__": 12, "resource_type": "ENV", "hash": "14d83a642c69d4cf67fcdbeb6dace7ba464024fdcad52f8129d63c78042457cb" }, "evaluated_keys": [ "value" ] }, "code_block": [ [ 13, "ENV NODE_ENV=test\n" ] ], "file_path": "/Dockerfile.test", "file_abs_path": "/scan/Dockerfile.test", "repo_file_path": "/Dockerfile.test", "file_line_range": [ 13, 13 ], "resource": "/Dockerfile.test.ENV", "evaluations": null, "check_class": "checkov.common.graph.checks_infra.base_check", "fixed_definition": null, "entity_tags": null, "caller_file_path": null, "caller_file_line_range": null, "resource_address": null, "severity": null, "bc_category": null, "benchmarks": null, "description": null, "short_description": null, "vulnerability_details": null, "connected_node": null, "guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-PYTHONHTTPSVERIFY-secure", "details": [], "check_len": null, "definition_context_file_path": null }, { "check_id": "CKV2_DOCKER_5", "bc_check_id": null, "check_name": "Ensure that certificate validation isn't disabled with the PYTHONHTTPSVERIFY environment variable", "check_result": { "result": "PASSED", "entity": { "block_name_": "RUN", "block_type_": "resource", "file_path_": "/Dockerfile.dev", "config_": { "content": "RUN npm install -g npm@10.5.0 --no-fund --no-audit\n", "value": "npm install -g npm@10.5.0 --no-fund --no-audit", "__startline__": 4, "__endline__": 4 }, "label_": "resource: RUN", "id_": "RUN", "source_": "Dockerfile", "content": "RUN npm install -g npm@10.5.0 --no-fund --no-audit\n", "value": "npm install -g npm@10.5.0 --no-fund --no-audit", "__startline__": 4, "__endline__": 4, "resource_type": "RUN", "hash": "435bba968d1d0b4c410ea33851637829a16b2ad878f0b9531a737c7a444f91b9" }, "evaluated_keys": [ "value" ] }, "code_block": [ [ 5, "RUN npm install -g npm@10.5.0 --no-fund --no-audit\n" ] ], "file_path": "/Dockerfile.dev", "file_abs_path": "/scan/Dockerfile.dev", "repo_file_path": "/Dockerfile.dev", "file_line_range": [ 5, 5 ], "resource": "/Dockerfile.dev.RUN", "evaluations": null, "check_class": "checkov.common.graph.checks_infra.base_check", "fixed_definition": null, "entity_tags": null, "caller_file_path": null, "caller_file_line_range": null, "resource_address": null, "severity": null, "bc_category": null, "benchmarks": null, "description": null, "short_description": null, "vulnerability_details": null, "connected_node": null, "guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-PYTHONHTTPSVERIFY-secure", "details": [], "check_len": null, "definition_context_file_path": null }, { "check_id": "CKV2_DOCKER_5", "bc_check_id": null, "check_name": "Ensure that certificate validation isn't disabled with the PYTHONHTTPSVERIFY environment variable", "check_result": { "result": "PASSED", "entity": { "block_name_": "RUN", "block_type_": "resource", "file_path_": "/Dockerfile.dev", "config_": { "content": "RUN npm ci --no-fund --no-audit\n", "value": "npm ci --no-fund --no-audit", "__startline__": 10, "__endline__": 10 }, "label_": "resource: RUN", "id_": "RUN", "source_": "Dockerfile", "content": "RUN npm ci --no-fund --no-audit\n", "value": "npm ci --no-fund --no-audit", "__startline__": 10, "__endline__": 10, "resource_type": "RUN", "hash": "57abb1bbe03890ab19f47e5f96b9cbcee02aab65f6980d523df42faf41b709fa" }, "evaluated_keys": [ "value" ] }, "code_block": [ [ 11, "RUN npm ci --no-fund --no-audit\n" ] ], "file_path": "/Dockerfile.dev", "file_abs_path": "/scan/Dockerfile.dev", "repo_file_path": "/Dockerfile.dev", "file_line_range": [ 11, 11 ], "resource": "/Dockerfile.dev.RUN", "evaluations": null, "check_class": "checkov.common.graph.checks_infra.base_check", "fixed_definition": null, "entity_tags": null, "caller_file_path": null, "caller_file_line_range": null, "resource_address": null, "severity": null, "bc_category": null, "benchmarks": null, "description": null, "short_description": null, "vulnerability_details": null, "connected_node": null, "guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-PYTHONHTTPSVERIFY-secure", "details": [], "check_len": null, "definition_context_file_path": null }, { "check_id": "CKV2_DOCKER_17", "bc_check_id": null, "check_name": "Ensure that 'chpasswd' is not used to set or remove passwords", "check_result": { "result": "PASSED", "entity": { "block_name_": "RUN", "block_type_": "resource", "file_path_": "/Dockerfile.production", "config_": { "content": "RUN corepack enable && corepack prepare npm@10.5.0 --activate\n", "value": "corepack enable && corepack prepare npm@10.5.0 --activate", "__startline__": 4, "__endline__": 4 }, "label_": "resource: RUN", "id_": "RUN", "source_": "Dockerfile", "content": "RUN corepack enable && corepack prepare npm@10.5.0 --activate\n", "value": "corepack enable && corepack prepare npm@10.5.0 --activate", "__startline__": 4, "__endline__": 4, "resource_type": "RUN", "hash": "dbd32b6bad6b728919787011f82d60c50d7b2d1c079f814de2b1640696c98816" }, "evaluated_keys": [ "value" ] }, "code_block": [ [ 5, "RUN corepack enable && corepack prepare npm@10.5.0 --activate\n" ] ], "file_path": "/Dockerfile.production", "file_abs_path": "/scan/Dockerfile.production", "repo_file_path": "/Dockerfile.production", "file_line_range": [ 5, 5 ], "resource": "/Dockerfile.production.RUN", "evaluations": null, "check_class": "checkov.common.graph.checks_infra.base_check", "fixed_definition": null, "entity_tags": null, "caller_file_path": null, "caller_file_line_range": null, "resource_address": null, "severity": null, "bc_category": null, "benchmarks": null, "description": null, "short_description": null, "vulnerability_details": null, "connected_node": null, "guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/bc-docker-2-17", "details": [], "check_len": null, "definition_context_file_path": null }, { "check_id": "CKV2_DOCKER_17", "bc_check_id": null, "check_name": "Ensure that 'chpasswd' is not used to set or remove passwords", "check_result": { "result": "PASSED", "entity": { "block_name_": "RUN", "block_type_": "resource", "file_path_": "/Dockerfile.production", "config_": { "content": "RUN npm install\n", "value": "npm install", "__startline__": 20, "__endline__": 20 }, "label_": "resource: RUN", "id_": "RUN", "source_": "Dockerfile", "content": "RUN npm install\n", "value": "npm install", "__startline__": 20, "__endline__": 20, "resource_type": "RUN", "hash": "6979b14e6a853ac150ffef85c5e28fd49c956054ea2cb1d01440e13b17260c4a" }, "evaluated_keys": [ "value" ] }, "code_block": [ [ 21, "RUN npm install\n" ] ], "file_path": "/Dockerfile.production", "file_abs_path": "/scan/Dockerfile.production", "repo_file_path": "/Dockerfile.production", "file_line_range": [ 21, 21 ], "resource": "/Dockerfile.production.RUN", "evaluations": null, "check_class": "checkov.common.graph.checks_infra.base_check", "fixed_definition": null, "entity_tags": null, "caller_file_path": null, "caller_file_line_range": null, "resource_address": null, "severity": null, "bc_category": null, "benchmarks": null, "description": null, "short_description": null, "vulnerability_details": null, "connected_node": null, "guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/bc-docker-2-17", "details": [], "check_len": null, "definition_context_file_path": null }, { "check_id": "CKV2_DOCKER_17", "bc_check_id": null, "check_name": "Ensure that 'chpasswd' is not used to set or remove passwords", "check_result": { "result": "PASSED", "entity": { "block_name_": "RUN", "block_type_": "resource", "file_path_": "/Dockerfile.production", "config_": { "content": "RUN npm run db:generate\n", "value": "npm run db:generate", "__startline__": 21, "__endline__": 21 }, "label_": "resource: RUN", "id_": "RUN", "source_": "Dockerfile", "content": "RUN npm run db:generate\n", "value": "npm run db:generate", "__startline__": 21, "__endline__": 21, "resource_type": "RUN", "hash": "c1f9cc0c42260bb0183d7e7b9ec2edab99837111ad42dbbdd7fad09ff3e37ab0" }, "evaluated_keys": [ "value" ] }, "code_block": [ [ 22, "RUN npm run db:generate\n" ] ], "file_path": "/Dockerfile.production", "file_abs_path": "/scan/Dockerfile.production", "repo_file_path": "/Dockerfile.production", "file_line_range": [ 22, 22 ], "resource": "/Dockerfile.production.RUN", "evaluations": null, "check_class": "checkov.common.graph.checks_infra.base_check", "fixed_definition": null, "entity_tags": null, "caller_file_path": null, "caller_file_line_range": null, "resource_address": null, "severity": null, "bc_category": null, "benchmarks": null, "description": null, "short_description": null, "vulnerability_details": null, "connected_node": null, "guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/bc-docker-2-17", "details": [], "check_len": null, "definition_context_file_path": null }, { "check_id": "CKV2_DOCKER_17", "bc_check_id": null, "check_name": "Ensure that 'chpasswd' is not used to set or remove passwords", "check_result": { "result": "PASSED", "entity": { "block_name_": "RUN", "block_type_": "resource", "file_path_": "/Dockerfile.production", "config_": { "content": "RUN npm run build\n", "value": "npm run build", "__startline__": 22, "__endline__": 22 }, "label_": "resource: RUN", "id_": "RUN", "source_": "Dockerfile", "content": "RUN npm run build\n", "value": "npm run build", "__startline__": 22, "__endline__": 22, "resource_type": "RUN", "hash": "1bf185fb6038f1b491f2a2686de4dd9869ccdd9c3e34d2772cf43bd368377aa6" }, "evaluated_keys": [ "value" ] }, "code_block": [ [ 23, "RUN npm run build\n" ] ], "file_path": "/Dockerfile.production", "file_abs_path": "/scan/Dockerfile.production", "repo_file_path": "/Dockerfile.production", "file_line_range": [ 23, 23 ], "resource": "/Dockerfile.production.RUN", "evaluations": null, "check_class": "checkov.common.graph.checks_infra.base_check", "fixed_definition": null, "entity_tags": null, "caller_file_path": null, "caller_file_line_range": null, "resource_address": null, "severity": null, "bc_category": null, "benchmarks": null, "description": null, "short_description": null, "vulnerability_details": null, "connected_node": null, "guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/bc-docker-2-17", "details": [], "check_len": null, "definition_context_file_path": null }, { "check_id": "CKV2_DOCKER_17", "bc_check_id": null, "check_name": "Ensure that 'chpasswd' is not used to set or remove passwords", "check_result": { "result": "PASSED", "entity": { "block_name_": "RUN", "block_type_": "resource", "file_path_": "/Dockerfile.production", "config_": { "content": "RUN corepack enable && corepack prepare npm@10.5.0 --activate\n", "value": "corepack enable && corepack prepare npm@10.5.0 --activate", "__startline__": 30, "__endline__": 30 }, "label_": "resource: RUN", "id_": "RUN", "source_": "Dockerfile", "content": "RUN corepack enable && corepack prepare npm@10.5.0 --activate\n", "value": "corepack enable && corepack prepare npm@10.5.0 --activate", "__startline__": 30, "__endline__": 30, "resource_type": "RUN", "hash": "01c88e306f7db45ae7136e3bdb63c4b15978dd024f6ed18210961fc3db3df382" }, "evaluated_keys": [ "value" ] }, "code_block": [ [ 31, "RUN corepack enable && corepack prepare npm@10.5.0 --activate\n" ] ], "file_path": "/Dockerfile.production", "file_abs_path": "/scan/Dockerfile.production", "repo_file_path": "/Dockerfile.production", "file_line_range": [ 31, 31 ], "resource": "/Dockerfile.production.RUN", "evaluations": null, "check_class": "checkov.common.graph.checks_infra.base_check", "fixed_definition": null, "entity_tags": null, "caller_file_path": null, "caller_file_line_range": null, "resource_address": null, "severity": null, "bc_category": null, "benchmarks": null, "description": null, "short_description": null, "vulnerability_details": null, "connected_node": null, "guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/bc-docker-2-17", "details": [], "check_len": null, "definition_context_file_path": null }, { "check_id": "CKV2_DOCKER_17", "bc_check_id": null, "check_name": "Ensure that 'chpasswd' is not used to set or remove passwords", "check_result": { "result": "PASSED", "entity": { "block_name_": "RUN", "block_type_": "resource", "file_path_": "/Dockerfile.test", "config_": { "content": "RUN corepack enable && corepack prepare npm@10.5.0 --activate\n", "value": "corepack enable && corepack prepare npm@10.5.0 --activate", "__startline__": 4, "__endline__": 4 }, "label_": "resource: RUN", "id_": "RUN", "source_": "Dockerfile", "content": "RUN corepack enable && corepack prepare npm@10.5.0 --activate\n", "value": "corepack enable && corepack prepare npm@10.5.0 --activate", "__startline__": 4, "__endline__": 4, "resource_type": "RUN", "hash": "1d5fb0a211498b8baf37e5744578ad03459da7798534298981f23fdefb7eb757" }, "evaluated_keys": [ "value" ] }, "code_block": [ [ 5, "RUN corepack enable && corepack prepare npm@10.5.0 --activate\n" ] ], "file_path": "/Dockerfile.test", "file_abs_path": "/scan/Dockerfile.test", "repo_file_path": "/Dockerfile.test", "file_line_range": [ 5, 5 ], "resource": "/Dockerfile.test.RUN", "evaluations": null, "check_class": "checkov.common.graph.checks_infra.base_check", "fixed_definition": null, "entity_tags": null, "caller_file_path": null, "caller_file_line_range": null, "resource_address": null, "severity": null, "bc_category": null, "benchmarks": null, "description": null, "short_description": null, "vulnerability_details": null, "connected_node": null, "guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/bc-docker-2-17", "details": [], "check_len": null, "definition_context_file_path": null }, { "check_id": "CKV2_DOCKER_17", "bc_check_id": null, "check_name": "Ensure that 'chpasswd' is not used to set or remove passwords", "check_result": { "result": "PASSED", "entity": { "block_name_": "RUN", "block_type_": "resource", "file_path_": "/Dockerfile.test", "config_": { "content": "RUN npm install\n", "value": "npm install", "__startline__": 10, "__endline__": 10 }, "label_": "resource: RUN", "id_": "RUN", "source_": "Dockerfile", "content": "RUN npm install\n", "value": "npm install", "__startline__": 10, "__endline__": 10, "resource_type": "RUN", "hash": "fb809e4860a3131df821aea9480445cc6e2f66dd52744dab5f3d2ef5b2848436" }, "evaluated_keys": [ "value" ] }, "code_block": [ [ 11, "RUN npm install\n" ] ], "file_path": "/Dockerfile.test", "file_abs_path": "/scan/Dockerfile.test", "repo_file_path": "/Dockerfile.test", "file_line_range": [ 11, 11 ], "resource": "/Dockerfile.test.RUN", "evaluations": null, "check_class": "checkov.common.graph.checks_infra.base_check", "fixed_definition": null, "entity_tags": null, "caller_file_path": null, "caller_file_line_range": null, "resource_address": null, "severity": null, "bc_category": null, "benchmarks": null, "description": null, "short_description": null, "vulnerability_details": null, "connected_node": null, "guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/bc-docker-2-17", "details": [], "check_len": null, "definition_context_file_path": null }, { "check_id": "CKV2_DOCKER_17", "bc_check_id": null, "check_name": "Ensure that 'chpasswd' is not used to set or remove passwords", "check_result": { "result": "PASSED", "entity": { "block_name_": "RUN", "block_type_": "resource", "file_path_": "/Dockerfile.dev", "config_": { "content": "RUN npm install -g npm@10.5.0 --no-fund --no-audit\n", "value": "npm install -g npm@10.5.0 --no-fund --no-audit", "__startline__": 4, "__endline__": 4 }, "label_": "resource: RUN", "id_": "RUN", "source_": "Dockerfile", "content": "RUN npm install -g npm@10.5.0 --no-fund --no-audit\n", "value": "npm install -g npm@10.5.0 --no-fund --no-audit", "__startline__": 4, "__endline__": 4, "resource_type": "RUN", "hash": "435bba968d1d0b4c410ea33851637829a16b2ad878f0b9531a737c7a444f91b9" }, "evaluated_keys": [ "value" ] }, "code_block": [ [ 5, "RUN npm install -g npm@10.5.0 --no-fund --no-audit\n" ] ], "file_path": "/Dockerfile.dev", "file_abs_path": "/scan/Dockerfile.dev", "repo_file_path": "/Dockerfile.dev", "file_line_range": [ 5, 5 ], "resource": "/Dockerfile.dev.RUN", "evaluations": null, "check_class": "checkov.common.graph.checks_infra.base_check", "fixed_definition": null, "entity_tags": null, "caller_file_path": null, "caller_file_line_range": null, "resource_address": null, "severity": null, "bc_category": null, "benchmarks": null, "description": null, "short_description": null, "vulnerability_details": null, "connected_node": null, "guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/bc-docker-2-17", "details": [], "check_len": null, "definition_context_file_path": null }, { "check_id": "CKV2_DOCKER_17", "bc_check_id": null, "check_name": "Ensure that 'chpasswd' is not used to set or remove passwords", "check_result": { "result": "PASSED", "entity": { "block_name_": "RUN", "block_type_": "resource", "file_path_": "/Dockerfile.dev", "config_": { "content": "RUN npm ci --no-fund --no-audit\n", "value": "npm ci --no-fund --no-audit", "__startline__": 10, "__endline__": 10 }, "label_": "resource: RUN", "id_": "RUN", "source_": "Dockerfile", "content": "RUN npm ci --no-fund --no-audit\n", "value": "npm ci --no-fund --no-audit", "__startline__": 10, "__endline__": 10, "resource_type": "RUN", "hash": "57abb1bbe03890ab19f47e5f96b9cbcee02aab65f6980d523df42faf41b709fa" }, "evaluated_keys": [ "value" ] }, "code_block": [ [ 11, "RUN npm ci --no-fund --no-audit\n" ] ], "file_path": "/Dockerfile.dev", "file_abs_path": "/scan/Dockerfile.dev", "repo_file_path": "/Dockerfile.dev", "file_line_range": [ 11, 11 ], "resource": "/Dockerfile.dev.RUN", "evaluations": null, "check_class": "checkov.common.graph.checks_infra.base_check", "fixed_definition": null, "entity_tags": null, "caller_file_path": null, "caller_file_line_range": null, "resource_address": null, "severity": null, "bc_category": null, "benchmarks": null, "description": null, "short_description": null, "vulnerability_details": null, "connected_node": null, "guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/bc-docker-2-17", "details": [], "check_len": null, "definition_context_file_path": null }, { "check_id": "CKV2_DOCKER_12", "bc_check_id": null, "check_name": "Ensure that certificate validation isn't disabled for npm via the 'NPM_CONFIG_STRICT_SSL' environment variable", "check_result": { "result": "PASSED", "entity": { "block_name_": "RUN", "block_type_": "resource", "file_path_": "/Dockerfile.production", "config_": { "content": "RUN corepack enable && corepack prepare npm@10.5.0 --activate\n", "value": "corepack enable && corepack prepare npm@10.5.0 --activate", "__startline__": 4, "__endline__": 4 }, "label_": "resource: RUN", "id_": "RUN", "source_": "Dockerfile", "content": "RUN corepack enable && corepack prepare npm@10.5.0 --activate\n", "value": "corepack enable && corepack prepare npm@10.5.0 --activate", "__startline__": 4, "__endline__": 4, "resource_type": "RUN", "hash": "dbd32b6bad6b728919787011f82d60c50d7b2d1c079f814de2b1640696c98816" }, "evaluated_keys": [ "value" ] }, "code_block": [ [ 5, "RUN corepack enable && corepack prepare npm@10.5.0 --activate\n" ] ], "file_path": "/Dockerfile.production", "file_abs_path": "/scan/Dockerfile.production", "repo_file_path": "/Dockerfile.production", "file_line_range": [ 5, 5 ], "resource": "/Dockerfile.production.RUN", "evaluations": null, "check_class": "checkov.common.graph.checks_infra.base_check", "fixed_definition": null, "entity_tags": null, "caller_file_path": null, "caller_file_line_range": null, "resource_address": null, "severity": null, "bc_category": null, "benchmarks": null, "description": null, "short_description": null, "vulnerability_details": null, "connected_node": null, "guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-npm-strict-ssl", "details": [], "check_len": null, "definition_context_file_path": null }, { "check_id": "CKV2_DOCKER_12", "bc_check_id": null, "check_name": "Ensure that certificate validation isn't disabled for npm via the 'NPM_CONFIG_STRICT_SSL' environment variable", "check_result": { "result": "PASSED", "entity": { "block_name_": "RUN", "block_type_": "resource", "file_path_": "/Dockerfile.production", "config_": { "content": "RUN npm install\n", "value": "npm install", "__startline__": 20, "__endline__": 20 }, "label_": "resource: RUN", "id_": "RUN", "source_": "Dockerfile", "content": "RUN npm install\n", "value": "npm install", "__startline__": 20, "__endline__": 20, "resource_type": "RUN", "hash": "6979b14e6a853ac150ffef85c5e28fd49c956054ea2cb1d01440e13b17260c4a" }, "evaluated_keys": [ "value" ] }, "code_block": [ [ 21, "RUN npm install\n" ] ], "file_path": "/Dockerfile.production", "file_abs_path": "/scan/Dockerfile.production", "repo_file_path": "/Dockerfile.production", "file_line_range": [ 21, 21 ], "resource": "/Dockerfile.production.RUN", "evaluations": null, "check_class": "checkov.common.graph.checks_infra.base_check", "fixed_definition": null, "entity_tags": null, "caller_file_path": null, "caller_file_line_range": null, "resource_address": null, "severity": null, "bc_category": null, "benchmarks": null, "description": null, "short_description": null, "vulnerability_details": null, "connected_node": null, "guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-npm-strict-ssl", "details": [], "check_len": null, "definition_context_file_path": null }, { "check_id": "CKV2_DOCKER_12", "bc_check_id": null, "check_name": "Ensure that certificate validation isn't disabled for npm via the 'NPM_CONFIG_STRICT_SSL' environment variable", "check_result": { "result": "PASSED", "entity": { "block_name_": "RUN", "block_type_": "resource", "file_path_": "/Dockerfile.production", "config_": { "content": "RUN npm run db:generate\n", "value": "npm run db:generate", "__startline__": 21, "__endline__": 21 }, "label_": "resource: RUN", "id_": "RUN", "source_": "Dockerfile", "content": "RUN npm run db:generate\n", "value": "npm run db:generate", "__startline__": 21, "__endline__": 21, "resource_type": "RUN", "hash": "c1f9cc0c42260bb0183d7e7b9ec2edab99837111ad42dbbdd7fad09ff3e37ab0" }, "evaluated_keys": [ "value" ] }, "code_block": [ [ 22, "RUN npm run db:generate\n" ] ], "file_path": "/Dockerfile.production", "file_abs_path": "/scan/Dockerfile.production", "repo_file_path": "/Dockerfile.production", "file_line_range": [ 22, 22 ], "resource": "/Dockerfile.production.RUN", "evaluations": null, "check_class": "checkov.common.graph.checks_infra.base_check", "fixed_definition": null, "entity_tags": null, "caller_file_path": null, "caller_file_line_range": null, "resource_address": null, "severity": null, "bc_category": null, "benchmarks": null, "description": null, "short_description": null, "vulnerability_details": null, "connected_node": null, "guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-npm-strict-ssl", "details": [], "check_len": null, "definition_context_file_path": null }, { "check_id": "CKV2_DOCKER_12", "bc_check_id": null, "check_name": "Ensure that certificate validation isn't disabled for npm via the 'NPM_CONFIG_STRICT_SSL' environment variable", "check_result": { "result": "PASSED", "entity": { "block_name_": "RUN", "block_type_": "resource", "file_path_": "/Dockerfile.production", "config_": { "content": "RUN npm run build\n", "value": "npm run build", "__startline__": 22, "__endline__": 22 }, "label_": "resource: RUN", "id_": "RUN", "source_": "Dockerfile", "content": "RUN npm run build\n", "value": "npm run build", "__startline__": 22, "__endline__": 22, "resource_type": "RUN", "hash": "1bf185fb6038f1b491f2a2686de4dd9869ccdd9c3e34d2772cf43bd368377aa6" }, "evaluated_keys": [ "value" ] }, "code_block": [ [ 23, "RUN npm run build\n" ] ], "file_path": "/Dockerfile.production", "file_abs_path": "/scan/Dockerfile.production", "repo_file_path": "/Dockerfile.production", "file_line_range": [ 23, 23 ], "resource": "/Dockerfile.production.RUN", "evaluations": null, "check_class": "checkov.common.graph.checks_infra.base_check", "fixed_definition": null, "entity_tags": null, "caller_file_path": null, "caller_file_line_range": null, "resource_address": null, "severity": null, "bc_category": null, "benchmarks": null, "description": null, "short_description": null, "vulnerability_details": null, "connected_node": null, "guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-npm-strict-ssl", "details": [], "check_len": null, "definition_context_file_path": null }, { "check_id": "CKV2_DOCKER_12", "bc_check_id": null, "check_name": "Ensure that certificate validation isn't disabled for npm via the 'NPM_CONFIG_STRICT_SSL' environment variable", "check_result": { "result": "PASSED", "entity": { "block_name_": "RUN", "block_type_": "resource", "file_path_": "/Dockerfile.production", "config_": { "content": "RUN corepack enable && corepack prepare npm@10.5.0 --activate\n", "value": "corepack enable && corepack prepare npm@10.5.0 --activate", "__startline__": 30, "__endline__": 30 }, "label_": "resource: RUN", "id_": "RUN", "source_": "Dockerfile", "content": "RUN corepack enable && corepack prepare npm@10.5.0 --activate\n", "value": "corepack enable && corepack prepare npm@10.5.0 --activate", "__startline__": 30, "__endline__": 30, "resource_type": "RUN", "hash": "01c88e306f7db45ae7136e3bdb63c4b15978dd024f6ed18210961fc3db3df382" }, "evaluated_keys": [ "value" ] }, "code_block": [ [ 31, "RUN corepack enable && corepack prepare npm@10.5.0 --activate\n" ] ], "file_path": "/Dockerfile.production", "file_abs_path": "/scan/Dockerfile.production", "repo_file_path": "/Dockerfile.production", "file_line_range": [ 31, 31 ], "resource": "/Dockerfile.production.RUN", "evaluations": null, "check_class": "checkov.common.graph.checks_infra.base_check", "fixed_definition": null, "entity_tags": null, "caller_file_path": null, "caller_file_line_range": null, "resource_address": null, "severity": null, "bc_category": null, "benchmarks": null, "description": null, "short_description": null, "vulnerability_details": null, "connected_node": null, "guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-npm-strict-ssl", "details": [], "check_len": null, "definition_context_file_path": null }, { "check_id": "CKV2_DOCKER_12", "bc_check_id": null, "check_name": "Ensure that certificate validation isn't disabled for npm via the 'NPM_CONFIG_STRICT_SSL' environment variable", "check_result": { "result": "PASSED", "entity": { "block_name_": "ARG", "block_type_": "resource", "file_path_": "/Dockerfile.production", "config_": { "content": "ARG NEXT_PUBLIC_API_URL\n", "value": "NEXT_PUBLIC_API_URL", "__startline__": 11, "__endline__": 11 }, "label_": "resource: ARG", "id_": "ARG", "source_": "Dockerfile", "content": "ARG NEXT_PUBLIC_API_URL\n", "value": "NEXT_PUBLIC_API_URL", "__startline__": 11, "__endline__": 11, "resource_type": "ARG", "hash": "fded00a21c81cd45d8985324636a2acafc73bef594a45811ca0d68265da3f9dc" }, "evaluated_keys": [ "value" ] }, "code_block": [ [ 12, "ARG NEXT_PUBLIC_API_URL\n" ] ], "file_path": "/Dockerfile.production", "file_abs_path": "/scan/Dockerfile.production", "repo_file_path": "/Dockerfile.production", "file_line_range": [ 12, 12 ], "resource": "/Dockerfile.production.ARG", "evaluations": null, "check_class": "checkov.common.graph.checks_infra.base_check", "fixed_definition": null, "entity_tags": null, "caller_file_path": null, "caller_file_line_range": null, "resource_address": null, "severity": null, "bc_category": null, "benchmarks": null, "description": null, "short_description": null, "vulnerability_details": null, "connected_node": null, "guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-npm-strict-ssl", "details": [], "check_len": null, "definition_context_file_path": null }, { "check_id": "CKV2_DOCKER_12", "bc_check_id": null, "check_name": "Ensure that certificate validation isn't disabled for npm via the 'NPM_CONFIG_STRICT_SSL' environment variable", "check_result": { "result": "PASSED", "entity": { "block_name_": "ARG", "block_type_": "resource", "file_path_": "/Dockerfile.production", "config_": { "content": "ARG NEXT_PUBLIC_MARKETPLACE_URL\n", "value": "NEXT_PUBLIC_MARKETPLACE_URL", "__startline__": 12, "__endline__": 12 }, "label_": "resource: ARG", "id_": "ARG", "source_": "Dockerfile", "content": "ARG NEXT_PUBLIC_MARKETPLACE_URL\n", "value": "NEXT_PUBLIC_MARKETPLACE_URL", "__startline__": 12, "__endline__": 12, "resource_type": "ARG", "hash": "11d98758a432fc03021573afe4df769dc34ff0a4aec966f558b5e00c71c6cf3b" }, "evaluated_keys": [ "value" ] }, "code_block": [ [ 13, "ARG NEXT_PUBLIC_MARKETPLACE_URL\n" ] ], "file_path": "/Dockerfile.production", "file_abs_path": "/scan/Dockerfile.production", "repo_file_path": "/Dockerfile.production", "file_line_range": [ 13, 13 ], "resource": "/Dockerfile.production.ARG", "evaluations": null, "check_class": "checkov.common.graph.checks_infra.base_check", "fixed_definition": null, "entity_tags": null, "caller_file_path": null, "caller_file_line_range": null, "resource_address": null, "severity": null, "bc_category": null, "benchmarks": null, "description": null, "short_description": null, "vulnerability_details": null, "connected_node": null, "guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-npm-strict-ssl", "details": [], "check_len": null, "definition_context_file_path": null }, { "check_id": "CKV2_DOCKER_12", "bc_check_id": null, "check_name": "Ensure that certificate validation isn't disabled for npm via the 'NPM_CONFIG_STRICT_SSL' environment variable", "check_result": { "result": "PASSED", "entity": { "block_name_": "ARG", "block_type_": "resource", "file_path_": "/Dockerfile.production", "config_": { "content": "ARG NEXT_PUBLIC_DASHBOARD_URL\n", "value": "NEXT_PUBLIC_DASHBOARD_URL", "__startline__": 13, "__endline__": 13 }, "label_": "resource: ARG", "id_": "ARG", "source_": "Dockerfile", "content": "ARG NEXT_PUBLIC_DASHBOARD_URL\n", "value": "NEXT_PUBLIC_DASHBOARD_URL", "__startline__": 13, "__endline__": 13, "resource_type": "ARG", "hash": "4075db881e0d222faeb86e03db8a05d9a998deab344c05aee0e89d2426e01383" }, "evaluated_keys": [ "value" ] }, "code_block": [ [ 14, "ARG NEXT_PUBLIC_DASHBOARD_URL\n" ] ], "file_path": "/Dockerfile.production", "file_abs_path": "/scan/Dockerfile.production", "repo_file_path": "/Dockerfile.production", "file_line_range": [ 14, 14 ], "resource": "/Dockerfile.production.ARG", "evaluations": null, "check_class": "checkov.common.graph.checks_infra.base_check", "fixed_definition": null, "entity_tags": null, "caller_file_path": null, "caller_file_line_range": null, "resource_address": null, "severity": null, "bc_category": null, "benchmarks": null, "description": null, "short_description": null, "vulnerability_details": null, "connected_node": null, "guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-npm-strict-ssl", "details": [], "check_len": null, "definition_context_file_path": null }, { "check_id": "CKV2_DOCKER_12", "bc_check_id": null, "check_name": "Ensure that certificate validation isn't disabled for npm via the 'NPM_CONFIG_STRICT_SSL' environment variable", "check_result": { "result": "PASSED", "entity": { "block_name_": "ARG", "block_type_": "resource", "file_path_": "/Dockerfile.production", "config_": { "content": "ARG NEXT_PUBLIC_ADMIN_URL\n", "value": "NEXT_PUBLIC_ADMIN_URL", "__startline__": 14, "__endline__": 14 }, "label_": "resource: ARG", "id_": "ARG", "source_": "Dockerfile", "content": "ARG NEXT_PUBLIC_ADMIN_URL\n", "value": "NEXT_PUBLIC_ADMIN_URL", "__startline__": 14, "__endline__": 14, "resource_type": "ARG", "hash": "a4c9bf1c4e349946074fb4c606d0db63c06a809d125e58ddd09427e4d929fd6a" }, "evaluated_keys": [ "value" ] }, "code_block": [ [ 15, "ARG NEXT_PUBLIC_ADMIN_URL\n" ] ], "file_path": "/Dockerfile.production", "file_abs_path": "/scan/Dockerfile.production", "repo_file_path": "/Dockerfile.production", "file_line_range": [ 15, 15 ], "resource": "/Dockerfile.production.ARG", "evaluations": null, "check_class": "checkov.common.graph.checks_infra.base_check", "fixed_definition": null, "entity_tags": null, "caller_file_path": null, "caller_file_line_range": null, "resource_address": null, "severity": null, "bc_category": null, "benchmarks": null, "description": null, "short_description": null, "vulnerability_details": null, "connected_node": null, "guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-npm-strict-ssl", "details": [], "check_len": null, "definition_context_file_path": null }, { "check_id": "CKV2_DOCKER_12", "bc_check_id": null, "check_name": "Ensure that certificate validation isn't disabled for npm via the 'NPM_CONFIG_STRICT_SSL' environment variable", "check_result": { "result": "PASSED", "entity": { "block_name_": "ENV", "block_type_": "resource", "file_path_": "/Dockerfile.production", "config_": { "content": "ENV NEXT_PUBLIC_API_URL=$NEXT_PUBLIC_API_URL \\\n NEXT_PUBLIC_MARKETPLACE_URL=$NEXT_PUBLIC_MARKETPLACE_URL \\\n NEXT_PUBLIC_DASHBOARD_URL=$NEXT_PUBLIC_DASHBOARD_URL \\\n NEXT_PUBLIC_ADMIN_URL=$NEXT_PUBLIC_ADMIN_URL\n", "value": "NEXT_PUBLIC_API_URL=$NEXT_PUBLIC_API_URL NEXT_PUBLIC_MARKETPLACE_URL=$NEXT_PUBLIC_MARKETPLACE_URL NEXT_PUBLIC_DASHBOARD_URL=$NEXT_PUBLIC_DASHBOARD_URL NEXT_PUBLIC_ADMIN_URL=$NEXT_PUBLIC_ADMIN_URL", "__startline__": 15, "__endline__": 18 }, "label_": "resource: ENV", "id_": "ENV", "source_": "Dockerfile", "content": "ENV NEXT_PUBLIC_API_URL=$NEXT_PUBLIC_API_URL \\\n NEXT_PUBLIC_MARKETPLACE_URL=$NEXT_PUBLIC_MARKETPLACE_URL \\\n NEXT_PUBLIC_DASHBOARD_URL=$NEXT_PUBLIC_DASHBOARD_URL \\\n NEXT_PUBLIC_ADMIN_URL=$NEXT_PUBLIC_ADMIN_URL\n", "value": "NEXT_PUBLIC_API_URL=$NEXT_PUBLIC_API_URL NEXT_PUBLIC_MARKETPLACE_URL=$NEXT_PUBLIC_MARKETPLACE_URL NEXT_PUBLIC_DASHBOARD_URL=$NEXT_PUBLIC_DASHBOARD_URL NEXT_PUBLIC_ADMIN_URL=$NEXT_PUBLIC_ADMIN_URL", "__startline__": 15, "__endline__": 18, "resource_type": "ENV", "hash": "65abe3eb0aadfa3b1ed513b9e21f4f8c4524ec8c298e7123de46806870b90557" }, "evaluated_keys": [ "value" ] }, "code_block": [ [ 16, "ENV NEXT_PUBLIC_API_URL=$NEXT_PUBLIC_API_URL \\\n" ], [ 17, " NEXT_PUBLIC_MARKETPLACE_URL=$NEXT_PUBLIC_MARKETPLACE_URL \\\n" ], [ 18, " NEXT_PUBLIC_DASHBOARD_URL=$NEXT_PUBLIC_DASHBOARD_URL \\\n" ], [ 19, " NEXT_PUBLIC_ADMIN_URL=$NEXT_PUBLIC_ADMIN_URL\n" ] ], "file_path": "/Dockerfile.production", "file_abs_path": "/scan/Dockerfile.production", "repo_file_path": "/Dockerfile.production", "file_line_range": [ 16, 19 ], "resource": "/Dockerfile.production.ENV", "evaluations": null, "check_class": "checkov.common.graph.checks_infra.base_check", "fixed_definition": null, "entity_tags": null, "caller_file_path": null, "caller_file_line_range": null, "resource_address": null, "severity": null, "bc_category": null, "benchmarks": null, "description": null, "short_description": null, "vulnerability_details": null, "connected_node": null, "guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-npm-strict-ssl", "details": [], "check_len": null, "definition_context_file_path": null }, { "check_id": "CKV2_DOCKER_12", "bc_check_id": null, "check_name": "Ensure that certificate validation isn't disabled for npm via the 'NPM_CONFIG_STRICT_SSL' environment variable", "check_result": { "result": "PASSED", "entity": { "block_name_": "ENV", "block_type_": "resource", "file_path_": "/Dockerfile.production", "config_": { "content": "ENV NODE_ENV=production\n", "value": "NODE_ENV=production", "__startline__": 28, "__endline__": 28 }, "label_": "resource: ENV", "id_": "ENV", "source_": "Dockerfile", "content": "ENV NODE_ENV=production\n", "value": "NODE_ENV=production", "__startline__": 28, "__endline__": 28, "resource_type": "ENV", "hash": "5a6afcff0e4c111b04ace6d372feb2943096034796456739be650482e87f3e0e" }, "evaluated_keys": [ "value" ] }, "code_block": [ [ 29, "ENV NODE_ENV=production\n" ] ], "file_path": "/Dockerfile.production", "file_abs_path": "/scan/Dockerfile.production", "repo_file_path": "/Dockerfile.production", "file_line_range": [ 29, 29 ], "resource": "/Dockerfile.production.ENV", "evaluations": null, "check_class": "checkov.common.graph.checks_infra.base_check", "fixed_definition": null, "entity_tags": null, "caller_file_path": null, "caller_file_line_range": null, "resource_address": null, "severity": null, "bc_category": null, "benchmarks": null, "description": null, "short_description": null, "vulnerability_details": null, "connected_node": null, "guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-npm-strict-ssl", "details": [], "check_len": null, "definition_context_file_path": null }, { "check_id": "CKV2_DOCKER_12", "bc_check_id": null, "check_name": "Ensure that certificate validation isn't disabled for npm via the 'NPM_CONFIG_STRICT_SSL' environment variable", "check_result": { "result": "PASSED", "entity": { "block_name_": "RUN", "block_type_": "resource", "file_path_": "/Dockerfile.test", "config_": { "content": "RUN corepack enable && corepack prepare npm@10.5.0 --activate\n", "value": "corepack enable && corepack prepare npm@10.5.0 --activate", "__startline__": 4, "__endline__": 4 }, "label_": "resource: RUN", "id_": "RUN", "source_": "Dockerfile", "content": "RUN corepack enable && corepack prepare npm@10.5.0 --activate\n", "value": "corepack enable && corepack prepare npm@10.5.0 --activate", "__startline__": 4, "__endline__": 4, "resource_type": "RUN", "hash": "1d5fb0a211498b8baf37e5744578ad03459da7798534298981f23fdefb7eb757" }, "evaluated_keys": [ "value" ] }, "code_block": [ [ 5, "RUN corepack enable && corepack prepare npm@10.5.0 --activate\n" ] ], "file_path": "/Dockerfile.test", "file_abs_path": "/scan/Dockerfile.test", "repo_file_path": "/Dockerfile.test", "file_line_range": [ 5, 5 ], "resource": "/Dockerfile.test.RUN", "evaluations": null, "check_class": "checkov.common.graph.checks_infra.base_check", "fixed_definition": null, "entity_tags": null, "caller_file_path": null, "caller_file_line_range": null, "resource_address": null, "severity": null, "bc_category": null, "benchmarks": null, "description": null, "short_description": null, "vulnerability_details": null, "connected_node": null, "guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-npm-strict-ssl", "details": [], "check_len": null, "definition_context_file_path": null }, { "check_id": "CKV2_DOCKER_12", "bc_check_id": null, "check_name": "Ensure that certificate validation isn't disabled for npm via the 'NPM_CONFIG_STRICT_SSL' environment variable", "check_result": { "result": "PASSED", "entity": { "block_name_": "RUN", "block_type_": "resource", "file_path_": "/Dockerfile.test", "config_": { "content": "RUN npm install\n", "value": "npm install", "__startline__": 10, "__endline__": 10 }, "label_": "resource: RUN", "id_": "RUN", "source_": "Dockerfile", "content": "RUN npm install\n", "value": "npm install", "__startline__": 10, "__endline__": 10, "resource_type": "RUN", "hash": "fb809e4860a3131df821aea9480445cc6e2f66dd52744dab5f3d2ef5b2848436" }, "evaluated_keys": [ "value" ] }, "code_block": [ [ 11, "RUN npm install\n" ] ], "file_path": "/Dockerfile.test", "file_abs_path": "/scan/Dockerfile.test", "repo_file_path": "/Dockerfile.test", "file_line_range": [ 11, 11 ], "resource": "/Dockerfile.test.RUN", "evaluations": null, "check_class": "checkov.common.graph.checks_infra.base_check", "fixed_definition": null, "entity_tags": null, "caller_file_path": null, "caller_file_line_range": null, "resource_address": null, "severity": null, "bc_category": null, "benchmarks": null, "description": null, "short_description": null, "vulnerability_details": null, "connected_node": null, "guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-npm-strict-ssl", "details": [], "check_len": null, "definition_context_file_path": null }, { "check_id": "CKV2_DOCKER_12", "bc_check_id": null, "check_name": "Ensure that certificate validation isn't disabled for npm via the 'NPM_CONFIG_STRICT_SSL' environment variable", "check_result": { "result": "PASSED", "entity": { "block_name_": "ENV", "block_type_": "resource", "file_path_": "/Dockerfile.test", "config_": { "content": "ENV NODE_ENV=test\n", "value": "NODE_ENV=test", "__startline__": 12, "__endline__": 12 }, "label_": "resource: ENV", "id_": "ENV", "source_": "Dockerfile", "content": "ENV NODE_ENV=test\n", "value": "NODE_ENV=test", "__startline__": 12, "__endline__": 12, "resource_type": "ENV", "hash": "14d83a642c69d4cf67fcdbeb6dace7ba464024fdcad52f8129d63c78042457cb" }, "evaluated_keys": [ "value" ] }, "code_block": [ [ 13, "ENV NODE_ENV=test\n" ] ], "file_path": "/Dockerfile.test", "file_abs_path": "/scan/Dockerfile.test", "repo_file_path": "/Dockerfile.test", "file_line_range": [ 13, 13 ], "resource": "/Dockerfile.test.ENV", "evaluations": null, "check_class": "checkov.common.graph.checks_infra.base_check", "fixed_definition": null, "entity_tags": null, "caller_file_path": null, "caller_file_line_range": null, "resource_address": null, "severity": null, "bc_category": null, "benchmarks": null, "description": null, "short_description": null, "vulnerability_details": null, "connected_node": null, "guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-npm-strict-ssl", "details": [], "check_len": null, "definition_context_file_path": null }, { "check_id": "CKV2_DOCKER_12", "bc_check_id": null, "check_name": "Ensure that certificate validation isn't disabled for npm via the 'NPM_CONFIG_STRICT_SSL' environment variable", "check_result": { "result": "PASSED", "entity": { "block_name_": "RUN", "block_type_": "resource", "file_path_": "/Dockerfile.dev", "config_": { "content": "RUN npm install -g npm@10.5.0 --no-fund --no-audit\n", "value": "npm install -g npm@10.5.0 --no-fund --no-audit", "__startline__": 4, "__endline__": 4 }, "label_": "resource: RUN", "id_": "RUN", "source_": "Dockerfile", "content": "RUN npm install -g npm@10.5.0 --no-fund --no-audit\n", "value": "npm install -g npm@10.5.0 --no-fund --no-audit", "__startline__": 4, "__endline__": 4, "resource_type": "RUN", "hash": "435bba968d1d0b4c410ea33851637829a16b2ad878f0b9531a737c7a444f91b9" }, "evaluated_keys": [ "value" ] }, "code_block": [ [ 5, "RUN npm install -g npm@10.5.0 --no-fund --no-audit\n" ] ], "file_path": "/Dockerfile.dev", "file_abs_path": "/scan/Dockerfile.dev", "repo_file_path": "/Dockerfile.dev", "file_line_range": [ 5, 5 ], "resource": "/Dockerfile.dev.RUN", "evaluations": null, "check_class": "checkov.common.graph.checks_infra.base_check", "fixed_definition": null, "entity_tags": null, "caller_file_path": null, "caller_file_line_range": null, "resource_address": null, "severity": null, "bc_category": null, "benchmarks": null, "description": null, "short_description": null, "vulnerability_details": null, "connected_node": null, "guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-npm-strict-ssl", "details": [], "check_len": null, "definition_context_file_path": null }, { "check_id": "CKV2_DOCKER_12", "bc_check_id": null, "check_name": "Ensure that certificate validation isn't disabled for npm via the 'NPM_CONFIG_STRICT_SSL' environment variable", "check_result": { "result": "PASSED", "entity": { "block_name_": "RUN", "block_type_": "resource", "file_path_": "/Dockerfile.dev", "config_": { "content": "RUN npm ci --no-fund --no-audit\n", "value": "npm ci --no-fund --no-audit", "__startline__": 10, "__endline__": 10 }, "label_": "resource: RUN", "id_": "RUN", "source_": "Dockerfile", "content": "RUN npm ci --no-fund --no-audit\n", "value": "npm ci --no-fund --no-audit", "__startline__": 10, "__endline__": 10, "resource_type": "RUN", "hash": "57abb1bbe03890ab19f47e5f96b9cbcee02aab65f6980d523df42faf41b709fa" }, "evaluated_keys": [ "value" ] }, "code_block": [ [ 11, "RUN npm ci --no-fund --no-audit\n" ] ], "file_path": "/Dockerfile.dev", "file_abs_path": "/scan/Dockerfile.dev", "repo_file_path": "/Dockerfile.dev", "file_line_range": [ 11, 11 ], "resource": "/Dockerfile.dev.RUN", "evaluations": null, "check_class": "checkov.common.graph.checks_infra.base_check", "fixed_definition": null, "entity_tags": null, "caller_file_path": null, "caller_file_line_range": null, "resource_address": null, "severity": null, "bc_category": null, "benchmarks": null, "description": null, "short_description": null, "vulnerability_details": null, "connected_node": null, "guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-npm-strict-ssl", "details": [], "check_len": null, "definition_context_file_path": null }, { "check_id": "CKV2_DOCKER_14", "bc_check_id": null, "check_name": "Ensure that certificate validation isn't disabled for git by setting the environment variable 'GIT_SSL_NO_VERIFY' to any value", "check_result": { "result": "PASSED", "entity": { "block_name_": "RUN", "block_type_": "resource", "file_path_": "/Dockerfile.production", "config_": { "content": "RUN corepack enable && corepack prepare npm@10.5.0 --activate\n", "value": "corepack enable && corepack prepare npm@10.5.0 --activate", "__startline__": 4, "__endline__": 4 }, "label_": "resource: RUN", "id_": "RUN", "source_": "Dockerfile", "content": "RUN corepack enable && corepack prepare npm@10.5.0 --activate\n", "value": "corepack enable && corepack prepare npm@10.5.0 --activate", "__startline__": 4, "__endline__": 4, "resource_type": "RUN", "hash": "dbd32b6bad6b728919787011f82d60c50d7b2d1c079f814de2b1640696c98816" }, "evaluated_keys": [ "value" ] }, "code_block": [ [ 5, "RUN corepack enable && corepack prepare npm@10.5.0 --activate\n" ] ], "file_path": "/Dockerfile.production", "file_abs_path": "/scan/Dockerfile.production", "repo_file_path": "/Dockerfile.production", "file_line_range": [ 5, 5 ], "resource": "/Dockerfile.production.RUN", "evaluations": null, "check_class": "checkov.common.graph.checks_infra.base_check", "fixed_definition": null, "entity_tags": null, "caller_file_path": null, "caller_file_line_range": null, "resource_address": null, "severity": null, "bc_category": null, "benchmarks": null, "description": null, "short_description": null, "vulnerability_details": null, "connected_node": null, "guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-git-ssl", "details": [], "check_len": null, "definition_context_file_path": null }, { "check_id": "CKV2_DOCKER_14", "bc_check_id": null, "check_name": "Ensure that certificate validation isn't disabled for git by setting the environment variable 'GIT_SSL_NO_VERIFY' to any value", "check_result": { "result": "PASSED", "entity": { "block_name_": "RUN", "block_type_": "resource", "file_path_": "/Dockerfile.production", "config_": { "content": "RUN npm install\n", "value": "npm install", "__startline__": 20, "__endline__": 20 }, "label_": "resource: RUN", "id_": "RUN", "source_": "Dockerfile", "content": "RUN npm install\n", "value": "npm install", "__startline__": 20, "__endline__": 20, "resource_type": "RUN", "hash": "6979b14e6a853ac150ffef85c5e28fd49c956054ea2cb1d01440e13b17260c4a" }, "evaluated_keys": [ "value" ] }, "code_block": [ [ 21, "RUN npm install\n" ] ], "file_path": "/Dockerfile.production", "file_abs_path": "/scan/Dockerfile.production", "repo_file_path": "/Dockerfile.production", "file_line_range": [ 21, 21 ], "resource": "/Dockerfile.production.RUN", "evaluations": null, "check_class": "checkov.common.graph.checks_infra.base_check", "fixed_definition": null, "entity_tags": null, "caller_file_path": null, "caller_file_line_range": null, "resource_address": null, "severity": null, "bc_category": null, "benchmarks": null, "description": null, "short_description": null, "vulnerability_details": null, "connected_node": null, "guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-git-ssl", "details": [], "check_len": null, "definition_context_file_path": null }, { "check_id": "CKV2_DOCKER_14", "bc_check_id": null, "check_name": "Ensure that certificate validation isn't disabled for git by setting the environment variable 'GIT_SSL_NO_VERIFY' to any value", "check_result": { "result": "PASSED", "entity": { "block_name_": "RUN", "block_type_": "resource", "file_path_": "/Dockerfile.production", "config_": { "content": "RUN npm run db:generate\n", "value": "npm run db:generate", "__startline__": 21, "__endline__": 21 }, "label_": "resource: RUN", "id_": "RUN", "source_": "Dockerfile", "content": "RUN npm run db:generate\n", "value": "npm run db:generate", "__startline__": 21, "__endline__": 21, "resource_type": "RUN", "hash": "c1f9cc0c42260bb0183d7e7b9ec2edab99837111ad42dbbdd7fad09ff3e37ab0" }, "evaluated_keys": [ "value" ] }, "code_block": [ [ 22, "RUN npm run db:generate\n" ] ], "file_path": "/Dockerfile.production", "file_abs_path": "/scan/Dockerfile.production", "repo_file_path": "/Dockerfile.production", "file_line_range": [ 22, 22 ], "resource": "/Dockerfile.production.RUN", "evaluations": null, "check_class": "checkov.common.graph.checks_infra.base_check", "fixed_definition": null, "entity_tags": null, "caller_file_path": null, "caller_file_line_range": null, "resource_address": null, "severity": null, "bc_category": null, "benchmarks": null, "description": null, "short_description": null, "vulnerability_details": null, "connected_node": null, "guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-git-ssl", "details": [], "check_len": null, "definition_context_file_path": null }, { "check_id": "CKV2_DOCKER_14", "bc_check_id": null, "check_name": "Ensure that certificate validation isn't disabled for git by setting the environment variable 'GIT_SSL_NO_VERIFY' to any value", "check_result": { "result": "PASSED", "entity": { "block_name_": "RUN", "block_type_": "resource", "file_path_": "/Dockerfile.production", "config_": { "content": "RUN npm run build\n", "value": "npm run build", "__startline__": 22, "__endline__": 22 }, "label_": "resource: RUN", "id_": "RUN", "source_": "Dockerfile", "content": "RUN npm run build\n", "value": "npm run build", "__startline__": 22, "__endline__": 22, "resource_type": "RUN", "hash": "1bf185fb6038f1b491f2a2686de4dd9869ccdd9c3e34d2772cf43bd368377aa6" }, "evaluated_keys": [ "value" ] }, "code_block": [ [ 23, "RUN npm run build\n" ] ], "file_path": "/Dockerfile.production", "file_abs_path": "/scan/Dockerfile.production", "repo_file_path": "/Dockerfile.production", "file_line_range": [ 23, 23 ], "resource": "/Dockerfile.production.RUN", "evaluations": null, "check_class": "checkov.common.graph.checks_infra.base_check", "fixed_definition": null, "entity_tags": null, "caller_file_path": null, "caller_file_line_range": null, "resource_address": null, "severity": null, "bc_category": null, "benchmarks": null, "description": null, "short_description": null, "vulnerability_details": null, "connected_node": null, "guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-git-ssl", "details": [], "check_len": null, "definition_context_file_path": null }, { "check_id": "CKV2_DOCKER_14", "bc_check_id": null, "check_name": "Ensure that certificate validation isn't disabled for git by setting the environment variable 'GIT_SSL_NO_VERIFY' to any value", "check_result": { "result": "PASSED", "entity": { "block_name_": "RUN", "block_type_": "resource", "file_path_": "/Dockerfile.production", "config_": { "content": "RUN corepack enable && corepack prepare npm@10.5.0 --activate\n", "value": "corepack enable && corepack prepare npm@10.5.0 --activate", "__startline__": 30, "__endline__": 30 }, "label_": "resource: RUN", "id_": "RUN", "source_": "Dockerfile", "content": "RUN corepack enable && corepack prepare npm@10.5.0 --activate\n", "value": "corepack enable && corepack prepare npm@10.5.0 --activate", "__startline__": 30, "__endline__": 30, "resource_type": "RUN", "hash": "01c88e306f7db45ae7136e3bdb63c4b15978dd024f6ed18210961fc3db3df382" }, "evaluated_keys": [ "value" ] }, "code_block": [ [ 31, "RUN corepack enable && corepack prepare npm@10.5.0 --activate\n" ] ], "file_path": "/Dockerfile.production", "file_abs_path": "/scan/Dockerfile.production", "repo_file_path": "/Dockerfile.production", "file_line_range": [ 31, 31 ], "resource": "/Dockerfile.production.RUN", "evaluations": null, "check_class": "checkov.common.graph.checks_infra.base_check", "fixed_definition": null, "entity_tags": null, "caller_file_path": null, "caller_file_line_range": null, "resource_address": null, "severity": null, "bc_category": null, "benchmarks": null, "description": null, "short_description": null, "vulnerability_details": null, "connected_node": null, "guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-git-ssl", "details": [], "check_len": null, "definition_context_file_path": null }, { "check_id": "CKV2_DOCKER_14", "bc_check_id": null, "check_name": "Ensure that certificate validation isn't disabled for git by setting the environment variable 'GIT_SSL_NO_VERIFY' to any value", "check_result": { "result": "PASSED", "entity": { "block_name_": "ARG", "block_type_": "resource", "file_path_": "/Dockerfile.production", "config_": { "content": "ARG NEXT_PUBLIC_API_URL\n", "value": "NEXT_PUBLIC_API_URL", "__startline__": 11, "__endline__": 11 }, "label_": "resource: ARG", "id_": "ARG", "source_": "Dockerfile", "content": "ARG NEXT_PUBLIC_API_URL\n", "value": "NEXT_PUBLIC_API_URL", "__startline__": 11, "__endline__": 11, "resource_type": "ARG", "hash": "fded00a21c81cd45d8985324636a2acafc73bef594a45811ca0d68265da3f9dc" }, "evaluated_keys": [ "value" ] }, "code_block": [ [ 12, "ARG NEXT_PUBLIC_API_URL\n" ] ], "file_path": "/Dockerfile.production", "file_abs_path": "/scan/Dockerfile.production", "repo_file_path": "/Dockerfile.production", "file_line_range": [ 12, 12 ], "resource": "/Dockerfile.production.ARG", "evaluations": null, "check_class": "checkov.common.graph.checks_infra.base_check", "fixed_definition": null, "entity_tags": null, "caller_file_path": null, "caller_file_line_range": null, "resource_address": null, "severity": null, "bc_category": null, "benchmarks": null, "description": null, "short_description": null, "vulnerability_details": null, "connected_node": null, "guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-git-ssl", "details": [], "check_len": null, "definition_context_file_path": null }, { "check_id": "CKV2_DOCKER_14", "bc_check_id": null, "check_name": "Ensure that certificate validation isn't disabled for git by setting the environment variable 'GIT_SSL_NO_VERIFY' to any value", "check_result": { "result": "PASSED", "entity": { "block_name_": "ARG", "block_type_": "resource", "file_path_": "/Dockerfile.production", "config_": { "content": "ARG NEXT_PUBLIC_MARKETPLACE_URL\n", "value": "NEXT_PUBLIC_MARKETPLACE_URL", "__startline__": 12, "__endline__": 12 }, "label_": "resource: ARG", "id_": "ARG", "source_": "Dockerfile", "content": "ARG NEXT_PUBLIC_MARKETPLACE_URL\n", "value": "NEXT_PUBLIC_MARKETPLACE_URL", "__startline__": 12, "__endline__": 12, "resource_type": "ARG", "hash": "11d98758a432fc03021573afe4df769dc34ff0a4aec966f558b5e00c71c6cf3b" }, "evaluated_keys": [ "value" ] }, "code_block": [ [ 13, "ARG NEXT_PUBLIC_MARKETPLACE_URL\n" ] ], "file_path": "/Dockerfile.production", "file_abs_path": "/scan/Dockerfile.production", "repo_file_path": "/Dockerfile.production", "file_line_range": [ 13, 13 ], "resource": "/Dockerfile.production.ARG", "evaluations": null, "check_class": "checkov.common.graph.checks_infra.base_check", "fixed_definition": null, "entity_tags": null, "caller_file_path": null, "caller_file_line_range": null, "resource_address": null, "severity": null, "bc_category": null, "benchmarks": null, "description": null, "short_description": null, "vulnerability_details": null, "connected_node": null, "guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-git-ssl", "details": [], "check_len": null, "definition_context_file_path": null }, { "check_id": "CKV2_DOCKER_14", "bc_check_id": null, "check_name": "Ensure that certificate validation isn't disabled for git by setting the environment variable 'GIT_SSL_NO_VERIFY' to any value", "check_result": { "result": "PASSED", "entity": { "block_name_": "ARG", "block_type_": "resource", "file_path_": "/Dockerfile.production", "config_": { "content": "ARG NEXT_PUBLIC_DASHBOARD_URL\n", "value": "NEXT_PUBLIC_DASHBOARD_URL", "__startline__": 13, "__endline__": 13 }, "label_": "resource: ARG", "id_": "ARG", "source_": "Dockerfile", "content": "ARG NEXT_PUBLIC_DASHBOARD_URL\n", "value": "NEXT_PUBLIC_DASHBOARD_URL", "__startline__": 13, "__endline__": 13, "resource_type": "ARG", "hash": "4075db881e0d222faeb86e03db8a05d9a998deab344c05aee0e89d2426e01383" }, "evaluated_keys": [ "value" ] }, "code_block": [ [ 14, "ARG NEXT_PUBLIC_DASHBOARD_URL\n" ] ], "file_path": "/Dockerfile.production", "file_abs_path": "/scan/Dockerfile.production", "repo_file_path": "/Dockerfile.production", "file_line_range": [ 14, 14 ], "resource": "/Dockerfile.production.ARG", "evaluations": null, "check_class": "checkov.common.graph.checks_infra.base_check", "fixed_definition": null, "entity_tags": null, "caller_file_path": null, "caller_file_line_range": null, "resource_address": null, "severity": null, "bc_category": null, "benchmarks": null, "description": null, "short_description": null, "vulnerability_details": null, "connected_node": null, "guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-git-ssl", "details": [], "check_len": null, "definition_context_file_path": null }, { "check_id": "CKV2_DOCKER_14", "bc_check_id": null, "check_name": "Ensure that certificate validation isn't disabled for git by setting the environment variable 'GIT_SSL_NO_VERIFY' to any value", "check_result": { "result": "PASSED", "entity": { "block_name_": "ARG", "block_type_": "resource", "file_path_": "/Dockerfile.production", "config_": { "content": "ARG NEXT_PUBLIC_ADMIN_URL\n", "value": "NEXT_PUBLIC_ADMIN_URL", "__startline__": 14, "__endline__": 14 }, "label_": "resource: ARG", "id_": "ARG", "source_": "Dockerfile", "content": "ARG NEXT_PUBLIC_ADMIN_URL\n", "value": "NEXT_PUBLIC_ADMIN_URL", "__startline__": 14, "__endline__": 14, "resource_type": "ARG", "hash": "a4c9bf1c4e349946074fb4c606d0db63c06a809d125e58ddd09427e4d929fd6a" }, "evaluated_keys": [ "value" ] }, "code_block": [ [ 15, "ARG NEXT_PUBLIC_ADMIN_URL\n" ] ], "file_path": "/Dockerfile.production", "file_abs_path": "/scan/Dockerfile.production", "repo_file_path": "/Dockerfile.production", "file_line_range": [ 15, 15 ], "resource": "/Dockerfile.production.ARG", "evaluations": null, "check_class": "checkov.common.graph.checks_infra.base_check", "fixed_definition": null, "entity_tags": null, "caller_file_path": null, "caller_file_line_range": null, "resource_address": null, "severity": null, "bc_category": null, "benchmarks": null, "description": null, "short_description": null, "vulnerability_details": null, "connected_node": null, "guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-git-ssl", "details": [], "check_len": null, "definition_context_file_path": null }, { "check_id": "CKV2_DOCKER_14", "bc_check_id": null, "check_name": "Ensure that certificate validation isn't disabled for git by setting the environment variable 'GIT_SSL_NO_VERIFY' to any value", "check_result": { "result": "PASSED", "entity": { "block_name_": "ENV", "block_type_": "resource", "file_path_": "/Dockerfile.production", "config_": { "content": "ENV NEXT_PUBLIC_API_URL=$NEXT_PUBLIC_API_URL \\\n NEXT_PUBLIC_MARKETPLACE_URL=$NEXT_PUBLIC_MARKETPLACE_URL \\\n NEXT_PUBLIC_DASHBOARD_URL=$NEXT_PUBLIC_DASHBOARD_URL \\\n NEXT_PUBLIC_ADMIN_URL=$NEXT_PUBLIC_ADMIN_URL\n", "value": "NEXT_PUBLIC_API_URL=$NEXT_PUBLIC_API_URL NEXT_PUBLIC_MARKETPLACE_URL=$NEXT_PUBLIC_MARKETPLACE_URL NEXT_PUBLIC_DASHBOARD_URL=$NEXT_PUBLIC_DASHBOARD_URL NEXT_PUBLIC_ADMIN_URL=$NEXT_PUBLIC_ADMIN_URL", "__startline__": 15, "__endline__": 18 }, "label_": "resource: ENV", "id_": "ENV", "source_": "Dockerfile", "content": "ENV NEXT_PUBLIC_API_URL=$NEXT_PUBLIC_API_URL \\\n NEXT_PUBLIC_MARKETPLACE_URL=$NEXT_PUBLIC_MARKETPLACE_URL \\\n NEXT_PUBLIC_DASHBOARD_URL=$NEXT_PUBLIC_DASHBOARD_URL \\\n NEXT_PUBLIC_ADMIN_URL=$NEXT_PUBLIC_ADMIN_URL\n", "value": "NEXT_PUBLIC_API_URL=$NEXT_PUBLIC_API_URL NEXT_PUBLIC_MARKETPLACE_URL=$NEXT_PUBLIC_MARKETPLACE_URL NEXT_PUBLIC_DASHBOARD_URL=$NEXT_PUBLIC_DASHBOARD_URL NEXT_PUBLIC_ADMIN_URL=$NEXT_PUBLIC_ADMIN_URL", "__startline__": 15, "__endline__": 18, "resource_type": "ENV", "hash": "65abe3eb0aadfa3b1ed513b9e21f4f8c4524ec8c298e7123de46806870b90557" }, "evaluated_keys": [ "value" ] }, "code_block": [ [ 16, "ENV NEXT_PUBLIC_API_URL=$NEXT_PUBLIC_API_URL \\\n" ], [ 17, " NEXT_PUBLIC_MARKETPLACE_URL=$NEXT_PUBLIC_MARKETPLACE_URL \\\n" ], [ 18, " NEXT_PUBLIC_DASHBOARD_URL=$NEXT_PUBLIC_DASHBOARD_URL \\\n" ], [ 19, " NEXT_PUBLIC_ADMIN_URL=$NEXT_PUBLIC_ADMIN_URL\n" ] ], "file_path": "/Dockerfile.production", "file_abs_path": "/scan/Dockerfile.production", "repo_file_path": "/Dockerfile.production", "file_line_range": [ 16, 19 ], "resource": "/Dockerfile.production.ENV", "evaluations": null, "check_class": "checkov.common.graph.checks_infra.base_check", "fixed_definition": null, "entity_tags": null, "caller_file_path": null, "caller_file_line_range": null, "resource_address": null, "severity": null, "bc_category": null, "benchmarks": null, "description": null, "short_description": null, "vulnerability_details": null, "connected_node": null, "guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-git-ssl", "details": [], "check_len": null, "definition_context_file_path": null }, { "check_id": "CKV2_DOCKER_14", "bc_check_id": null, "check_name": "Ensure that certificate validation isn't disabled for git by setting the environment variable 'GIT_SSL_NO_VERIFY' to any value", "check_result": { "result": "PASSED", "entity": { "block_name_": "ENV", "block_type_": "resource", "file_path_": "/Dockerfile.production", "config_": { "content": "ENV NODE_ENV=production\n", "value": "NODE_ENV=production", "__startline__": 28, "__endline__": 28 }, "label_": "resource: ENV", "id_": "ENV", "source_": "Dockerfile", "content": "ENV NODE_ENV=production\n", "value": "NODE_ENV=production", "__startline__": 28, "__endline__": 28, "resource_type": "ENV", "hash": "5a6afcff0e4c111b04ace6d372feb2943096034796456739be650482e87f3e0e" }, "evaluated_keys": [ "value" ] }, "code_block": [ [ 29, "ENV NODE_ENV=production\n" ] ], "file_path": "/Dockerfile.production", "file_abs_path": "/scan/Dockerfile.production", "repo_file_path": "/Dockerfile.production", "file_line_range": [ 29, 29 ], "resource": "/Dockerfile.production.ENV", "evaluations": null, "check_class": "checkov.common.graph.checks_infra.base_check", "fixed_definition": null, "entity_tags": null, "caller_file_path": null, "caller_file_line_range": null, "resource_address": null, "severity": null, "bc_category": null, "benchmarks": null, "description": null, "short_description": null, "vulnerability_details": null, "connected_node": null, "guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-git-ssl", "details": [], "check_len": null, "definition_context_file_path": null }, { "check_id": "CKV2_DOCKER_14", "bc_check_id": null, "check_name": "Ensure that certificate validation isn't disabled for git by setting the environment variable 'GIT_SSL_NO_VERIFY' to any value", "check_result": { "result": "PASSED", "entity": { "block_name_": "RUN", "block_type_": "resource", "file_path_": "/Dockerfile.test", "config_": { "content": "RUN corepack enable && corepack prepare npm@10.5.0 --activate\n", "value": "corepack enable && corepack prepare npm@10.5.0 --activate", "__startline__": 4, "__endline__": 4 }, "label_": "resource: RUN", "id_": "RUN", "source_": "Dockerfile", "content": "RUN corepack enable && corepack prepare npm@10.5.0 --activate\n", "value": "corepack enable && corepack prepare npm@10.5.0 --activate", "__startline__": 4, "__endline__": 4, "resource_type": "RUN", "hash": "1d5fb0a211498b8baf37e5744578ad03459da7798534298981f23fdefb7eb757" }, "evaluated_keys": [ "value" ] }, "code_block": [ [ 5, "RUN corepack enable && corepack prepare npm@10.5.0 --activate\n" ] ], "file_path": "/Dockerfile.test", "file_abs_path": "/scan/Dockerfile.test", "repo_file_path": "/Dockerfile.test", "file_line_range": [ 5, 5 ], "resource": "/Dockerfile.test.RUN", "evaluations": null, "check_class": "checkov.common.graph.checks_infra.base_check", "fixed_definition": null, "entity_tags": null, "caller_file_path": null, "caller_file_line_range": null, "resource_address": null, "severity": null, "bc_category": null, "benchmarks": null, "description": null, "short_description": null, "vulnerability_details": null, "connected_node": null, "guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-git-ssl", "details": [], "check_len": null, "definition_context_file_path": null }, { "check_id": "CKV2_DOCKER_14", "bc_check_id": null, "check_name": "Ensure that certificate validation isn't disabled for git by setting the environment variable 'GIT_SSL_NO_VERIFY' to any value", "check_result": { "result": "PASSED", "entity": { "block_name_": "RUN", "block_type_": "resource", "file_path_": "/Dockerfile.test", "config_": { "content": "RUN npm install\n", "value": "npm install", "__startline__": 10, "__endline__": 10 }, "label_": "resource: RUN", "id_": "RUN", "source_": "Dockerfile", "content": "RUN npm install\n", "value": "npm install", "__startline__": 10, "__endline__": 10, "resource_type": "RUN", "hash": "fb809e4860a3131df821aea9480445cc6e2f66dd52744dab5f3d2ef5b2848436" }, "evaluated_keys": [ "value" ] }, "code_block": [ [ 11, "RUN npm install\n" ] ], "file_path": "/Dockerfile.test", "file_abs_path": "/scan/Dockerfile.test", "repo_file_path": "/Dockerfile.test", "file_line_range": [ 11, 11 ], "resource": "/Dockerfile.test.RUN", "evaluations": null, "check_class": "checkov.common.graph.checks_infra.base_check", "fixed_definition": null, "entity_tags": null, "caller_file_path": null, "caller_file_line_range": null, "resource_address": null, "severity": null, "bc_category": null, "benchmarks": null, "description": null, "short_description": null, "vulnerability_details": null, "connected_node": null, "guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-git-ssl", "details": [], "check_len": null, "definition_context_file_path": null }, { "check_id": "CKV2_DOCKER_14", "bc_check_id": null, "check_name": "Ensure that certificate validation isn't disabled for git by setting the environment variable 'GIT_SSL_NO_VERIFY' to any value", "check_result": { "result": "PASSED", "entity": { "block_name_": "ENV", "block_type_": "resource", "file_path_": "/Dockerfile.test", "config_": { "content": "ENV NODE_ENV=test\n", "value": "NODE_ENV=test", "__startline__": 12, "__endline__": 12 }, "label_": "resource: ENV", "id_": "ENV", "source_": "Dockerfile", "content": "ENV NODE_ENV=test\n", "value": "NODE_ENV=test", "__startline__": 12, "__endline__": 12, "resource_type": "ENV", "hash": "14d83a642c69d4cf67fcdbeb6dace7ba464024fdcad52f8129d63c78042457cb" }, "evaluated_keys": [ "value" ] }, "code_block": [ [ 13, "ENV NODE_ENV=test\n" ] ], "file_path": "/Dockerfile.test", "file_abs_path": "/scan/Dockerfile.test", "repo_file_path": "/Dockerfile.test", "file_line_range": [ 13, 13 ], "resource": "/Dockerfile.test.ENV", "evaluations": null, "check_class": "checkov.common.graph.checks_infra.base_check", "fixed_definition": null, "entity_tags": null, "caller_file_path": null, "caller_file_line_range": null, "resource_address": null, "severity": null, "bc_category": null, "benchmarks": null, "description": null, "short_description": null, "vulnerability_details": null, "connected_node": null, "guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-git-ssl", "details": [], "check_len": null, "definition_context_file_path": null }, { "check_id": "CKV2_DOCKER_14", "bc_check_id": null, "check_name": "Ensure that certificate validation isn't disabled for git by setting the environment variable 'GIT_SSL_NO_VERIFY' to any value", "check_result": { "result": "PASSED", "entity": { "block_name_": "RUN", "block_type_": "resource", "file_path_": "/Dockerfile.dev", "config_": { "content": "RUN npm install -g npm@10.5.0 --no-fund --no-audit\n", "value": "npm install -g npm@10.5.0 --no-fund --no-audit", "__startline__": 4, "__endline__": 4 }, "label_": "resource: RUN", "id_": "RUN", "source_": "Dockerfile", "content": "RUN npm install -g npm@10.5.0 --no-fund --no-audit\n", "value": "npm install -g npm@10.5.0 --no-fund --no-audit", "__startline__": 4, "__endline__": 4, "resource_type": "RUN", "hash": "435bba968d1d0b4c410ea33851637829a16b2ad878f0b9531a737c7a444f91b9" }, "evaluated_keys": [ "value" ] }, "code_block": [ [ 5, "RUN npm install -g npm@10.5.0 --no-fund --no-audit\n" ] ], "file_path": "/Dockerfile.dev", "file_abs_path": "/scan/Dockerfile.dev", "repo_file_path": "/Dockerfile.dev", "file_line_range": [ 5, 5 ], "resource": "/Dockerfile.dev.RUN", "evaluations": null, "check_class": "checkov.common.graph.checks_infra.base_check", "fixed_definition": null, "entity_tags": null, "caller_file_path": null, "caller_file_line_range": null, "resource_address": null, "severity": null, "bc_category": null, "benchmarks": null, "description": null, "short_description": null, "vulnerability_details": null, "connected_node": null, "guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-git-ssl", "details": [], "check_len": null, "definition_context_file_path": null }, { "check_id": "CKV2_DOCKER_14", "bc_check_id": null, "check_name": "Ensure that certificate validation isn't disabled for git by setting the environment variable 'GIT_SSL_NO_VERIFY' to any value", "check_result": { "result": "PASSED", "entity": { "block_name_": "RUN", "block_type_": "resource", "file_path_": "/Dockerfile.dev", "config_": { "content": "RUN npm ci --no-fund --no-audit\n", "value": "npm ci --no-fund --no-audit", "__startline__": 10, "__endline__": 10 }, "label_": "resource: RUN", "id_": "RUN", "source_": "Dockerfile", "content": "RUN npm ci --no-fund --no-audit\n", "value": "npm ci --no-fund --no-audit", "__startline__": 10, "__endline__": 10, "resource_type": "RUN", "hash": "57abb1bbe03890ab19f47e5f96b9cbcee02aab65f6980d523df42faf41b709fa" }, "evaluated_keys": [ "value" ] }, "code_block": [ [ 11, "RUN npm ci --no-fund --no-audit\n" ] ], "file_path": "/Dockerfile.dev", "file_abs_path": "/scan/Dockerfile.dev", "repo_file_path": "/Dockerfile.dev", "file_line_range": [ 11, 11 ], "resource": "/Dockerfile.dev.RUN", "evaluations": null, "check_class": "checkov.common.graph.checks_infra.base_check", "fixed_definition": null, "entity_tags": null, "caller_file_path": null, "caller_file_line_range": null, "resource_address": null, "severity": null, "bc_category": null, "benchmarks": null, "description": null, "short_description": null, "vulnerability_details": null, "connected_node": null, "guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-git-ssl", "details": [], "check_len": null, "definition_context_file_path": null }, { "check_id": "CKV2_DOCKER_6", "bc_check_id": null, "check_name": "Ensure that certificate validation isn't disabled with the NODE_TLS_REJECT_UNAUTHORIZED environment variable", "check_result": { "result": "PASSED", "entity": { "block_name_": "RUN", "block_type_": "resource", "file_path_": "/Dockerfile.production", "config_": { "content": "RUN corepack enable && corepack prepare npm@10.5.0 --activate\n", "value": "corepack enable && corepack prepare npm@10.5.0 --activate", "__startline__": 4, "__endline__": 4 }, "label_": "resource: RUN", "id_": "RUN", "source_": "Dockerfile", "content": "RUN corepack enable && corepack prepare npm@10.5.0 --activate\n", "value": "corepack enable && corepack prepare npm@10.5.0 --activate", "__startline__": 4, "__endline__": 4, "resource_type": "RUN", "hash": "dbd32b6bad6b728919787011f82d60c50d7b2d1c079f814de2b1640696c98816" }, "evaluated_keys": [ "value" ] }, "code_block": [ [ 5, "RUN corepack enable && corepack prepare npm@10.5.0 --activate\n" ] ], "file_path": "/Dockerfile.production", "file_abs_path": "/scan/Dockerfile.production", "repo_file_path": "/Dockerfile.production", "file_line_range": [ 5, 5 ], "resource": "/Dockerfile.production.RUN", "evaluations": null, "check_class": "checkov.common.graph.checks_infra.base_check", "fixed_definition": null, "entity_tags": null, "caller_file_path": null, "caller_file_line_range": null, "resource_address": null, "severity": null, "bc_category": null, "benchmarks": null, "description": null, "short_description": null, "vulnerability_details": null, "connected_node": null, "guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-node-tls-secure", "details": [], "check_len": null, "definition_context_file_path": null }, { "check_id": "CKV2_DOCKER_6", "bc_check_id": null, "check_name": "Ensure that certificate validation isn't disabled with the NODE_TLS_REJECT_UNAUTHORIZED environment variable", "check_result": { "result": "PASSED", "entity": { "block_name_": "RUN", "block_type_": "resource", "file_path_": "/Dockerfile.production", "config_": { "content": "RUN npm install\n", "value": "npm install", "__startline__": 20, "__endline__": 20 }, "label_": "resource: RUN", "id_": "RUN", "source_": "Dockerfile", "content": "RUN npm install\n", "value": "npm install", "__startline__": 20, "__endline__": 20, "resource_type": "RUN", "hash": "6979b14e6a853ac150ffef85c5e28fd49c956054ea2cb1d01440e13b17260c4a" }, "evaluated_keys": [ "value" ] }, "code_block": [ [ 21, "RUN npm install\n" ] ], "file_path": "/Dockerfile.production", "file_abs_path": "/scan/Dockerfile.production", "repo_file_path": "/Dockerfile.production", "file_line_range": [ 21, 21 ], "resource": "/Dockerfile.production.RUN", "evaluations": null, "check_class": "checkov.common.graph.checks_infra.base_check", "fixed_definition": null, "entity_tags": null, "caller_file_path": null, "caller_file_line_range": null, "resource_address": null, "severity": null, "bc_category": null, "benchmarks": null, "description": null, "short_description": null, "vulnerability_details": null, "connected_node": null, "guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-node-tls-secure", "details": [], "check_len": null, "definition_context_file_path": null }, { "check_id": "CKV2_DOCKER_6", "bc_check_id": null, "check_name": "Ensure that certificate validation isn't disabled with the NODE_TLS_REJECT_UNAUTHORIZED environment variable", "check_result": { "result": "PASSED", "entity": { "block_name_": "RUN", "block_type_": "resource", "file_path_": "/Dockerfile.production", "config_": { "content": "RUN npm run db:generate\n", "value": "npm run db:generate", "__startline__": 21, "__endline__": 21 }, "label_": "resource: RUN", "id_": "RUN", "source_": "Dockerfile", "content": "RUN npm run db:generate\n", "value": "npm run db:generate", "__startline__": 21, "__endline__": 21, "resource_type": "RUN", "hash": "c1f9cc0c42260bb0183d7e7b9ec2edab99837111ad42dbbdd7fad09ff3e37ab0" }, "evaluated_keys": [ "value" ] }, "code_block": [ [ 22, "RUN npm run db:generate\n" ] ], "file_path": "/Dockerfile.production", "file_abs_path": "/scan/Dockerfile.production", "repo_file_path": "/Dockerfile.production", "file_line_range": [ 22, 22 ], "resource": "/Dockerfile.production.RUN", "evaluations": null, "check_class": "checkov.common.graph.checks_infra.base_check", "fixed_definition": null, "entity_tags": null, "caller_file_path": null, "caller_file_line_range": null, "resource_address": null, "severity": null, "bc_category": null, "benchmarks": null, "description": null, "short_description": null, "vulnerability_details": null, "connected_node": null, "guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-node-tls-secure", "details": [], "check_len": null, "definition_context_file_path": null }, { "check_id": "CKV2_DOCKER_6", "bc_check_id": null, "check_name": "Ensure that certificate validation isn't disabled with the NODE_TLS_REJECT_UNAUTHORIZED environment variable", "check_result": { "result": "PASSED", "entity": { "block_name_": "RUN", "block_type_": "resource", "file_path_": "/Dockerfile.production", "config_": { "content": "RUN npm run build\n", "value": "npm run build", "__startline__": 22, "__endline__": 22 }, "label_": "resource: RUN", "id_": "RUN", "source_": "Dockerfile", "content": "RUN npm run build\n", "value": "npm run build", "__startline__": 22, "__endline__": 22, "resource_type": "RUN", "hash": "1bf185fb6038f1b491f2a2686de4dd9869ccdd9c3e34d2772cf43bd368377aa6" }, "evaluated_keys": [ "value" ] }, "code_block": [ [ 23, "RUN npm run build\n" ] ], "file_path": "/Dockerfile.production", "file_abs_path": "/scan/Dockerfile.production", "repo_file_path": "/Dockerfile.production", "file_line_range": [ 23, 23 ], "resource": "/Dockerfile.production.RUN", "evaluations": null, "check_class": "checkov.common.graph.checks_infra.base_check", "fixed_definition": null, "entity_tags": null, "caller_file_path": null, "caller_file_line_range": null, "resource_address": null, "severity": null, "bc_category": null, "benchmarks": null, "description": null, "short_description": null, "vulnerability_details": null, "connected_node": null, "guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-node-tls-secure", "details": [], "check_len": null, "definition_context_file_path": null }, { "check_id": "CKV2_DOCKER_6", "bc_check_id": null, "check_name": "Ensure that certificate validation isn't disabled with the NODE_TLS_REJECT_UNAUTHORIZED environment variable", "check_result": { "result": "PASSED", "entity": { "block_name_": "RUN", "block_type_": "resource", "file_path_": "/Dockerfile.production", "config_": { "content": "RUN corepack enable && corepack prepare npm@10.5.0 --activate\n", "value": "corepack enable && corepack prepare npm@10.5.0 --activate", "__startline__": 30, "__endline__": 30 }, "label_": "resource: RUN", "id_": "RUN", "source_": "Dockerfile", "content": "RUN corepack enable && corepack prepare npm@10.5.0 --activate\n", "value": "corepack enable && corepack prepare npm@10.5.0 --activate", "__startline__": 30, "__endline__": 30, "resource_type": "RUN", "hash": "01c88e306f7db45ae7136e3bdb63c4b15978dd024f6ed18210961fc3db3df382" }, "evaluated_keys": [ "value" ] }, "code_block": [ [ 31, "RUN corepack enable && corepack prepare npm@10.5.0 --activate\n" ] ], "file_path": "/Dockerfile.production", "file_abs_path": "/scan/Dockerfile.production", "repo_file_path": "/Dockerfile.production", "file_line_range": [ 31, 31 ], "resource": "/Dockerfile.production.RUN", "evaluations": null, "check_class": "checkov.common.graph.checks_infra.base_check", "fixed_definition": null, "entity_tags": null, "caller_file_path": null, "caller_file_line_range": null, "resource_address": null, "severity": null, "bc_category": null, "benchmarks": null, "description": null, "short_description": null, "vulnerability_details": null, "connected_node": null, "guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-node-tls-secure", "details": [], "check_len": null, "definition_context_file_path": null }, { "check_id": "CKV2_DOCKER_6", "bc_check_id": null, "check_name": "Ensure that certificate validation isn't disabled with the NODE_TLS_REJECT_UNAUTHORIZED environment variable", "check_result": { "result": "PASSED", "entity": { "block_name_": "ARG", "block_type_": "resource", "file_path_": "/Dockerfile.production", "config_": { "content": "ARG NEXT_PUBLIC_API_URL\n", "value": "NEXT_PUBLIC_API_URL", "__startline__": 11, "__endline__": 11 }, "label_": "resource: ARG", "id_": "ARG", "source_": "Dockerfile", "content": "ARG NEXT_PUBLIC_API_URL\n", "value": "NEXT_PUBLIC_API_URL", "__startline__": 11, "__endline__": 11, "resource_type": "ARG", "hash": "fded00a21c81cd45d8985324636a2acafc73bef594a45811ca0d68265da3f9dc" }, "evaluated_keys": [ "value" ] }, "code_block": [ [ 12, "ARG NEXT_PUBLIC_API_URL\n" ] ], "file_path": "/Dockerfile.production", "file_abs_path": "/scan/Dockerfile.production", "repo_file_path": "/Dockerfile.production", "file_line_range": [ 12, 12 ], "resource": "/Dockerfile.production.ARG", "evaluations": null, "check_class": "checkov.common.graph.checks_infra.base_check", "fixed_definition": null, "entity_tags": null, "caller_file_path": null, "caller_file_line_range": null, "resource_address": null, "severity": null, "bc_category": null, "benchmarks": null, "description": null, "short_description": null, "vulnerability_details": null, "connected_node": null, "guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-node-tls-secure", "details": [], "check_len": null, "definition_context_file_path": null }, { "check_id": "CKV2_DOCKER_6", "bc_check_id": null, "check_name": "Ensure that certificate validation isn't disabled with the NODE_TLS_REJECT_UNAUTHORIZED environment variable", "check_result": { "result": "PASSED", "entity": { "block_name_": "ARG", "block_type_": "resource", "file_path_": "/Dockerfile.production", "config_": { "content": "ARG NEXT_PUBLIC_MARKETPLACE_URL\n", "value": "NEXT_PUBLIC_MARKETPLACE_URL", "__startline__": 12, "__endline__": 12 }, "label_": "resource: ARG", "id_": "ARG", "source_": "Dockerfile", "content": "ARG NEXT_PUBLIC_MARKETPLACE_URL\n", "value": "NEXT_PUBLIC_MARKETPLACE_URL", "__startline__": 12, "__endline__": 12, "resource_type": "ARG", "hash": "11d98758a432fc03021573afe4df769dc34ff0a4aec966f558b5e00c71c6cf3b" }, "evaluated_keys": [ "value" ] }, "code_block": [ [ 13, "ARG NEXT_PUBLIC_MARKETPLACE_URL\n" ] ], "file_path": "/Dockerfile.production", "file_abs_path": "/scan/Dockerfile.production", "repo_file_path": "/Dockerfile.production", "file_line_range": [ 13, 13 ], "resource": "/Dockerfile.production.ARG", "evaluations": null, "check_class": "checkov.common.graph.checks_infra.base_check", "fixed_definition": null, "entity_tags": null, "caller_file_path": null, "caller_file_line_range": null, "resource_address": null, "severity": null, "bc_category": null, "benchmarks": null, "description": null, "short_description": null, "vulnerability_details": null, "connected_node": null, "guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-node-tls-secure", "details": [], "check_len": null, "definition_context_file_path": null }, { "check_id": "CKV2_DOCKER_6", "bc_check_id": null, "check_name": "Ensure that certificate validation isn't disabled with the NODE_TLS_REJECT_UNAUTHORIZED environment variable", "check_result": { "result": "PASSED", "entity": { "block_name_": "ARG", "block_type_": "resource", "file_path_": "/Dockerfile.production", "config_": { "content": "ARG NEXT_PUBLIC_DASHBOARD_URL\n", "value": "NEXT_PUBLIC_DASHBOARD_URL", "__startline__": 13, "__endline__": 13 }, "label_": "resource: ARG", "id_": "ARG", "source_": "Dockerfile", "content": "ARG NEXT_PUBLIC_DASHBOARD_URL\n", "value": "NEXT_PUBLIC_DASHBOARD_URL", "__startline__": 13, "__endline__": 13, "resource_type": "ARG", "hash": "4075db881e0d222faeb86e03db8a05d9a998deab344c05aee0e89d2426e01383" }, "evaluated_keys": [ "value" ] }, "code_block": [ [ 14, "ARG NEXT_PUBLIC_DASHBOARD_URL\n" ] ], "file_path": "/Dockerfile.production", "file_abs_path": "/scan/Dockerfile.production", "repo_file_path": "/Dockerfile.production", "file_line_range": [ 14, 14 ], "resource": "/Dockerfile.production.ARG", "evaluations": null, "check_class": "checkov.common.graph.checks_infra.base_check", "fixed_definition": null, "entity_tags": null, "caller_file_path": null, "caller_file_line_range": null, "resource_address": null, "severity": null, "bc_category": null, "benchmarks": null, "description": null, "short_description": null, "vulnerability_details": null, "connected_node": null, "guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-node-tls-secure", "details": [], "check_len": null, "definition_context_file_path": null }, { "check_id": "CKV2_DOCKER_6", "bc_check_id": null, "check_name": "Ensure that certificate validation isn't disabled with the NODE_TLS_REJECT_UNAUTHORIZED environment variable", "check_result": { "result": "PASSED", "entity": { "block_name_": "ARG", "block_type_": "resource", "file_path_": "/Dockerfile.production", "config_": { "content": "ARG NEXT_PUBLIC_ADMIN_URL\n", "value": "NEXT_PUBLIC_ADMIN_URL", "__startline__": 14, "__endline__": 14 }, "label_": "resource: ARG", "id_": "ARG", "source_": "Dockerfile", "content": "ARG NEXT_PUBLIC_ADMIN_URL\n", "value": "NEXT_PUBLIC_ADMIN_URL", "__startline__": 14, "__endline__": 14, "resource_type": "ARG", "hash": "a4c9bf1c4e349946074fb4c606d0db63c06a809d125e58ddd09427e4d929fd6a" }, "evaluated_keys": [ "value" ] }, "code_block": [ [ 15, "ARG NEXT_PUBLIC_ADMIN_URL\n" ] ], "file_path": "/Dockerfile.production", "file_abs_path": "/scan/Dockerfile.production", "repo_file_path": "/Dockerfile.production", "file_line_range": [ 15, 15 ], "resource": "/Dockerfile.production.ARG", "evaluations": null, "check_class": "checkov.common.graph.checks_infra.base_check", "fixed_definition": null, "entity_tags": null, "caller_file_path": null, "caller_file_line_range": null, "resource_address": null, "severity": null, "bc_category": null, "benchmarks": null, "description": null, "short_description": null, "vulnerability_details": null, "connected_node": null, "guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-node-tls-secure", "details": [], "check_len": null, "definition_context_file_path": null }, { "check_id": "CKV2_DOCKER_6", "bc_check_id": null, "check_name": "Ensure that certificate validation isn't disabled with the NODE_TLS_REJECT_UNAUTHORIZED environment variable", "check_result": { "result": "PASSED", "entity": { "block_name_": "ENV", "block_type_": "resource", "file_path_": "/Dockerfile.production", "config_": { "content": "ENV NEXT_PUBLIC_API_URL=$NEXT_PUBLIC_API_URL \\\n NEXT_PUBLIC_MARKETPLACE_URL=$NEXT_PUBLIC_MARKETPLACE_URL \\\n NEXT_PUBLIC_DASHBOARD_URL=$NEXT_PUBLIC_DASHBOARD_URL \\\n NEXT_PUBLIC_ADMIN_URL=$NEXT_PUBLIC_ADMIN_URL\n", "value": "NEXT_PUBLIC_API_URL=$NEXT_PUBLIC_API_URL NEXT_PUBLIC_MARKETPLACE_URL=$NEXT_PUBLIC_MARKETPLACE_URL NEXT_PUBLIC_DASHBOARD_URL=$NEXT_PUBLIC_DASHBOARD_URL NEXT_PUBLIC_ADMIN_URL=$NEXT_PUBLIC_ADMIN_URL", "__startline__": 15, "__endline__": 18 }, "label_": "resource: ENV", "id_": "ENV", "source_": "Dockerfile", "content": "ENV NEXT_PUBLIC_API_URL=$NEXT_PUBLIC_API_URL \\\n NEXT_PUBLIC_MARKETPLACE_URL=$NEXT_PUBLIC_MARKETPLACE_URL \\\n NEXT_PUBLIC_DASHBOARD_URL=$NEXT_PUBLIC_DASHBOARD_URL \\\n NEXT_PUBLIC_ADMIN_URL=$NEXT_PUBLIC_ADMIN_URL\n", "value": "NEXT_PUBLIC_API_URL=$NEXT_PUBLIC_API_URL NEXT_PUBLIC_MARKETPLACE_URL=$NEXT_PUBLIC_MARKETPLACE_URL NEXT_PUBLIC_DASHBOARD_URL=$NEXT_PUBLIC_DASHBOARD_URL NEXT_PUBLIC_ADMIN_URL=$NEXT_PUBLIC_ADMIN_URL", "__startline__": 15, "__endline__": 18, "resource_type": "ENV", "hash": "65abe3eb0aadfa3b1ed513b9e21f4f8c4524ec8c298e7123de46806870b90557" }, "evaluated_keys": [ "value" ] }, "code_block": [ [ 16, "ENV NEXT_PUBLIC_API_URL=$NEXT_PUBLIC_API_URL \\\n" ], [ 17, " NEXT_PUBLIC_MARKETPLACE_URL=$NEXT_PUBLIC_MARKETPLACE_URL \\\n" ], [ 18, " NEXT_PUBLIC_DASHBOARD_URL=$NEXT_PUBLIC_DASHBOARD_URL \\\n" ], [ 19, " NEXT_PUBLIC_ADMIN_URL=$NEXT_PUBLIC_ADMIN_URL\n" ] ], "file_path": "/Dockerfile.production", "file_abs_path": "/scan/Dockerfile.production", "repo_file_path": "/Dockerfile.production", "file_line_range": [ 16, 19 ], "resource": "/Dockerfile.production.ENV", "evaluations": null, "check_class": "checkov.common.graph.checks_infra.base_check", "fixed_definition": null, "entity_tags": null, "caller_file_path": null, "caller_file_line_range": null, "resource_address": null, "severity": null, "bc_category": null, "benchmarks": null, "description": null, "short_description": null, "vulnerability_details": null, "connected_node": null, "guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-node-tls-secure", "details": [], "check_len": null, "definition_context_file_path": null }, { "check_id": "CKV2_DOCKER_6", "bc_check_id": null, "check_name": "Ensure that certificate validation isn't disabled with the NODE_TLS_REJECT_UNAUTHORIZED environment variable", "check_result": { "result": "PASSED", "entity": { "block_name_": "ENV", "block_type_": "resource", "file_path_": "/Dockerfile.production", "config_": { "content": "ENV NODE_ENV=production\n", "value": "NODE_ENV=production", "__startline__": 28, "__endline__": 28 }, "label_": "resource: ENV", "id_": "ENV", "source_": "Dockerfile", "content": "ENV NODE_ENV=production\n", "value": "NODE_ENV=production", "__startline__": 28, "__endline__": 28, "resource_type": "ENV", "hash": "5a6afcff0e4c111b04ace6d372feb2943096034796456739be650482e87f3e0e" }, "evaluated_keys": [ "value" ] }, "code_block": [ [ 29, "ENV NODE_ENV=production\n" ] ], "file_path": "/Dockerfile.production", "file_abs_path": "/scan/Dockerfile.production", "repo_file_path": "/Dockerfile.production", "file_line_range": [ 29, 29 ], "resource": "/Dockerfile.production.ENV", "evaluations": null, "check_class": "checkov.common.graph.checks_infra.base_check", "fixed_definition": null, "entity_tags": null, "caller_file_path": null, "caller_file_line_range": null, "resource_address": null, "severity": null, "bc_category": null, "benchmarks": null, "description": null, "short_description": null, "vulnerability_details": null, "connected_node": null, "guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-node-tls-secure", "details": [], "check_len": null, "definition_context_file_path": null }, { "check_id": "CKV2_DOCKER_6", "bc_check_id": null, "check_name": "Ensure that certificate validation isn't disabled with the NODE_TLS_REJECT_UNAUTHORIZED environment variable", "check_result": { "result": "PASSED", "entity": { "block_name_": "RUN", "block_type_": "resource", "file_path_": "/Dockerfile.test", "config_": { "content": "RUN corepack enable && corepack prepare npm@10.5.0 --activate\n", "value": "corepack enable && corepack prepare npm@10.5.0 --activate", "__startline__": 4, "__endline__": 4 }, "label_": "resource: RUN", "id_": "RUN", "source_": "Dockerfile", "content": "RUN corepack enable && corepack prepare npm@10.5.0 --activate\n", "value": "corepack enable && corepack prepare npm@10.5.0 --activate", "__startline__": 4, "__endline__": 4, "resource_type": "RUN", "hash": "1d5fb0a211498b8baf37e5744578ad03459da7798534298981f23fdefb7eb757" }, "evaluated_keys": [ "value" ] }, "code_block": [ [ 5, "RUN corepack enable && corepack prepare npm@10.5.0 --activate\n" ] ], "file_path": "/Dockerfile.test", "file_abs_path": "/scan/Dockerfile.test", "repo_file_path": "/Dockerfile.test", "file_line_range": [ 5, 5 ], "resource": "/Dockerfile.test.RUN", "evaluations": null, "check_class": "checkov.common.graph.checks_infra.base_check", "fixed_definition": null, "entity_tags": null, "caller_file_path": null, "caller_file_line_range": null, "resource_address": null, "severity": null, "bc_category": null, "benchmarks": null, "description": null, "short_description": null, "vulnerability_details": null, "connected_node": null, "guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-node-tls-secure", "details": [], "check_len": null, "definition_context_file_path": null }, { "check_id": "CKV2_DOCKER_6", "bc_check_id": null, "check_name": "Ensure that certificate validation isn't disabled with the NODE_TLS_REJECT_UNAUTHORIZED environment variable", "check_result": { "result": "PASSED", "entity": { "block_name_": "RUN", "block_type_": "resource", "file_path_": "/Dockerfile.test", "config_": { "content": "RUN npm install\n", "value": "npm install", "__startline__": 10, "__endline__": 10 }, "label_": "resource: RUN", "id_": "RUN", "source_": "Dockerfile", "content": "RUN npm install\n", "value": "npm install", "__startline__": 10, "__endline__": 10, "resource_type": "RUN", "hash": "fb809e4860a3131df821aea9480445cc6e2f66dd52744dab5f3d2ef5b2848436" }, "evaluated_keys": [ "value" ] }, "code_block": [ [ 11, "RUN npm install\n" ] ], "file_path": "/Dockerfile.test", "file_abs_path": "/scan/Dockerfile.test", "repo_file_path": "/Dockerfile.test", "file_line_range": [ 11, 11 ], "resource": "/Dockerfile.test.RUN", "evaluations": null, "check_class": "checkov.common.graph.checks_infra.base_check", "fixed_definition": null, "entity_tags": null, "caller_file_path": null, "caller_file_line_range": null, "resource_address": null, "severity": null, "bc_category": null, "benchmarks": null, "description": null, "short_description": null, "vulnerability_details": null, "connected_node": null, "guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-node-tls-secure", "details": [], "check_len": null, "definition_context_file_path": null }, { "check_id": "CKV2_DOCKER_6", "bc_check_id": null, "check_name": "Ensure that certificate validation isn't disabled with the NODE_TLS_REJECT_UNAUTHORIZED environment variable", "check_result": { "result": "PASSED", "entity": { "block_name_": "ENV", "block_type_": "resource", "file_path_": "/Dockerfile.test", "config_": { "content": "ENV NODE_ENV=test\n", "value": "NODE_ENV=test", "__startline__": 12, "__endline__": 12 }, "label_": "resource: ENV", "id_": "ENV", "source_": "Dockerfile", "content": "ENV NODE_ENV=test\n", "value": "NODE_ENV=test", "__startline__": 12, "__endline__": 12, "resource_type": "ENV", "hash": "14d83a642c69d4cf67fcdbeb6dace7ba464024fdcad52f8129d63c78042457cb" }, "evaluated_keys": [ "value" ] }, "code_block": [ [ 13, "ENV NODE_ENV=test\n" ] ], "file_path": "/Dockerfile.test", "file_abs_path": "/scan/Dockerfile.test", "repo_file_path": "/Dockerfile.test", "file_line_range": [ 13, 13 ], "resource": "/Dockerfile.test.ENV", "evaluations": null, "check_class": "checkov.common.graph.checks_infra.base_check", "fixed_definition": null, "entity_tags": null, "caller_file_path": null, "caller_file_line_range": null, "resource_address": null, "severity": null, "bc_category": null, "benchmarks": null, "description": null, "short_description": null, "vulnerability_details": null, "connected_node": null, "guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-node-tls-secure", "details": [], "check_len": null, "definition_context_file_path": null }, { "check_id": "CKV2_DOCKER_6", "bc_check_id": null, "check_name": "Ensure that certificate validation isn't disabled with the NODE_TLS_REJECT_UNAUTHORIZED environment variable", "check_result": { "result": "PASSED", "entity": { "block_name_": "RUN", "block_type_": "resource", "file_path_": "/Dockerfile.dev", "config_": { "content": "RUN npm install -g npm@10.5.0 --no-fund --no-audit\n", "value": "npm install -g npm@10.5.0 --no-fund --no-audit", "__startline__": 4, "__endline__": 4 }, "label_": "resource: RUN", "id_": "RUN", "source_": "Dockerfile", "content": "RUN npm install -g npm@10.5.0 --no-fund --no-audit\n", "value": "npm install -g npm@10.5.0 --no-fund --no-audit", "__startline__": 4, "__endline__": 4, "resource_type": "RUN", "hash": "435bba968d1d0b4c410ea33851637829a16b2ad878f0b9531a737c7a444f91b9" }, "evaluated_keys": [ "value" ] }, "code_block": [ [ 5, "RUN npm install -g npm@10.5.0 --no-fund --no-audit\n" ] ], "file_path": "/Dockerfile.dev", "file_abs_path": "/scan/Dockerfile.dev", "repo_file_path": "/Dockerfile.dev", "file_line_range": [ 5, 5 ], "resource": "/Dockerfile.dev.RUN", "evaluations": null, "check_class": "checkov.common.graph.checks_infra.base_check", "fixed_definition": null, "entity_tags": null, "caller_file_path": null, "caller_file_line_range": null, "resource_address": null, "severity": null, "bc_category": null, "benchmarks": null, "description": null, "short_description": null, "vulnerability_details": null, "connected_node": null, "guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-node-tls-secure", "details": [], "check_len": null, "definition_context_file_path": null }, { "check_id": "CKV2_DOCKER_6", "bc_check_id": null, "check_name": "Ensure that certificate validation isn't disabled with the NODE_TLS_REJECT_UNAUTHORIZED environment variable", "check_result": { "result": "PASSED", "entity": { "block_name_": "RUN", "block_type_": "resource", "file_path_": "/Dockerfile.dev", "config_": { "content": "RUN npm ci --no-fund --no-audit\n", "value": "npm ci --no-fund --no-audit", "__startline__": 10, "__endline__": 10 }, "label_": "resource: RUN", "id_": "RUN", "source_": "Dockerfile", "content": "RUN npm ci --no-fund --no-audit\n", "value": "npm ci --no-fund --no-audit", "__startline__": 10, "__endline__": 10, "resource_type": "RUN", "hash": "57abb1bbe03890ab19f47e5f96b9cbcee02aab65f6980d523df42faf41b709fa" }, "evaluated_keys": [ "value" ] }, "code_block": [ [ 11, "RUN npm ci --no-fund --no-audit\n" ] ], "file_path": "/Dockerfile.dev", "file_abs_path": "/scan/Dockerfile.dev", "repo_file_path": "/Dockerfile.dev", "file_line_range": [ 11, 11 ], "resource": "/Dockerfile.dev.RUN", "evaluations": null, "check_class": "checkov.common.graph.checks_infra.base_check", "fixed_definition": null, "entity_tags": null, "caller_file_path": null, "caller_file_line_range": null, "resource_address": null, "severity": null, "bc_category": null, "benchmarks": null, "description": null, "short_description": null, "vulnerability_details": null, "connected_node": null, "guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-node-tls-secure", "details": [], "check_len": null, "definition_context_file_path": null }, { "check_id": "CKV2_DOCKER_11", "bc_check_id": null, "check_name": "Ensure that the '--force-yes' option is not used, as it disables signature validation and allows packages to be downgraded which can leave the system in a broken or inconsistent state", "check_result": { "result": "PASSED", "entity": { "block_name_": "RUN", "block_type_": "resource", "file_path_": "/Dockerfile.production", "config_": { "content": "RUN corepack enable && corepack prepare npm@10.5.0 --activate\n", "value": "corepack enable && corepack prepare npm@10.5.0 --activate", "__startline__": 4, "__endline__": 4 }, "label_": "resource: RUN", "id_": "RUN", "source_": "Dockerfile", "content": "RUN corepack enable && corepack prepare npm@10.5.0 --activate\n", "value": "corepack enable && corepack prepare npm@10.5.0 --activate", "__startline__": 4, "__endline__": 4, "resource_type": "RUN", "hash": "dbd32b6bad6b728919787011f82d60c50d7b2d1c079f814de2b1640696c98816" }, "evaluated_keys": [ "value" ] }, "code_block": [ [ 5, "RUN corepack enable && corepack prepare npm@10.5.0 --activate\n" ] ], "file_path": "/Dockerfile.production", "file_abs_path": "/scan/Dockerfile.production", "repo_file_path": "/Dockerfile.production", "file_line_range": [ 5, 5 ], "resource": "/Dockerfile.production.RUN", "evaluations": null, "check_class": "checkov.common.graph.checks_infra.base_check", "fixed_definition": null, "entity_tags": null, "caller_file_path": null, "caller_file_line_range": null, "resource_address": null, "severity": null, "bc_category": null, "benchmarks": null, "description": null, "short_description": null, "vulnerability_details": null, "connected_node": null, "guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-apt-force", "details": [], "check_len": null, "definition_context_file_path": null }, { "check_id": "CKV2_DOCKER_11", "bc_check_id": null, "check_name": "Ensure that the '--force-yes' option is not used, as it disables signature validation and allows packages to be downgraded which can leave the system in a broken or inconsistent state", "check_result": { "result": "PASSED", "entity": { "block_name_": "RUN", "block_type_": "resource", "file_path_": "/Dockerfile.production", "config_": { "content": "RUN npm install\n", "value": "npm install", "__startline__": 20, "__endline__": 20 }, "label_": "resource: RUN", "id_": "RUN", "source_": "Dockerfile", "content": "RUN npm install\n", "value": "npm install", "__startline__": 20, "__endline__": 20, "resource_type": "RUN", "hash": "6979b14e6a853ac150ffef85c5e28fd49c956054ea2cb1d01440e13b17260c4a" }, "evaluated_keys": [ "value" ] }, "code_block": [ [ 21, "RUN npm install\n" ] ], "file_path": "/Dockerfile.production", "file_abs_path": "/scan/Dockerfile.production", "repo_file_path": "/Dockerfile.production", "file_line_range": [ 21, 21 ], "resource": "/Dockerfile.production.RUN", "evaluations": null, "check_class": "checkov.common.graph.checks_infra.base_check", "fixed_definition": null, "entity_tags": null, "caller_file_path": null, "caller_file_line_range": null, "resource_address": null, "severity": null, "bc_category": null, "benchmarks": null, "description": null, "short_description": null, "vulnerability_details": null, "connected_node": null, "guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-apt-force", "details": [], "check_len": null, "definition_context_file_path": null }, { "check_id": "CKV2_DOCKER_11", "bc_check_id": null, "check_name": "Ensure that the '--force-yes' option is not used, as it disables signature validation and allows packages to be downgraded which can leave the system in a broken or inconsistent state", "check_result": { "result": "PASSED", "entity": { "block_name_": "RUN", "block_type_": "resource", "file_path_": "/Dockerfile.production", "config_": { "content": "RUN npm run db:generate\n", "value": "npm run db:generate", "__startline__": 21, "__endline__": 21 }, "label_": "resource: RUN", "id_": "RUN", "source_": "Dockerfile", "content": "RUN npm run db:generate\n", "value": "npm run db:generate", "__startline__": 21, "__endline__": 21, "resource_type": "RUN", "hash": "c1f9cc0c42260bb0183d7e7b9ec2edab99837111ad42dbbdd7fad09ff3e37ab0" }, "evaluated_keys": [ "value" ] }, "code_block": [ [ 22, "RUN npm run db:generate\n" ] ], "file_path": "/Dockerfile.production", "file_abs_path": "/scan/Dockerfile.production", "repo_file_path": "/Dockerfile.production", "file_line_range": [ 22, 22 ], "resource": "/Dockerfile.production.RUN", "evaluations": null, "check_class": "checkov.common.graph.checks_infra.base_check", "fixed_definition": null, "entity_tags": null, "caller_file_path": null, "caller_file_line_range": null, "resource_address": null, "severity": null, "bc_category": null, "benchmarks": null, "description": null, "short_description": null, "vulnerability_details": null, "connected_node": null, "guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-apt-force", "details": [], "check_len": null, "definition_context_file_path": null }, { "check_id": "CKV2_DOCKER_11", "bc_check_id": null, "check_name": "Ensure that the '--force-yes' option is not used, as it disables signature validation and allows packages to be downgraded which can leave the system in a broken or inconsistent state", "check_result": { "result": "PASSED", "entity": { "block_name_": "RUN", "block_type_": "resource", "file_path_": "/Dockerfile.production", "config_": { "content": "RUN npm run build\n", "value": "npm run build", "__startline__": 22, "__endline__": 22 }, "label_": "resource: RUN", "id_": "RUN", "source_": "Dockerfile", "content": "RUN npm run build\n", "value": "npm run build", "__startline__": 22, "__endline__": 22, "resource_type": "RUN", "hash": "1bf185fb6038f1b491f2a2686de4dd9869ccdd9c3e34d2772cf43bd368377aa6" }, "evaluated_keys": [ "value" ] }, "code_block": [ [ 23, "RUN npm run build\n" ] ], "file_path": "/Dockerfile.production", "file_abs_path": "/scan/Dockerfile.production", "repo_file_path": "/Dockerfile.production", "file_line_range": [ 23, 23 ], "resource": "/Dockerfile.production.RUN", "evaluations": null, "check_class": "checkov.common.graph.checks_infra.base_check", "fixed_definition": null, "entity_tags": null, "caller_file_path": null, "caller_file_line_range": null, "resource_address": null, "severity": null, "bc_category": null, "benchmarks": null, "description": null, "short_description": null, "vulnerability_details": null, "connected_node": null, "guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-apt-force", "details": [], "check_len": null, "definition_context_file_path": null }, { "check_id": "CKV2_DOCKER_11", "bc_check_id": null, "check_name": "Ensure that the '--force-yes' option is not used, as it disables signature validation and allows packages to be downgraded which can leave the system in a broken or inconsistent state", "check_result": { "result": "PASSED", "entity": { "block_name_": "RUN", "block_type_": "resource", "file_path_": "/Dockerfile.production", "config_": { "content": "RUN corepack enable && corepack prepare npm@10.5.0 --activate\n", "value": "corepack enable && corepack prepare npm@10.5.0 --activate", "__startline__": 30, "__endline__": 30 }, "label_": "resource: RUN", "id_": "RUN", "source_": "Dockerfile", "content": "RUN corepack enable && corepack prepare npm@10.5.0 --activate\n", "value": "corepack enable && corepack prepare npm@10.5.0 --activate", "__startline__": 30, "__endline__": 30, "resource_type": "RUN", "hash": "01c88e306f7db45ae7136e3bdb63c4b15978dd024f6ed18210961fc3db3df382" }, "evaluated_keys": [ "value" ] }, "code_block": [ [ 31, "RUN corepack enable && corepack prepare npm@10.5.0 --activate\n" ] ], "file_path": "/Dockerfile.production", "file_abs_path": "/scan/Dockerfile.production", "repo_file_path": "/Dockerfile.production", "file_line_range": [ 31, 31 ], "resource": "/Dockerfile.production.RUN", "evaluations": null, "check_class": "checkov.common.graph.checks_infra.base_check", "fixed_definition": null, "entity_tags": null, "caller_file_path": null, "caller_file_line_range": null, "resource_address": null, "severity": null, "bc_category": null, "benchmarks": null, "description": null, "short_description": null, "vulnerability_details": null, "connected_node": null, "guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-apt-force", "details": [], "check_len": null, "definition_context_file_path": null }, { "check_id": "CKV2_DOCKER_11", "bc_check_id": null, "check_name": "Ensure that the '--force-yes' option is not used, as it disables signature validation and allows packages to be downgraded which can leave the system in a broken or inconsistent state", "check_result": { "result": "PASSED", "entity": { "block_name_": "RUN", "block_type_": "resource", "file_path_": "/Dockerfile.test", "config_": { "content": "RUN corepack enable && corepack prepare npm@10.5.0 --activate\n", "value": "corepack enable && corepack prepare npm@10.5.0 --activate", "__startline__": 4, "__endline__": 4 }, "label_": "resource: RUN", "id_": "RUN", "source_": "Dockerfile", "content": "RUN corepack enable && corepack prepare npm@10.5.0 --activate\n", "value": "corepack enable && corepack prepare npm@10.5.0 --activate", "__startline__": 4, "__endline__": 4, "resource_type": "RUN", "hash": "1d5fb0a211498b8baf37e5744578ad03459da7798534298981f23fdefb7eb757" }, "evaluated_keys": [ "value" ] }, "code_block": [ [ 5, "RUN corepack enable && corepack prepare npm@10.5.0 --activate\n" ] ], "file_path": "/Dockerfile.test", "file_abs_path": "/scan/Dockerfile.test", "repo_file_path": "/Dockerfile.test", "file_line_range": [ 5, 5 ], "resource": "/Dockerfile.test.RUN", "evaluations": null, "check_class": "checkov.common.graph.checks_infra.base_check", "fixed_definition": null, "entity_tags": null, "caller_file_path": null, "caller_file_line_range": null, "resource_address": null, "severity": null, "bc_category": null, "benchmarks": null, "description": null, "short_description": null, "vulnerability_details": null, "connected_node": null, "guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-apt-force", "details": [], "check_len": null, "definition_context_file_path": null }, { "check_id": "CKV2_DOCKER_11", "bc_check_id": null, "check_name": "Ensure that the '--force-yes' option is not used, as it disables signature validation and allows packages to be downgraded which can leave the system in a broken or inconsistent state", "check_result": { "result": "PASSED", "entity": { "block_name_": "RUN", "block_type_": "resource", "file_path_": "/Dockerfile.test", "config_": { "content": "RUN npm install\n", "value": "npm install", "__startline__": 10, "__endline__": 10 }, "label_": "resource: RUN", "id_": "RUN", "source_": "Dockerfile", "content": "RUN npm install\n", "value": "npm install", "__startline__": 10, "__endline__": 10, "resource_type": "RUN", "hash": "fb809e4860a3131df821aea9480445cc6e2f66dd52744dab5f3d2ef5b2848436" }, "evaluated_keys": [ "value" ] }, "code_block": [ [ 11, "RUN npm install\n" ] ], "file_path": "/Dockerfile.test", "file_abs_path": "/scan/Dockerfile.test", "repo_file_path": "/Dockerfile.test", "file_line_range": [ 11, 11 ], "resource": "/Dockerfile.test.RUN", "evaluations": null, "check_class": "checkov.common.graph.checks_infra.base_check", "fixed_definition": null, "entity_tags": null, "caller_file_path": null, "caller_file_line_range": null, "resource_address": null, "severity": null, "bc_category": null, "benchmarks": null, "description": null, "short_description": null, "vulnerability_details": null, "connected_node": null, "guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-apt-force", "details": [], "check_len": null, "definition_context_file_path": null }, { "check_id": "CKV2_DOCKER_11", "bc_check_id": null, "check_name": "Ensure that the '--force-yes' option is not used, as it disables signature validation and allows packages to be downgraded which can leave the system in a broken or inconsistent state", "check_result": { "result": "PASSED", "entity": { "block_name_": "RUN", "block_type_": "resource", "file_path_": "/Dockerfile.dev", "config_": { "content": "RUN npm install -g npm@10.5.0 --no-fund --no-audit\n", "value": "npm install -g npm@10.5.0 --no-fund --no-audit", "__startline__": 4, "__endline__": 4 }, "label_": "resource: RUN", "id_": "RUN", "source_": "Dockerfile", "content": "RUN npm install -g npm@10.5.0 --no-fund --no-audit\n", "value": "npm install -g npm@10.5.0 --no-fund --no-audit", "__startline__": 4, "__endline__": 4, "resource_type": "RUN", "hash": "435bba968d1d0b4c410ea33851637829a16b2ad878f0b9531a737c7a444f91b9" }, "evaluated_keys": [ "value" ] }, "code_block": [ [ 5, "RUN npm install -g npm@10.5.0 --no-fund --no-audit\n" ] ], "file_path": "/Dockerfile.dev", "file_abs_path": "/scan/Dockerfile.dev", "repo_file_path": "/Dockerfile.dev", "file_line_range": [ 5, 5 ], "resource": "/Dockerfile.dev.RUN", "evaluations": null, "check_class": "checkov.common.graph.checks_infra.base_check", "fixed_definition": null, "entity_tags": null, "caller_file_path": null, "caller_file_line_range": null, "resource_address": null, "severity": null, "bc_category": null, "benchmarks": null, "description": null, "short_description": null, "vulnerability_details": null, "connected_node": null, "guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-apt-force", "details": [], "check_len": null, "definition_context_file_path": null }, { "check_id": "CKV2_DOCKER_11", "bc_check_id": null, "check_name": "Ensure that the '--force-yes' option is not used, as it disables signature validation and allows packages to be downgraded which can leave the system in a broken or inconsistent state", "check_result": { "result": "PASSED", "entity": { "block_name_": "RUN", "block_type_": "resource", "file_path_": "/Dockerfile.dev", "config_": { "content": "RUN npm ci --no-fund --no-audit\n", "value": "npm ci --no-fund --no-audit", "__startline__": 10, "__endline__": 10 }, "label_": "resource: RUN", "id_": "RUN", "source_": "Dockerfile", "content": "RUN npm ci --no-fund --no-audit\n", "value": "npm ci --no-fund --no-audit", "__startline__": 10, "__endline__": 10, "resource_type": "RUN", "hash": "57abb1bbe03890ab19f47e5f96b9cbcee02aab65f6980d523df42faf41b709fa" }, "evaluated_keys": [ "value" ] }, "code_block": [ [ 11, "RUN npm ci --no-fund --no-audit\n" ] ], "file_path": "/Dockerfile.dev", "file_abs_path": "/scan/Dockerfile.dev", "repo_file_path": "/Dockerfile.dev", "file_line_range": [ 11, 11 ], "resource": "/Dockerfile.dev.RUN", "evaluations": null, "check_class": "checkov.common.graph.checks_infra.base_check", "fixed_definition": null, "entity_tags": null, "caller_file_path": null, "caller_file_line_range": null, "resource_address": null, "severity": null, "bc_category": null, "benchmarks": null, "description": null, "short_description": null, "vulnerability_details": null, "connected_node": null, "guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-apt-force", "details": [], "check_len": null, "definition_context_file_path": null }, { "check_id": "CKV2_DOCKER_3", "bc_check_id": null, "check_name": "Ensure that certificate validation isn't disabled with wget", "check_result": { "result": "PASSED", "entity": { "block_name_": "RUN", "block_type_": "resource", "file_path_": "/Dockerfile.production", "config_": { "content": "RUN corepack enable && corepack prepare npm@10.5.0 --activate\n", "value": "corepack enable && corepack prepare npm@10.5.0 --activate", "__startline__": 4, "__endline__": 4 }, "label_": "resource: RUN", "id_": "RUN", "source_": "Dockerfile", "content": "RUN corepack enable && corepack prepare npm@10.5.0 --activate\n", "value": "corepack enable && corepack prepare npm@10.5.0 --activate", "__startline__": 4, "__endline__": 4, "resource_type": "RUN", "hash": "dbd32b6bad6b728919787011f82d60c50d7b2d1c079f814de2b1640696c98816" }, "evaluated_keys": [ "value" ] }, "code_block": [ [ 5, "RUN corepack enable && corepack prepare npm@10.5.0 --activate\n" ] ], "file_path": "/Dockerfile.production", "file_abs_path": "/scan/Dockerfile.production", "repo_file_path": "/Dockerfile.production", "file_line_range": [ 5, 5 ], "resource": "/Dockerfile.production.RUN", "evaluations": null, "check_class": "checkov.common.graph.checks_infra.base_check", "fixed_definition": null, "entity_tags": null, "caller_file_path": null, "caller_file_line_range": null, "resource_address": null, "severity": null, "bc_category": null, "benchmarks": null, "description": null, "short_description": null, "vulnerability_details": null, "connected_node": null, "guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-wget-secure", "details": [], "check_len": null, "definition_context_file_path": null }, { "check_id": "CKV2_DOCKER_3", "bc_check_id": null, "check_name": "Ensure that certificate validation isn't disabled with wget", "check_result": { "result": "PASSED", "entity": { "block_name_": "RUN", "block_type_": "resource", "file_path_": "/Dockerfile.production", "config_": { "content": "RUN npm install\n", "value": "npm install", "__startline__": 20, "__endline__": 20 }, "label_": "resource: RUN", "id_": "RUN", "source_": "Dockerfile", "content": "RUN npm install\n", "value": "npm install", "__startline__": 20, "__endline__": 20, "resource_type": "RUN", "hash": "6979b14e6a853ac150ffef85c5e28fd49c956054ea2cb1d01440e13b17260c4a" }, "evaluated_keys": [ "value" ] }, "code_block": [ [ 21, "RUN npm install\n" ] ], "file_path": "/Dockerfile.production", "file_abs_path": "/scan/Dockerfile.production", "repo_file_path": "/Dockerfile.production", "file_line_range": [ 21, 21 ], "resource": "/Dockerfile.production.RUN", "evaluations": null, "check_class": "checkov.common.graph.checks_infra.base_check", "fixed_definition": null, "entity_tags": null, "caller_file_path": null, "caller_file_line_range": null, "resource_address": null, "severity": null, "bc_category": null, "benchmarks": null, "description": null, "short_description": null, "vulnerability_details": null, "connected_node": null, "guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-wget-secure", "details": [], "check_len": null, "definition_context_file_path": null }, { "check_id": "CKV2_DOCKER_3", "bc_check_id": null, "check_name": "Ensure that certificate validation isn't disabled with wget", "check_result": { "result": "PASSED", "entity": { "block_name_": "RUN", "block_type_": "resource", "file_path_": "/Dockerfile.production", "config_": { "content": "RUN npm run db:generate\n", "value": "npm run db:generate", "__startline__": 21, "__endline__": 21 }, "label_": "resource: RUN", "id_": "RUN", "source_": "Dockerfile", "content": "RUN npm run db:generate\n", "value": "npm run db:generate", "__startline__": 21, "__endline__": 21, "resource_type": "RUN", "hash": "c1f9cc0c42260bb0183d7e7b9ec2edab99837111ad42dbbdd7fad09ff3e37ab0" }, "evaluated_keys": [ "value" ] }, "code_block": [ [ 22, "RUN npm run db:generate\n" ] ], "file_path": "/Dockerfile.production", "file_abs_path": "/scan/Dockerfile.production", "repo_file_path": "/Dockerfile.production", "file_line_range": [ 22, 22 ], "resource": "/Dockerfile.production.RUN", "evaluations": null, "check_class": "checkov.common.graph.checks_infra.base_check", "fixed_definition": null, "entity_tags": null, "caller_file_path": null, "caller_file_line_range": null, "resource_address": null, "severity": null, "bc_category": null, "benchmarks": null, "description": null, "short_description": null, "vulnerability_details": null, "connected_node": null, "guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-wget-secure", "details": [], "check_len": null, "definition_context_file_path": null }, { "check_id": "CKV2_DOCKER_3", "bc_check_id": null, "check_name": "Ensure that certificate validation isn't disabled with wget", "check_result": { "result": "PASSED", "entity": { "block_name_": "RUN", "block_type_": "resource", "file_path_": "/Dockerfile.production", "config_": { "content": "RUN npm run build\n", "value": "npm run build", "__startline__": 22, "__endline__": 22 }, "label_": "resource: RUN", "id_": "RUN", "source_": "Dockerfile", "content": "RUN npm run build\n", "value": "npm run build", "__startline__": 22, "__endline__": 22, "resource_type": "RUN", "hash": "1bf185fb6038f1b491f2a2686de4dd9869ccdd9c3e34d2772cf43bd368377aa6" }, "evaluated_keys": [ "value" ] }, "code_block": [ [ 23, "RUN npm run build\n" ] ], "file_path": "/Dockerfile.production", "file_abs_path": "/scan/Dockerfile.production", "repo_file_path": "/Dockerfile.production", "file_line_range": [ 23, 23 ], "resource": "/Dockerfile.production.RUN", "evaluations": null, "check_class": "checkov.common.graph.checks_infra.base_check", "fixed_definition": null, "entity_tags": null, "caller_file_path": null, "caller_file_line_range": null, "resource_address": null, "severity": null, "bc_category": null, "benchmarks": null, "description": null, "short_description": null, "vulnerability_details": null, "connected_node": null, "guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-wget-secure", "details": [], "check_len": null, "definition_context_file_path": null }, { "check_id": "CKV2_DOCKER_3", "bc_check_id": null, "check_name": "Ensure that certificate validation isn't disabled with wget", "check_result": { "result": "PASSED", "entity": { "block_name_": "RUN", "block_type_": "resource", "file_path_": "/Dockerfile.production", "config_": { "content": "RUN corepack enable && corepack prepare npm@10.5.0 --activate\n", "value": "corepack enable && corepack prepare npm@10.5.0 --activate", "__startline__": 30, "__endline__": 30 }, "label_": "resource: RUN", "id_": "RUN", "source_": "Dockerfile", "content": "RUN corepack enable && corepack prepare npm@10.5.0 --activate\n", "value": "corepack enable && corepack prepare npm@10.5.0 --activate", "__startline__": 30, "__endline__": 30, "resource_type": "RUN", "hash": "01c88e306f7db45ae7136e3bdb63c4b15978dd024f6ed18210961fc3db3df382" }, "evaluated_keys": [ "value" ] }, "code_block": [ [ 31, "RUN corepack enable && corepack prepare npm@10.5.0 --activate\n" ] ], "file_path": "/Dockerfile.production", "file_abs_path": "/scan/Dockerfile.production", "repo_file_path": "/Dockerfile.production", "file_line_range": [ 31, 31 ], "resource": "/Dockerfile.production.RUN", "evaluations": null, "check_class": "checkov.common.graph.checks_infra.base_check", "fixed_definition": null, "entity_tags": null, "caller_file_path": null, "caller_file_line_range": null, "resource_address": null, "severity": null, "bc_category": null, "benchmarks": null, "description": null, "short_description": null, "vulnerability_details": null, "connected_node": null, "guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-wget-secure", "details": [], "check_len": null, "definition_context_file_path": null }, { "check_id": "CKV2_DOCKER_3", "bc_check_id": null, "check_name": "Ensure that certificate validation isn't disabled with wget", "check_result": { "result": "PASSED", "entity": { "block_name_": "RUN", "block_type_": "resource", "file_path_": "/Dockerfile.test", "config_": { "content": "RUN corepack enable && corepack prepare npm@10.5.0 --activate\n", "value": "corepack enable && corepack prepare npm@10.5.0 --activate", "__startline__": 4, "__endline__": 4 }, "label_": "resource: RUN", "id_": "RUN", "source_": "Dockerfile", "content": "RUN corepack enable && corepack prepare npm@10.5.0 --activate\n", "value": "corepack enable && corepack prepare npm@10.5.0 --activate", "__startline__": 4, "__endline__": 4, "resource_type": "RUN", "hash": "1d5fb0a211498b8baf37e5744578ad03459da7798534298981f23fdefb7eb757" }, "evaluated_keys": [ "value" ] }, "code_block": [ [ 5, "RUN corepack enable && corepack prepare npm@10.5.0 --activate\n" ] ], "file_path": "/Dockerfile.test", "file_abs_path": "/scan/Dockerfile.test", "repo_file_path": "/Dockerfile.test", "file_line_range": [ 5, 5 ], "resource": "/Dockerfile.test.RUN", "evaluations": null, "check_class": "checkov.common.graph.checks_infra.base_check", "fixed_definition": null, "entity_tags": null, "caller_file_path": null, "caller_file_line_range": null, "resource_address": null, "severity": null, "bc_category": null, "benchmarks": null, "description": null, "short_description": null, "vulnerability_details": null, "connected_node": null, "guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-wget-secure", "details": [], "check_len": null, "definition_context_file_path": null }, { "check_id": "CKV2_DOCKER_3", "bc_check_id": null, "check_name": "Ensure that certificate validation isn't disabled with wget", "check_result": { "result": "PASSED", "entity": { "block_name_": "RUN", "block_type_": "resource", "file_path_": "/Dockerfile.test", "config_": { "content": "RUN npm install\n", "value": "npm install", "__startline__": 10, "__endline__": 10 }, "label_": "resource: RUN", "id_": "RUN", "source_": "Dockerfile", "content": "RUN npm install\n", "value": "npm install", "__startline__": 10, "__endline__": 10, "resource_type": "RUN", "hash": "fb809e4860a3131df821aea9480445cc6e2f66dd52744dab5f3d2ef5b2848436" }, "evaluated_keys": [ "value" ] }, "code_block": [ [ 11, "RUN npm install\n" ] ], "file_path": "/Dockerfile.test", "file_abs_path": "/scan/Dockerfile.test", "repo_file_path": "/Dockerfile.test", "file_line_range": [ 11, 11 ], "resource": "/Dockerfile.test.RUN", "evaluations": null, "check_class": "checkov.common.graph.checks_infra.base_check", "fixed_definition": null, "entity_tags": null, "caller_file_path": null, "caller_file_line_range": null, "resource_address": null, "severity": null, "bc_category": null, "benchmarks": null, "description": null, "short_description": null, "vulnerability_details": null, "connected_node": null, "guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-wget-secure", "details": [], "check_len": null, "definition_context_file_path": null }, { "check_id": "CKV2_DOCKER_3", "bc_check_id": null, "check_name": "Ensure that certificate validation isn't disabled with wget", "check_result": { "result": "PASSED", "entity": { "block_name_": "RUN", "block_type_": "resource", "file_path_": "/Dockerfile.dev", "config_": { "content": "RUN npm install -g npm@10.5.0 --no-fund --no-audit\n", "value": "npm install -g npm@10.5.0 --no-fund --no-audit", "__startline__": 4, "__endline__": 4 }, "label_": "resource: RUN", "id_": "RUN", "source_": "Dockerfile", "content": "RUN npm install -g npm@10.5.0 --no-fund --no-audit\n", "value": "npm install -g npm@10.5.0 --no-fund --no-audit", "__startline__": 4, "__endline__": 4, "resource_type": "RUN", "hash": "435bba968d1d0b4c410ea33851637829a16b2ad878f0b9531a737c7a444f91b9" }, "evaluated_keys": [ "value" ] }, "code_block": [ [ 5, "RUN npm install -g npm@10.5.0 --no-fund --no-audit\n" ] ], "file_path": "/Dockerfile.dev", "file_abs_path": "/scan/Dockerfile.dev", "repo_file_path": "/Dockerfile.dev", "file_line_range": [ 5, 5 ], "resource": "/Dockerfile.dev.RUN", "evaluations": null, "check_class": "checkov.common.graph.checks_infra.base_check", "fixed_definition": null, "entity_tags": null, "caller_file_path": null, "caller_file_line_range": null, "resource_address": null, "severity": null, "bc_category": null, "benchmarks": null, "description": null, "short_description": null, "vulnerability_details": null, "connected_node": null, "guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-wget-secure", "details": [], "check_len": null, "definition_context_file_path": null }, { "check_id": "CKV2_DOCKER_3", "bc_check_id": null, "check_name": "Ensure that certificate validation isn't disabled with wget", "check_result": { "result": "PASSED", "entity": { "block_name_": "RUN", "block_type_": "resource", "file_path_": "/Dockerfile.dev", "config_": { "content": "RUN npm ci --no-fund --no-audit\n", "value": "npm ci --no-fund --no-audit", "__startline__": 10, "__endline__": 10 }, "label_": "resource: RUN", "id_": "RUN", "source_": "Dockerfile", "content": "RUN npm ci --no-fund --no-audit\n", "value": "npm ci --no-fund --no-audit", "__startline__": 10, "__endline__": 10, "resource_type": "RUN", "hash": "57abb1bbe03890ab19f47e5f96b9cbcee02aab65f6980d523df42faf41b709fa" }, "evaluated_keys": [ "value" ] }, "code_block": [ [ 11, "RUN npm ci --no-fund --no-audit\n" ] ], "file_path": "/Dockerfile.dev", "file_abs_path": "/scan/Dockerfile.dev", "repo_file_path": "/Dockerfile.dev", "file_line_range": [ 11, 11 ], "resource": "/Dockerfile.dev.RUN", "evaluations": null, "check_class": "checkov.common.graph.checks_infra.base_check", "fixed_definition": null, "entity_tags": null, "caller_file_path": null, "caller_file_line_range": null, "resource_address": null, "severity": null, "bc_category": null, "benchmarks": null, "description": null, "short_description": null, "vulnerability_details": null, "connected_node": null, "guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-wget-secure", "details": [], "check_len": null, "definition_context_file_path": null }, { "check_id": "CKV2_DOCKER_15", "bc_check_id": null, "check_name": "Ensure that the yum and dnf package managers are not configured to disable SSL certificate validation via the 'sslverify' configuration option", "check_result": { "result": "PASSED", "entity": { "block_name_": "RUN", "block_type_": "resource", "file_path_": "/Dockerfile.production", "config_": { "content": "RUN corepack enable && corepack prepare npm@10.5.0 --activate\n", "value": "corepack enable && corepack prepare npm@10.5.0 --activate", "__startline__": 4, "__endline__": 4 }, "label_": "resource: RUN", "id_": "RUN", "source_": "Dockerfile", "content": "RUN corepack enable && corepack prepare npm@10.5.0 --activate\n", "value": "corepack enable && corepack prepare npm@10.5.0 --activate", "__startline__": 4, "__endline__": 4, "resource_type": "RUN", "hash": "dbd32b6bad6b728919787011f82d60c50d7b2d1c079f814de2b1640696c98816" }, "evaluated_keys": [ "value" ] }, "code_block": [ [ 5, "RUN corepack enable && corepack prepare npm@10.5.0 --activate\n" ] ], "file_path": "/Dockerfile.production", "file_abs_path": "/scan/Dockerfile.production", "repo_file_path": "/Dockerfile.production", "file_line_range": [ 5, 5 ], "resource": "/Dockerfile.production.RUN", "evaluations": null, "check_class": "checkov.common.graph.checks_infra.base_check", "fixed_definition": null, "entity_tags": null, "caller_file_path": null, "caller_file_line_range": null, "resource_address": null, "severity": null, "bc_category": null, "benchmarks": null, "description": null, "short_description": null, "vulnerability_details": null, "connected_node": null, "guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-yum-ssl", "details": [], "check_len": null, "definition_context_file_path": null }, { "check_id": "CKV2_DOCKER_15", "bc_check_id": null, "check_name": "Ensure that the yum and dnf package managers are not configured to disable SSL certificate validation via the 'sslverify' configuration option", "check_result": { "result": "PASSED", "entity": { "block_name_": "RUN", "block_type_": "resource", "file_path_": "/Dockerfile.production", "config_": { "content": "RUN npm install\n", "value": "npm install", "__startline__": 20, "__endline__": 20 }, "label_": "resource: RUN", "id_": "RUN", "source_": "Dockerfile", "content": "RUN npm install\n", "value": "npm install", "__startline__": 20, "__endline__": 20, "resource_type": "RUN", "hash": "6979b14e6a853ac150ffef85c5e28fd49c956054ea2cb1d01440e13b17260c4a" }, "evaluated_keys": [ "value" ] }, "code_block": [ [ 21, "RUN npm install\n" ] ], "file_path": "/Dockerfile.production", "file_abs_path": "/scan/Dockerfile.production", "repo_file_path": "/Dockerfile.production", "file_line_range": [ 21, 21 ], "resource": "/Dockerfile.production.RUN", "evaluations": null, "check_class": "checkov.common.graph.checks_infra.base_check", "fixed_definition": null, "entity_tags": null, "caller_file_path": null, "caller_file_line_range": null, "resource_address": null, "severity": null, "bc_category": null, "benchmarks": null, "description": null, "short_description": null, "vulnerability_details": null, "connected_node": null, "guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-yum-ssl", "details": [], "check_len": null, "definition_context_file_path": null }, { "check_id": "CKV2_DOCKER_15", "bc_check_id": null, "check_name": "Ensure that the yum and dnf package managers are not configured to disable SSL certificate validation via the 'sslverify' configuration option", "check_result": { "result": "PASSED", "entity": { "block_name_": "RUN", "block_type_": "resource", "file_path_": "/Dockerfile.production", "config_": { "content": "RUN npm run db:generate\n", "value": "npm run db:generate", "__startline__": 21, "__endline__": 21 }, "label_": "resource: RUN", "id_": "RUN", "source_": "Dockerfile", "content": "RUN npm run db:generate\n", "value": "npm run db:generate", "__startline__": 21, "__endline__": 21, "resource_type": "RUN", "hash": "c1f9cc0c42260bb0183d7e7b9ec2edab99837111ad42dbbdd7fad09ff3e37ab0" }, "evaluated_keys": [ "value" ] }, "code_block": [ [ 22, "RUN npm run db:generate\n" ] ], "file_path": "/Dockerfile.production", "file_abs_path": "/scan/Dockerfile.production", "repo_file_path": "/Dockerfile.production", "file_line_range": [ 22, 22 ], "resource": "/Dockerfile.production.RUN", "evaluations": null, "check_class": "checkov.common.graph.checks_infra.base_check", "fixed_definition": null, "entity_tags": null, "caller_file_path": null, "caller_file_line_range": null, "resource_address": null, "severity": null, "bc_category": null, "benchmarks": null, "description": null, "short_description": null, "vulnerability_details": null, "connected_node": null, "guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-yum-ssl", "details": [], "check_len": null, "definition_context_file_path": null }, { "check_id": "CKV2_DOCKER_15", "bc_check_id": null, "check_name": "Ensure that the yum and dnf package managers are not configured to disable SSL certificate validation via the 'sslverify' configuration option", "check_result": { "result": "PASSED", "entity": { "block_name_": "RUN", "block_type_": "resource", "file_path_": "/Dockerfile.production", "config_": { "content": "RUN npm run build\n", "value": "npm run build", "__startline__": 22, "__endline__": 22 }, "label_": "resource: RUN", "id_": "RUN", "source_": "Dockerfile", "content": "RUN npm run build\n", "value": "npm run build", "__startline__": 22, "__endline__": 22, "resource_type": "RUN", "hash": "1bf185fb6038f1b491f2a2686de4dd9869ccdd9c3e34d2772cf43bd368377aa6" }, "evaluated_keys": [ "value" ] }, "code_block": [ [ 23, "RUN npm run build\n" ] ], "file_path": "/Dockerfile.production", "file_abs_path": "/scan/Dockerfile.production", "repo_file_path": "/Dockerfile.production", "file_line_range": [ 23, 23 ], "resource": "/Dockerfile.production.RUN", "evaluations": null, "check_class": "checkov.common.graph.checks_infra.base_check", "fixed_definition": null, "entity_tags": null, "caller_file_path": null, "caller_file_line_range": null, "resource_address": null, "severity": null, "bc_category": null, "benchmarks": null, "description": null, "short_description": null, "vulnerability_details": null, "connected_node": null, "guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-yum-ssl", "details": [], "check_len": null, "definition_context_file_path": null }, { "check_id": "CKV2_DOCKER_15", "bc_check_id": null, "check_name": "Ensure that the yum and dnf package managers are not configured to disable SSL certificate validation via the 'sslverify' configuration option", "check_result": { "result": "PASSED", "entity": { "block_name_": "RUN", "block_type_": "resource", "file_path_": "/Dockerfile.production", "config_": { "content": "RUN corepack enable && corepack prepare npm@10.5.0 --activate\n", "value": "corepack enable && corepack prepare npm@10.5.0 --activate", "__startline__": 30, "__endline__": 30 }, "label_": "resource: RUN", "id_": "RUN", "source_": "Dockerfile", "content": "RUN corepack enable && corepack prepare npm@10.5.0 --activate\n", "value": "corepack enable && corepack prepare npm@10.5.0 --activate", "__startline__": 30, "__endline__": 30, "resource_type": "RUN", "hash": "01c88e306f7db45ae7136e3bdb63c4b15978dd024f6ed18210961fc3db3df382" }, "evaluated_keys": [ "value" ] }, "code_block": [ [ 31, "RUN corepack enable && corepack prepare npm@10.5.0 --activate\n" ] ], "file_path": "/Dockerfile.production", "file_abs_path": "/scan/Dockerfile.production", "repo_file_path": "/Dockerfile.production", "file_line_range": [ 31, 31 ], "resource": "/Dockerfile.production.RUN", "evaluations": null, "check_class": "checkov.common.graph.checks_infra.base_check", "fixed_definition": null, "entity_tags": null, "caller_file_path": null, "caller_file_line_range": null, "resource_address": null, "severity": null, "bc_category": null, "benchmarks": null, "description": null, "short_description": null, "vulnerability_details": null, "connected_node": null, "guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-yum-ssl", "details": [], "check_len": null, "definition_context_file_path": null }, { "check_id": "CKV2_DOCKER_15", "bc_check_id": null, "check_name": "Ensure that the yum and dnf package managers are not configured to disable SSL certificate validation via the 'sslverify' configuration option", "check_result": { "result": "PASSED", "entity": { "block_name_": "RUN", "block_type_": "resource", "file_path_": "/Dockerfile.test", "config_": { "content": "RUN corepack enable && corepack prepare npm@10.5.0 --activate\n", "value": "corepack enable && corepack prepare npm@10.5.0 --activate", "__startline__": 4, "__endline__": 4 }, "label_": "resource: RUN", "id_": "RUN", "source_": "Dockerfile", "content": "RUN corepack enable && corepack prepare npm@10.5.0 --activate\n", "value": "corepack enable && corepack prepare npm@10.5.0 --activate", "__startline__": 4, "__endline__": 4, "resource_type": "RUN", "hash": "1d5fb0a211498b8baf37e5744578ad03459da7798534298981f23fdefb7eb757" }, "evaluated_keys": [ "value" ] }, "code_block": [ [ 5, "RUN corepack enable && corepack prepare npm@10.5.0 --activate\n" ] ], "file_path": "/Dockerfile.test", "file_abs_path": "/scan/Dockerfile.test", "repo_file_path": "/Dockerfile.test", "file_line_range": [ 5, 5 ], "resource": "/Dockerfile.test.RUN", "evaluations": null, "check_class": "checkov.common.graph.checks_infra.base_check", "fixed_definition": null, "entity_tags": null, "caller_file_path": null, "caller_file_line_range": null, "resource_address": null, "severity": null, "bc_category": null, "benchmarks": null, "description": null, "short_description": null, "vulnerability_details": null, "connected_node": null, "guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-yum-ssl", "details": [], "check_len": null, "definition_context_file_path": null }, { "check_id": "CKV2_DOCKER_15", "bc_check_id": null, "check_name": "Ensure that the yum and dnf package managers are not configured to disable SSL certificate validation via the 'sslverify' configuration option", "check_result": { "result": "PASSED", "entity": { "block_name_": "RUN", "block_type_": "resource", "file_path_": "/Dockerfile.test", "config_": { "content": "RUN npm install\n", "value": "npm install", "__startline__": 10, "__endline__": 10 }, "label_": "resource: RUN", "id_": "RUN", "source_": "Dockerfile", "content": "RUN npm install\n", "value": "npm install", "__startline__": 10, "__endline__": 10, "resource_type": "RUN", "hash": "fb809e4860a3131df821aea9480445cc6e2f66dd52744dab5f3d2ef5b2848436" }, "evaluated_keys": [ "value" ] }, "code_block": [ [ 11, "RUN npm install\n" ] ], "file_path": "/Dockerfile.test", "file_abs_path": "/scan/Dockerfile.test", "repo_file_path": "/Dockerfile.test", "file_line_range": [ 11, 11 ], "resource": "/Dockerfile.test.RUN", "evaluations": null, "check_class": "checkov.common.graph.checks_infra.base_check", "fixed_definition": null, "entity_tags": null, "caller_file_path": null, "caller_file_line_range": null, "resource_address": null, "severity": null, "bc_category": null, "benchmarks": null, "description": null, "short_description": null, "vulnerability_details": null, "connected_node": null, "guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-yum-ssl", "details": [], "check_len": null, "definition_context_file_path": null }, { "check_id": "CKV2_DOCKER_15", "bc_check_id": null, "check_name": "Ensure that the yum and dnf package managers are not configured to disable SSL certificate validation via the 'sslverify' configuration option", "check_result": { "result": "PASSED", "entity": { "block_name_": "RUN", "block_type_": "resource", "file_path_": "/Dockerfile.dev", "config_": { "content": "RUN npm install -g npm@10.5.0 --no-fund --no-audit\n", "value": "npm install -g npm@10.5.0 --no-fund --no-audit", "__startline__": 4, "__endline__": 4 }, "label_": "resource: RUN", "id_": "RUN", "source_": "Dockerfile", "content": "RUN npm install -g npm@10.5.0 --no-fund --no-audit\n", "value": "npm install -g npm@10.5.0 --no-fund --no-audit", "__startline__": 4, "__endline__": 4, "resource_type": "RUN", "hash": "435bba968d1d0b4c410ea33851637829a16b2ad878f0b9531a737c7a444f91b9" }, "evaluated_keys": [ "value" ] }, "code_block": [ [ 5, "RUN npm install -g npm@10.5.0 --no-fund --no-audit\n" ] ], "file_path": "/Dockerfile.dev", "file_abs_path": "/scan/Dockerfile.dev", "repo_file_path": "/Dockerfile.dev", "file_line_range": [ 5, 5 ], "resource": "/Dockerfile.dev.RUN", "evaluations": null, "check_class": "checkov.common.graph.checks_infra.base_check", "fixed_definition": null, "entity_tags": null, "caller_file_path": null, "caller_file_line_range": null, "resource_address": null, "severity": null, "bc_category": null, "benchmarks": null, "description": null, "short_description": null, "vulnerability_details": null, "connected_node": null, "guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-yum-ssl", "details": [], "check_len": null, "definition_context_file_path": null }, { "check_id": "CKV2_DOCKER_15", "bc_check_id": null, "check_name": "Ensure that the yum and dnf package managers are not configured to disable SSL certificate validation via the 'sslverify' configuration option", "check_result": { "result": "PASSED", "entity": { "block_name_": "RUN", "block_type_": "resource", "file_path_": "/Dockerfile.dev", "config_": { "content": "RUN npm ci --no-fund --no-audit\n", "value": "npm ci --no-fund --no-audit", "__startline__": 10, "__endline__": 10 }, "label_": "resource: RUN", "id_": "RUN", "source_": "Dockerfile", "content": "RUN npm ci --no-fund --no-audit\n", "value": "npm ci --no-fund --no-audit", "__startline__": 10, "__endline__": 10, "resource_type": "RUN", "hash": "57abb1bbe03890ab19f47e5f96b9cbcee02aab65f6980d523df42faf41b709fa" }, "evaluated_keys": [ "value" ] }, "code_block": [ [ 11, "RUN npm ci --no-fund --no-audit\n" ] ], "file_path": "/Dockerfile.dev", "file_abs_path": "/scan/Dockerfile.dev", "repo_file_path": "/Dockerfile.dev", "file_line_range": [ 11, 11 ], "resource": "/Dockerfile.dev.RUN", "evaluations": null, "check_class": "checkov.common.graph.checks_infra.base_check", "fixed_definition": null, "entity_tags": null, "caller_file_path": null, "caller_file_line_range": null, "resource_address": null, "severity": null, "bc_category": null, "benchmarks": null, "description": null, "short_description": null, "vulnerability_details": null, "connected_node": null, "guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-yum-ssl", "details": [], "check_len": null, "definition_context_file_path": null }, { "check_id": "CKV2_DOCKER_8", "bc_check_id": null, "check_name": "Ensure that packages with untrusted or missing signatures are not used by apt-get via the '--allow-unauthenticated' option", "check_result": { "result": "PASSED", "entity": { "block_name_": "RUN", "block_type_": "resource", "file_path_": "/Dockerfile.production", "config_": { "content": "RUN corepack enable && corepack prepare npm@10.5.0 --activate\n", "value": "corepack enable && corepack prepare npm@10.5.0 --activate", "__startline__": 4, "__endline__": 4 }, "label_": "resource: RUN", "id_": "RUN", "source_": "Dockerfile", "content": "RUN corepack enable && corepack prepare npm@10.5.0 --activate\n", "value": "corepack enable && corepack prepare npm@10.5.0 --activate", "__startline__": 4, "__endline__": 4, "resource_type": "RUN", "hash": "dbd32b6bad6b728919787011f82d60c50d7b2d1c079f814de2b1640696c98816" }, "evaluated_keys": [ "value" ] }, "code_block": [ [ 5, "RUN corepack enable && corepack prepare npm@10.5.0 --activate\n" ] ], "file_path": "/Dockerfile.production", "file_abs_path": "/scan/Dockerfile.production", "repo_file_path": "/Dockerfile.production", "file_line_range": [ 5, 5 ], "resource": "/Dockerfile.production.RUN", "evaluations": null, "check_class": "checkov.common.graph.checks_infra.base_check", "fixed_definition": null, "entity_tags": null, "caller_file_path": null, "caller_file_line_range": null, "resource_address": null, "severity": null, "bc_category": null, "benchmarks": null, "description": null, "short_description": null, "vulnerability_details": null, "connected_node": null, "guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-apt-authenticated", "details": [], "check_len": null, "definition_context_file_path": null }, { "check_id": "CKV2_DOCKER_8", "bc_check_id": null, "check_name": "Ensure that packages with untrusted or missing signatures are not used by apt-get via the '--allow-unauthenticated' option", "check_result": { "result": "PASSED", "entity": { "block_name_": "RUN", "block_type_": "resource", "file_path_": "/Dockerfile.production", "config_": { "content": "RUN npm install\n", "value": "npm install", "__startline__": 20, "__endline__": 20 }, "label_": "resource: RUN", "id_": "RUN", "source_": "Dockerfile", "content": "RUN npm install\n", "value": "npm install", "__startline__": 20, "__endline__": 20, "resource_type": "RUN", "hash": "6979b14e6a853ac150ffef85c5e28fd49c956054ea2cb1d01440e13b17260c4a" }, "evaluated_keys": [ "value" ] }, "code_block": [ [ 21, "RUN npm install\n" ] ], "file_path": "/Dockerfile.production", "file_abs_path": "/scan/Dockerfile.production", "repo_file_path": "/Dockerfile.production", "file_line_range": [ 21, 21 ], "resource": "/Dockerfile.production.RUN", "evaluations": null, "check_class": "checkov.common.graph.checks_infra.base_check", "fixed_definition": null, "entity_tags": null, "caller_file_path": null, "caller_file_line_range": null, "resource_address": null, "severity": null, "bc_category": null, "benchmarks": null, "description": null, "short_description": null, "vulnerability_details": null, "connected_node": null, "guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-apt-authenticated", "details": [], "check_len": null, "definition_context_file_path": null }, { "check_id": "CKV2_DOCKER_8", "bc_check_id": null, "check_name": "Ensure that packages with untrusted or missing signatures are not used by apt-get via the '--allow-unauthenticated' option", "check_result": { "result": "PASSED", "entity": { "block_name_": "RUN", "block_type_": "resource", "file_path_": "/Dockerfile.production", "config_": { "content": "RUN npm run db:generate\n", "value": "npm run db:generate", "__startline__": 21, "__endline__": 21 }, "label_": "resource: RUN", "id_": "RUN", "source_": "Dockerfile", "content": "RUN npm run db:generate\n", "value": "npm run db:generate", "__startline__": 21, "__endline__": 21, "resource_type": "RUN", "hash": "c1f9cc0c42260bb0183d7e7b9ec2edab99837111ad42dbbdd7fad09ff3e37ab0" }, "evaluated_keys": [ "value" ] }, "code_block": [ [ 22, "RUN npm run db:generate\n" ] ], "file_path": "/Dockerfile.production", "file_abs_path": "/scan/Dockerfile.production", "repo_file_path": "/Dockerfile.production", "file_line_range": [ 22, 22 ], "resource": "/Dockerfile.production.RUN", "evaluations": null, "check_class": "checkov.common.graph.checks_infra.base_check", "fixed_definition": null, "entity_tags": null, "caller_file_path": null, "caller_file_line_range": null, "resource_address": null, "severity": null, "bc_category": null, "benchmarks": null, "description": null, "short_description": null, "vulnerability_details": null, "connected_node": null, "guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-apt-authenticated", "details": [], "check_len": null, "definition_context_file_path": null }, { "check_id": "CKV2_DOCKER_8", "bc_check_id": null, "check_name": "Ensure that packages with untrusted or missing signatures are not used by apt-get via the '--allow-unauthenticated' option", "check_result": { "result": "PASSED", "entity": { "block_name_": "RUN", "block_type_": "resource", "file_path_": "/Dockerfile.production", "config_": { "content": "RUN npm run build\n", "value": "npm run build", "__startline__": 22, "__endline__": 22 }, "label_": "resource: RUN", "id_": "RUN", "source_": "Dockerfile", "content": "RUN npm run build\n", "value": "npm run build", "__startline__": 22, "__endline__": 22, "resource_type": "RUN", "hash": "1bf185fb6038f1b491f2a2686de4dd9869ccdd9c3e34d2772cf43bd368377aa6" }, "evaluated_keys": [ "value" ] }, "code_block": [ [ 23, "RUN npm run build\n" ] ], "file_path": "/Dockerfile.production", "file_abs_path": "/scan/Dockerfile.production", "repo_file_path": "/Dockerfile.production", "file_line_range": [ 23, 23 ], "resource": "/Dockerfile.production.RUN", "evaluations": null, "check_class": "checkov.common.graph.checks_infra.base_check", "fixed_definition": null, "entity_tags": null, "caller_file_path": null, "caller_file_line_range": null, "resource_address": null, "severity": null, "bc_category": null, "benchmarks": null, "description": null, "short_description": null, "vulnerability_details": null, "connected_node": null, "guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-apt-authenticated", "details": [], "check_len": null, "definition_context_file_path": null }, { "check_id": "CKV2_DOCKER_8", "bc_check_id": null, "check_name": "Ensure that packages with untrusted or missing signatures are not used by apt-get via the '--allow-unauthenticated' option", "check_result": { "result": "PASSED", "entity": { "block_name_": "RUN", "block_type_": "resource", "file_path_": "/Dockerfile.production", "config_": { "content": "RUN corepack enable && corepack prepare npm@10.5.0 --activate\n", "value": "corepack enable && corepack prepare npm@10.5.0 --activate", "__startline__": 30, "__endline__": 30 }, "label_": "resource: RUN", "id_": "RUN", "source_": "Dockerfile", "content": "RUN corepack enable && corepack prepare npm@10.5.0 --activate\n", "value": "corepack enable && corepack prepare npm@10.5.0 --activate", "__startline__": 30, "__endline__": 30, "resource_type": "RUN", "hash": "01c88e306f7db45ae7136e3bdb63c4b15978dd024f6ed18210961fc3db3df382" }, "evaluated_keys": [ "value" ] }, "code_block": [ [ 31, "RUN corepack enable && corepack prepare npm@10.5.0 --activate\n" ] ], "file_path": "/Dockerfile.production", "file_abs_path": "/scan/Dockerfile.production", "repo_file_path": "/Dockerfile.production", "file_line_range": [ 31, 31 ], "resource": "/Dockerfile.production.RUN", "evaluations": null, "check_class": "checkov.common.graph.checks_infra.base_check", "fixed_definition": null, "entity_tags": null, "caller_file_path": null, "caller_file_line_range": null, "resource_address": null, "severity": null, "bc_category": null, "benchmarks": null, "description": null, "short_description": null, "vulnerability_details": null, "connected_node": null, "guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-apt-authenticated", "details": [], "check_len": null, "definition_context_file_path": null }, { "check_id": "CKV2_DOCKER_8", "bc_check_id": null, "check_name": "Ensure that packages with untrusted or missing signatures are not used by apt-get via the '--allow-unauthenticated' option", "check_result": { "result": "PASSED", "entity": { "block_name_": "RUN", "block_type_": "resource", "file_path_": "/Dockerfile.test", "config_": { "content": "RUN corepack enable && corepack prepare npm@10.5.0 --activate\n", "value": "corepack enable && corepack prepare npm@10.5.0 --activate", "__startline__": 4, "__endline__": 4 }, "label_": "resource: RUN", "id_": "RUN", "source_": "Dockerfile", "content": "RUN corepack enable && corepack prepare npm@10.5.0 --activate\n", "value": "corepack enable && corepack prepare npm@10.5.0 --activate", "__startline__": 4, "__endline__": 4, "resource_type": "RUN", "hash": "1d5fb0a211498b8baf37e5744578ad03459da7798534298981f23fdefb7eb757" }, "evaluated_keys": [ "value" ] }, "code_block": [ [ 5, "RUN corepack enable && corepack prepare npm@10.5.0 --activate\n" ] ], "file_path": "/Dockerfile.test", "file_abs_path": "/scan/Dockerfile.test", "repo_file_path": "/Dockerfile.test", "file_line_range": [ 5, 5 ], "resource": "/Dockerfile.test.RUN", "evaluations": null, "check_class": "checkov.common.graph.checks_infra.base_check", "fixed_definition": null, "entity_tags": null, "caller_file_path": null, "caller_file_line_range": null, "resource_address": null, "severity": null, "bc_category": null, "benchmarks": null, "description": null, "short_description": null, "vulnerability_details": null, "connected_node": null, "guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-apt-authenticated", "details": [], "check_len": null, "definition_context_file_path": null }, { "check_id": "CKV2_DOCKER_8", "bc_check_id": null, "check_name": "Ensure that packages with untrusted or missing signatures are not used by apt-get via the '--allow-unauthenticated' option", "check_result": { "result": "PASSED", "entity": { "block_name_": "RUN", "block_type_": "resource", "file_path_": "/Dockerfile.test", "config_": { "content": "RUN npm install\n", "value": "npm install", "__startline__": 10, "__endline__": 10 }, "label_": "resource: RUN", "id_": "RUN", "source_": "Dockerfile", "content": "RUN npm install\n", "value": "npm install", "__startline__": 10, "__endline__": 10, "resource_type": "RUN", "hash": "fb809e4860a3131df821aea9480445cc6e2f66dd52744dab5f3d2ef5b2848436" }, "evaluated_keys": [ "value" ] }, "code_block": [ [ 11, "RUN npm install\n" ] ], "file_path": "/Dockerfile.test", "file_abs_path": "/scan/Dockerfile.test", "repo_file_path": "/Dockerfile.test", "file_line_range": [ 11, 11 ], "resource": "/Dockerfile.test.RUN", "evaluations": null, "check_class": "checkov.common.graph.checks_infra.base_check", "fixed_definition": null, "entity_tags": null, "caller_file_path": null, "caller_file_line_range": null, "resource_address": null, "severity": null, "bc_category": null, "benchmarks": null, "description": null, "short_description": null, "vulnerability_details": null, "connected_node": null, "guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-apt-authenticated", "details": [], "check_len": null, "definition_context_file_path": null }, { "check_id": "CKV2_DOCKER_8", "bc_check_id": null, "check_name": "Ensure that packages with untrusted or missing signatures are not used by apt-get via the '--allow-unauthenticated' option", "check_result": { "result": "PASSED", "entity": { "block_name_": "RUN", "block_type_": "resource", "file_path_": "/Dockerfile.dev", "config_": { "content": "RUN npm install -g npm@10.5.0 --no-fund --no-audit\n", "value": "npm install -g npm@10.5.0 --no-fund --no-audit", "__startline__": 4, "__endline__": 4 }, "label_": "resource: RUN", "id_": "RUN", "source_": "Dockerfile", "content": "RUN npm install -g npm@10.5.0 --no-fund --no-audit\n", "value": "npm install -g npm@10.5.0 --no-fund --no-audit", "__startline__": 4, "__endline__": 4, "resource_type": "RUN", "hash": "435bba968d1d0b4c410ea33851637829a16b2ad878f0b9531a737c7a444f91b9" }, "evaluated_keys": [ "value" ] }, "code_block": [ [ 5, "RUN npm install -g npm@10.5.0 --no-fund --no-audit\n" ] ], "file_path": "/Dockerfile.dev", "file_abs_path": "/scan/Dockerfile.dev", "repo_file_path": "/Dockerfile.dev", "file_line_range": [ 5, 5 ], "resource": "/Dockerfile.dev.RUN", "evaluations": null, "check_class": "checkov.common.graph.checks_infra.base_check", "fixed_definition": null, "entity_tags": null, "caller_file_path": null, "caller_file_line_range": null, "resource_address": null, "severity": null, "bc_category": null, "benchmarks": null, "description": null, "short_description": null, "vulnerability_details": null, "connected_node": null, "guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-apt-authenticated", "details": [], "check_len": null, "definition_context_file_path": null }, { "check_id": "CKV2_DOCKER_8", "bc_check_id": null, "check_name": "Ensure that packages with untrusted or missing signatures are not used by apt-get via the '--allow-unauthenticated' option", "check_result": { "result": "PASSED", "entity": { "block_name_": "RUN", "block_type_": "resource", "file_path_": "/Dockerfile.dev", "config_": { "content": "RUN npm ci --no-fund --no-audit\n", "value": "npm ci --no-fund --no-audit", "__startline__": 10, "__endline__": 10 }, "label_": "resource: RUN", "id_": "RUN", "source_": "Dockerfile", "content": "RUN npm ci --no-fund --no-audit\n", "value": "npm ci --no-fund --no-audit", "__startline__": 10, "__endline__": 10, "resource_type": "RUN", "hash": "57abb1bbe03890ab19f47e5f96b9cbcee02aab65f6980d523df42faf41b709fa" }, "evaluated_keys": [ "value" ] }, "code_block": [ [ 11, "RUN npm ci --no-fund --no-audit\n" ] ], "file_path": "/Dockerfile.dev", "file_abs_path": "/scan/Dockerfile.dev", "repo_file_path": "/Dockerfile.dev", "file_line_range": [ 11, 11 ], "resource": "/Dockerfile.dev.RUN", "evaluations": null, "check_class": "checkov.common.graph.checks_infra.base_check", "fixed_definition": null, "entity_tags": null, "caller_file_path": null, "caller_file_line_range": null, "resource_address": null, "severity": null, "bc_category": null, "benchmarks": null, "description": null, "short_description": null, "vulnerability_details": null, "connected_node": null, "guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-apt-authenticated", "details": [], "check_len": null, "definition_context_file_path": null }, { "check_id": "CKV2_DOCKER_13", "bc_check_id": null, "check_name": "Ensure that certificate validation isn't disabled for npm or yarn by setting the option strict-ssl to false", "check_result": { "result": "PASSED", "entity": { "block_name_": "RUN", "block_type_": "resource", "file_path_": "/Dockerfile.production", "config_": { "content": "RUN corepack enable && corepack prepare npm@10.5.0 --activate\n", "value": "corepack enable && corepack prepare npm@10.5.0 --activate", "__startline__": 4, "__endline__": 4 }, "label_": "resource: RUN", "id_": "RUN", "source_": "Dockerfile", "content": "RUN corepack enable && corepack prepare npm@10.5.0 --activate\n", "value": "corepack enable && corepack prepare npm@10.5.0 --activate", "__startline__": 4, "__endline__": 4, "resource_type": "RUN", "hash": "dbd32b6bad6b728919787011f82d60c50d7b2d1c079f814de2b1640696c98816" }, "evaluated_keys": [ "value" ] }, "code_block": [ [ 5, "RUN corepack enable && corepack prepare npm@10.5.0 --activate\n" ] ], "file_path": "/Dockerfile.production", "file_abs_path": "/scan/Dockerfile.production", "repo_file_path": "/Dockerfile.production", "file_line_range": [ 5, 5 ], "resource": "/Dockerfile.production.RUN", "evaluations": null, "check_class": "checkov.common.graph.checks_infra.base_check", "fixed_definition": null, "entity_tags": null, "caller_file_path": null, "caller_file_line_range": null, "resource_address": null, "severity": null, "bc_category": null, "benchmarks": null, "description": null, "short_description": null, "vulnerability_details": null, "connected_node": null, "guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-npm-strict-ssl2", "details": [], "check_len": null, "definition_context_file_path": null }, { "check_id": "CKV2_DOCKER_13", "bc_check_id": null, "check_name": "Ensure that certificate validation isn't disabled for npm or yarn by setting the option strict-ssl to false", "check_result": { "result": "PASSED", "entity": { "block_name_": "RUN", "block_type_": "resource", "file_path_": "/Dockerfile.production", "config_": { "content": "RUN npm install\n", "value": "npm install", "__startline__": 20, "__endline__": 20 }, "label_": "resource: RUN", "id_": "RUN", "source_": "Dockerfile", "content": "RUN npm install\n", "value": "npm install", "__startline__": 20, "__endline__": 20, "resource_type": "RUN", "hash": "6979b14e6a853ac150ffef85c5e28fd49c956054ea2cb1d01440e13b17260c4a" }, "evaluated_keys": [ "value" ] }, "code_block": [ [ 21, "RUN npm install\n" ] ], "file_path": "/Dockerfile.production", "file_abs_path": "/scan/Dockerfile.production", "repo_file_path": "/Dockerfile.production", "file_line_range": [ 21, 21 ], "resource": "/Dockerfile.production.RUN", "evaluations": null, "check_class": "checkov.common.graph.checks_infra.base_check", "fixed_definition": null, "entity_tags": null, "caller_file_path": null, "caller_file_line_range": null, "resource_address": null, "severity": null, "bc_category": null, "benchmarks": null, "description": null, "short_description": null, "vulnerability_details": null, "connected_node": null, "guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-npm-strict-ssl2", "details": [], "check_len": null, "definition_context_file_path": null }, { "check_id": "CKV2_DOCKER_13", "bc_check_id": null, "check_name": "Ensure that certificate validation isn't disabled for npm or yarn by setting the option strict-ssl to false", "check_result": { "result": "PASSED", "entity": { "block_name_": "RUN", "block_type_": "resource", "file_path_": "/Dockerfile.production", "config_": { "content": "RUN npm run db:generate\n", "value": "npm run db:generate", "__startline__": 21, "__endline__": 21 }, "label_": "resource: RUN", "id_": "RUN", "source_": "Dockerfile", "content": "RUN npm run db:generate\n", "value": "npm run db:generate", "__startline__": 21, "__endline__": 21, "resource_type": "RUN", "hash": "c1f9cc0c42260bb0183d7e7b9ec2edab99837111ad42dbbdd7fad09ff3e37ab0" }, "evaluated_keys": [ "value" ] }, "code_block": [ [ 22, "RUN npm run db:generate\n" ] ], "file_path": "/Dockerfile.production", "file_abs_path": "/scan/Dockerfile.production", "repo_file_path": "/Dockerfile.production", "file_line_range": [ 22, 22 ], "resource": "/Dockerfile.production.RUN", "evaluations": null, "check_class": "checkov.common.graph.checks_infra.base_check", "fixed_definition": null, "entity_tags": null, "caller_file_path": null, "caller_file_line_range": null, "resource_address": null, "severity": null, "bc_category": null, "benchmarks": null, "description": null, "short_description": null, "vulnerability_details": null, "connected_node": null, "guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-npm-strict-ssl2", "details": [], "check_len": null, "definition_context_file_path": null }, { "check_id": "CKV2_DOCKER_13", "bc_check_id": null, "check_name": "Ensure that certificate validation isn't disabled for npm or yarn by setting the option strict-ssl to false", "check_result": { "result": "PASSED", "entity": { "block_name_": "RUN", "block_type_": "resource", "file_path_": "/Dockerfile.production", "config_": { "content": "RUN npm run build\n", "value": "npm run build", "__startline__": 22, "__endline__": 22 }, "label_": "resource: RUN", "id_": "RUN", "source_": "Dockerfile", "content": "RUN npm run build\n", "value": "npm run build", "__startline__": 22, "__endline__": 22, "resource_type": "RUN", "hash": "1bf185fb6038f1b491f2a2686de4dd9869ccdd9c3e34d2772cf43bd368377aa6" }, "evaluated_keys": [ "value" ] }, "code_block": [ [ 23, "RUN npm run build\n" ] ], "file_path": "/Dockerfile.production", "file_abs_path": "/scan/Dockerfile.production", "repo_file_path": "/Dockerfile.production", "file_line_range": [ 23, 23 ], "resource": "/Dockerfile.production.RUN", "evaluations": null, "check_class": "checkov.common.graph.checks_infra.base_check", "fixed_definition": null, "entity_tags": null, "caller_file_path": null, "caller_file_line_range": null, "resource_address": null, "severity": null, "bc_category": null, "benchmarks": null, "description": null, "short_description": null, "vulnerability_details": null, "connected_node": null, "guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-npm-strict-ssl2", "details": [], "check_len": null, "definition_context_file_path": null }, { "check_id": "CKV2_DOCKER_13", "bc_check_id": null, "check_name": "Ensure that certificate validation isn't disabled for npm or yarn by setting the option strict-ssl to false", "check_result": { "result": "PASSED", "entity": { "block_name_": "RUN", "block_type_": "resource", "file_path_": "/Dockerfile.production", "config_": { "content": "RUN corepack enable && corepack prepare npm@10.5.0 --activate\n", "value": "corepack enable && corepack prepare npm@10.5.0 --activate", "__startline__": 30, "__endline__": 30 }, "label_": "resource: RUN", "id_": "RUN", "source_": "Dockerfile", "content": "RUN corepack enable && corepack prepare npm@10.5.0 --activate\n", "value": "corepack enable && corepack prepare npm@10.5.0 --activate", "__startline__": 30, "__endline__": 30, "resource_type": "RUN", "hash": "01c88e306f7db45ae7136e3bdb63c4b15978dd024f6ed18210961fc3db3df382" }, "evaluated_keys": [ "value" ] }, "code_block": [ [ 31, "RUN corepack enable && corepack prepare npm@10.5.0 --activate\n" ] ], "file_path": "/Dockerfile.production", "file_abs_path": "/scan/Dockerfile.production", "repo_file_path": "/Dockerfile.production", "file_line_range": [ 31, 31 ], "resource": "/Dockerfile.production.RUN", "evaluations": null, "check_class": "checkov.common.graph.checks_infra.base_check", "fixed_definition": null, "entity_tags": null, "caller_file_path": null, "caller_file_line_range": null, "resource_address": null, "severity": null, "bc_category": null, "benchmarks": null, "description": null, "short_description": null, "vulnerability_details": null, "connected_node": null, "guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-npm-strict-ssl2", "details": [], "check_len": null, "definition_context_file_path": null }, { "check_id": "CKV2_DOCKER_13", "bc_check_id": null, "check_name": "Ensure that certificate validation isn't disabled for npm or yarn by setting the option strict-ssl to false", "check_result": { "result": "PASSED", "entity": { "block_name_": "RUN", "block_type_": "resource", "file_path_": "/Dockerfile.test", "config_": { "content": "RUN corepack enable && corepack prepare npm@10.5.0 --activate\n", "value": "corepack enable && corepack prepare npm@10.5.0 --activate", "__startline__": 4, "__endline__": 4 }, "label_": "resource: RUN", "id_": "RUN", "source_": "Dockerfile", "content": "RUN corepack enable && corepack prepare npm@10.5.0 --activate\n", "value": "corepack enable && corepack prepare npm@10.5.0 --activate", "__startline__": 4, "__endline__": 4, "resource_type": "RUN", "hash": "1d5fb0a211498b8baf37e5744578ad03459da7798534298981f23fdefb7eb757" }, "evaluated_keys": [ "value" ] }, "code_block": [ [ 5, "RUN corepack enable && corepack prepare npm@10.5.0 --activate\n" ] ], "file_path": "/Dockerfile.test", "file_abs_path": "/scan/Dockerfile.test", "repo_file_path": "/Dockerfile.test", "file_line_range": [ 5, 5 ], "resource": "/Dockerfile.test.RUN", "evaluations": null, "check_class": "checkov.common.graph.checks_infra.base_check", "fixed_definition": null, "entity_tags": null, "caller_file_path": null, "caller_file_line_range": null, "resource_address": null, "severity": null, "bc_category": null, "benchmarks": null, "description": null, "short_description": null, "vulnerability_details": null, "connected_node": null, "guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-npm-strict-ssl2", "details": [], "check_len": null, "definition_context_file_path": null }, { "check_id": "CKV2_DOCKER_13", "bc_check_id": null, "check_name": "Ensure that certificate validation isn't disabled for npm or yarn by setting the option strict-ssl to false", "check_result": { "result": "PASSED", "entity": { "block_name_": "RUN", "block_type_": "resource", "file_path_": "/Dockerfile.test", "config_": { "content": "RUN npm install\n", "value": "npm install", "__startline__": 10, "__endline__": 10 }, "label_": "resource: RUN", "id_": "RUN", "source_": "Dockerfile", "content": "RUN npm install\n", "value": "npm install", "__startline__": 10, "__endline__": 10, "resource_type": "RUN", "hash": "fb809e4860a3131df821aea9480445cc6e2f66dd52744dab5f3d2ef5b2848436" }, "evaluated_keys": [ "value" ] }, "code_block": [ [ 11, "RUN npm install\n" ] ], "file_path": "/Dockerfile.test", "file_abs_path": "/scan/Dockerfile.test", "repo_file_path": "/Dockerfile.test", "file_line_range": [ 11, 11 ], "resource": "/Dockerfile.test.RUN", "evaluations": null, "check_class": "checkov.common.graph.checks_infra.base_check", "fixed_definition": null, "entity_tags": null, "caller_file_path": null, "caller_file_line_range": null, "resource_address": null, "severity": null, "bc_category": null, "benchmarks": null, "description": null, "short_description": null, "vulnerability_details": null, "connected_node": null, "guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-npm-strict-ssl2", "details": [], "check_len": null, "definition_context_file_path": null }, { "check_id": "CKV2_DOCKER_13", "bc_check_id": null, "check_name": "Ensure that certificate validation isn't disabled for npm or yarn by setting the option strict-ssl to false", "check_result": { "result": "PASSED", "entity": { "block_name_": "RUN", "block_type_": "resource", "file_path_": "/Dockerfile.dev", "config_": { "content": "RUN npm install -g npm@10.5.0 --no-fund --no-audit\n", "value": "npm install -g npm@10.5.0 --no-fund --no-audit", "__startline__": 4, "__endline__": 4 }, "label_": "resource: RUN", "id_": "RUN", "source_": "Dockerfile", "content": "RUN npm install -g npm@10.5.0 --no-fund --no-audit\n", "value": "npm install -g npm@10.5.0 --no-fund --no-audit", "__startline__": 4, "__endline__": 4, "resource_type": "RUN", "hash": "435bba968d1d0b4c410ea33851637829a16b2ad878f0b9531a737c7a444f91b9" }, "evaluated_keys": [ "value" ] }, "code_block": [ [ 5, "RUN npm install -g npm@10.5.0 --no-fund --no-audit\n" ] ], "file_path": "/Dockerfile.dev", "file_abs_path": "/scan/Dockerfile.dev", "repo_file_path": "/Dockerfile.dev", "file_line_range": [ 5, 5 ], "resource": "/Dockerfile.dev.RUN", "evaluations": null, "check_class": "checkov.common.graph.checks_infra.base_check", "fixed_definition": null, "entity_tags": null, "caller_file_path": null, "caller_file_line_range": null, "resource_address": null, "severity": null, "bc_category": null, "benchmarks": null, "description": null, "short_description": null, "vulnerability_details": null, "connected_node": null, "guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-npm-strict-ssl2", "details": [], "check_len": null, "definition_context_file_path": null }, { "check_id": "CKV2_DOCKER_13", "bc_check_id": null, "check_name": "Ensure that certificate validation isn't disabled for npm or yarn by setting the option strict-ssl to false", "check_result": { "result": "PASSED", "entity": { "block_name_": "RUN", "block_type_": "resource", "file_path_": "/Dockerfile.dev", "config_": { "content": "RUN npm ci --no-fund --no-audit\n", "value": "npm ci --no-fund --no-audit", "__startline__": 10, "__endline__": 10 }, "label_": "resource: RUN", "id_": "RUN", "source_": "Dockerfile", "content": "RUN npm ci --no-fund --no-audit\n", "value": "npm ci --no-fund --no-audit", "__startline__": 10, "__endline__": 10, "resource_type": "RUN", "hash": "57abb1bbe03890ab19f47e5f96b9cbcee02aab65f6980d523df42faf41b709fa" }, "evaluated_keys": [ "value" ] }, "code_block": [ [ 11, "RUN npm ci --no-fund --no-audit\n" ] ], "file_path": "/Dockerfile.dev", "file_abs_path": "/scan/Dockerfile.dev", "repo_file_path": "/Dockerfile.dev", "file_line_range": [ 11, 11 ], "resource": "/Dockerfile.dev.RUN", "evaluations": null, "check_class": "checkov.common.graph.checks_infra.base_check", "fixed_definition": null, "entity_tags": null, "caller_file_path": null, "caller_file_line_range": null, "resource_address": null, "severity": null, "bc_category": null, "benchmarks": null, "description": null, "short_description": null, "vulnerability_details": null, "connected_node": null, "guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-npm-strict-ssl2", "details": [], "check_len": null, "definition_context_file_path": null }, { "check_id": "CKV2_DOCKER_10", "bc_check_id": null, "check_name": "Ensure that packages with untrusted or missing signatures are not used by rpm via the '--nodigest', '--nosignature', '--noverify', or '--nofiledigest' options", "check_result": { "result": "PASSED", "entity": { "block_name_": "RUN", "block_type_": "resource", "file_path_": "/Dockerfile.production", "config_": { "content": "RUN corepack enable && corepack prepare npm@10.5.0 --activate\n", "value": "corepack enable && corepack prepare npm@10.5.0 --activate", "__startline__": 4, "__endline__": 4 }, "label_": "resource: RUN", "id_": "RUN", "source_": "Dockerfile", "content": "RUN corepack enable && corepack prepare npm@10.5.0 --activate\n", "value": "corepack enable && corepack prepare npm@10.5.0 --activate", "__startline__": 4, "__endline__": 4, "resource_type": "RUN", "hash": "dbd32b6bad6b728919787011f82d60c50d7b2d1c079f814de2b1640696c98816" }, "evaluated_keys": [ "value" ] }, "code_block": [ [ 5, "RUN corepack enable && corepack prepare npm@10.5.0 --activate\n" ] ], "file_path": "/Dockerfile.production", "file_abs_path": "/scan/Dockerfile.production", "repo_file_path": "/Dockerfile.production", "file_line_range": [ 5, 5 ], "resource": "/Dockerfile.production.RUN", "evaluations": null, "check_class": "checkov.common.graph.checks_infra.base_check", "fixed_definition": null, "entity_tags": null, "caller_file_path": null, "caller_file_line_range": null, "resource_address": null, "severity": null, "bc_category": null, "benchmarks": null, "description": null, "short_description": null, "vulnerability_details": null, "connected_node": null, "guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-rpm-signed", "details": [], "check_len": null, "definition_context_file_path": null }, { "check_id": "CKV2_DOCKER_10", "bc_check_id": null, "check_name": "Ensure that packages with untrusted or missing signatures are not used by rpm via the '--nodigest', '--nosignature', '--noverify', or '--nofiledigest' options", "check_result": { "result": "PASSED", "entity": { "block_name_": "RUN", "block_type_": "resource", "file_path_": "/Dockerfile.production", "config_": { "content": "RUN npm install\n", "value": "npm install", "__startline__": 20, "__endline__": 20 }, "label_": "resource: RUN", "id_": "RUN", "source_": "Dockerfile", "content": "RUN npm install\n", "value": "npm install", "__startline__": 20, "__endline__": 20, "resource_type": "RUN", "hash": "6979b14e6a853ac150ffef85c5e28fd49c956054ea2cb1d01440e13b17260c4a" }, "evaluated_keys": [ "value" ] }, "code_block": [ [ 21, "RUN npm install\n" ] ], "file_path": "/Dockerfile.production", "file_abs_path": "/scan/Dockerfile.production", "repo_file_path": "/Dockerfile.production", "file_line_range": [ 21, 21 ], "resource": "/Dockerfile.production.RUN", "evaluations": null, "check_class": "checkov.common.graph.checks_infra.base_check", "fixed_definition": null, "entity_tags": null, "caller_file_path": null, "caller_file_line_range": null, "resource_address": null, "severity": null, "bc_category": null, "benchmarks": null, "description": null, "short_description": null, "vulnerability_details": null, "connected_node": null, "guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-rpm-signed", "details": [], "check_len": null, "definition_context_file_path": null }, { "check_id": "CKV2_DOCKER_10", "bc_check_id": null, "check_name": "Ensure that packages with untrusted or missing signatures are not used by rpm via the '--nodigest', '--nosignature', '--noverify', or '--nofiledigest' options", "check_result": { "result": "PASSED", "entity": { "block_name_": "RUN", "block_type_": "resource", "file_path_": "/Dockerfile.production", "config_": { "content": "RUN npm run db:generate\n", "value": "npm run db:generate", "__startline__": 21, "__endline__": 21 }, "label_": "resource: RUN", "id_": "RUN", "source_": "Dockerfile", "content": "RUN npm run db:generate\n", "value": "npm run db:generate", "__startline__": 21, "__endline__": 21, "resource_type": "RUN", "hash": "c1f9cc0c42260bb0183d7e7b9ec2edab99837111ad42dbbdd7fad09ff3e37ab0" }, "evaluated_keys": [ "value" ] }, "code_block": [ [ 22, "RUN npm run db:generate\n" ] ], "file_path": "/Dockerfile.production", "file_abs_path": "/scan/Dockerfile.production", "repo_file_path": "/Dockerfile.production", "file_line_range": [ 22, 22 ], "resource": "/Dockerfile.production.RUN", "evaluations": null, "check_class": "checkov.common.graph.checks_infra.base_check", "fixed_definition": null, "entity_tags": null, "caller_file_path": null, "caller_file_line_range": null, "resource_address": null, "severity": null, "bc_category": null, "benchmarks": null, "description": null, "short_description": null, "vulnerability_details": null, "connected_node": null, "guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-rpm-signed", "details": [], "check_len": null, "definition_context_file_path": null }, { "check_id": "CKV2_DOCKER_10", "bc_check_id": null, "check_name": "Ensure that packages with untrusted or missing signatures are not used by rpm via the '--nodigest', '--nosignature', '--noverify', or '--nofiledigest' options", "check_result": { "result": "PASSED", "entity": { "block_name_": "RUN", "block_type_": "resource", "file_path_": "/Dockerfile.production", "config_": { "content": "RUN npm run build\n", "value": "npm run build", "__startline__": 22, "__endline__": 22 }, "label_": "resource: RUN", "id_": "RUN", "source_": "Dockerfile", "content": "RUN npm run build\n", "value": "npm run build", "__startline__": 22, "__endline__": 22, "resource_type": "RUN", "hash": "1bf185fb6038f1b491f2a2686de4dd9869ccdd9c3e34d2772cf43bd368377aa6" }, "evaluated_keys": [ "value" ] }, "code_block": [ [ 23, "RUN npm run build\n" ] ], "file_path": "/Dockerfile.production", "file_abs_path": "/scan/Dockerfile.production", "repo_file_path": "/Dockerfile.production", "file_line_range": [ 23, 23 ], "resource": "/Dockerfile.production.RUN", "evaluations": null, "check_class": "checkov.common.graph.checks_infra.base_check", "fixed_definition": null, "entity_tags": null, "caller_file_path": null, "caller_file_line_range": null, "resource_address": null, "severity": null, "bc_category": null, "benchmarks": null, "description": null, "short_description": null, "vulnerability_details": null, "connected_node": null, "guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-rpm-signed", "details": [], "check_len": null, "definition_context_file_path": null }, { "check_id": "CKV2_DOCKER_10", "bc_check_id": null, "check_name": "Ensure that packages with untrusted or missing signatures are not used by rpm via the '--nodigest', '--nosignature', '--noverify', or '--nofiledigest' options", "check_result": { "result": "PASSED", "entity": { "block_name_": "RUN", "block_type_": "resource", "file_path_": "/Dockerfile.production", "config_": { "content": "RUN corepack enable && corepack prepare npm@10.5.0 --activate\n", "value": "corepack enable && corepack prepare npm@10.5.0 --activate", "__startline__": 30, "__endline__": 30 }, "label_": "resource: RUN", "id_": "RUN", "source_": "Dockerfile", "content": "RUN corepack enable && corepack prepare npm@10.5.0 --activate\n", "value": "corepack enable && corepack prepare npm@10.5.0 --activate", "__startline__": 30, "__endline__": 30, "resource_type": "RUN", "hash": "01c88e306f7db45ae7136e3bdb63c4b15978dd024f6ed18210961fc3db3df382" }, "evaluated_keys": [ "value" ] }, "code_block": [ [ 31, "RUN corepack enable && corepack prepare npm@10.5.0 --activate\n" ] ], "file_path": "/Dockerfile.production", "file_abs_path": "/scan/Dockerfile.production", "repo_file_path": "/Dockerfile.production", "file_line_range": [ 31, 31 ], "resource": "/Dockerfile.production.RUN", "evaluations": null, "check_class": "checkov.common.graph.checks_infra.base_check", "fixed_definition": null, "entity_tags": null, "caller_file_path": null, "caller_file_line_range": null, "resource_address": null, "severity": null, "bc_category": null, "benchmarks": null, "description": null, "short_description": null, "vulnerability_details": null, "connected_node": null, "guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-rpm-signed", "details": [], "check_len": null, "definition_context_file_path": null }, { "check_id": "CKV2_DOCKER_10", "bc_check_id": null, "check_name": "Ensure that packages with untrusted or missing signatures are not used by rpm via the '--nodigest', '--nosignature', '--noverify', or '--nofiledigest' options", "check_result": { "result": "PASSED", "entity": { "block_name_": "RUN", "block_type_": "resource", "file_path_": "/Dockerfile.test", "config_": { "content": "RUN corepack enable && corepack prepare npm@10.5.0 --activate\n", "value": "corepack enable && corepack prepare npm@10.5.0 --activate", "__startline__": 4, "__endline__": 4 }, "label_": "resource: RUN", "id_": "RUN", "source_": "Dockerfile", "content": "RUN corepack enable && corepack prepare npm@10.5.0 --activate\n", "value": "corepack enable && corepack prepare npm@10.5.0 --activate", "__startline__": 4, "__endline__": 4, "resource_type": "RUN", "hash": "1d5fb0a211498b8baf37e5744578ad03459da7798534298981f23fdefb7eb757" }, "evaluated_keys": [ "value" ] }, "code_block": [ [ 5, "RUN corepack enable && corepack prepare npm@10.5.0 --activate\n" ] ], "file_path": "/Dockerfile.test", "file_abs_path": "/scan/Dockerfile.test", "repo_file_path": "/Dockerfile.test", "file_line_range": [ 5, 5 ], "resource": "/Dockerfile.test.RUN", "evaluations": null, "check_class": "checkov.common.graph.checks_infra.base_check", "fixed_definition": null, "entity_tags": null, "caller_file_path": null, "caller_file_line_range": null, "resource_address": null, "severity": null, "bc_category": null, "benchmarks": null, "description": null, "short_description": null, "vulnerability_details": null, "connected_node": null, "guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-rpm-signed", "details": [], "check_len": null, "definition_context_file_path": null }, { "check_id": "CKV2_DOCKER_10", "bc_check_id": null, "check_name": "Ensure that packages with untrusted or missing signatures are not used by rpm via the '--nodigest', '--nosignature', '--noverify', or '--nofiledigest' options", "check_result": { "result": "PASSED", "entity": { "block_name_": "RUN", "block_type_": "resource", "file_path_": "/Dockerfile.test", "config_": { "content": "RUN npm install\n", "value": "npm install", "__startline__": 10, "__endline__": 10 }, "label_": "resource: RUN", "id_": "RUN", "source_": "Dockerfile", "content": "RUN npm install\n", "value": "npm install", "__startline__": 10, "__endline__": 10, "resource_type": "RUN", "hash": "fb809e4860a3131df821aea9480445cc6e2f66dd52744dab5f3d2ef5b2848436" }, "evaluated_keys": [ "value" ] }, "code_block": [ [ 11, "RUN npm install\n" ] ], "file_path": "/Dockerfile.test", "file_abs_path": "/scan/Dockerfile.test", "repo_file_path": "/Dockerfile.test", "file_line_range": [ 11, 11 ], "resource": "/Dockerfile.test.RUN", "evaluations": null, "check_class": "checkov.common.graph.checks_infra.base_check", "fixed_definition": null, "entity_tags": null, "caller_file_path": null, "caller_file_line_range": null, "resource_address": null, "severity": null, "bc_category": null, "benchmarks": null, "description": null, "short_description": null, "vulnerability_details": null, "connected_node": null, "guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-rpm-signed", "details": [], "check_len": null, "definition_context_file_path": null }, { "check_id": "CKV2_DOCKER_10", "bc_check_id": null, "check_name": "Ensure that packages with untrusted or missing signatures are not used by rpm via the '--nodigest', '--nosignature', '--noverify', or '--nofiledigest' options", "check_result": { "result": "PASSED", "entity": { "block_name_": "RUN", "block_type_": "resource", "file_path_": "/Dockerfile.dev", "config_": { "content": "RUN npm install -g npm@10.5.0 --no-fund --no-audit\n", "value": "npm install -g npm@10.5.0 --no-fund --no-audit", "__startline__": 4, "__endline__": 4 }, "label_": "resource: RUN", "id_": "RUN", "source_": "Dockerfile", "content": "RUN npm install -g npm@10.5.0 --no-fund --no-audit\n", "value": "npm install -g npm@10.5.0 --no-fund --no-audit", "__startline__": 4, "__endline__": 4, "resource_type": "RUN", "hash": "435bba968d1d0b4c410ea33851637829a16b2ad878f0b9531a737c7a444f91b9" }, "evaluated_keys": [ "value" ] }, "code_block": [ [ 5, "RUN npm install -g npm@10.5.0 --no-fund --no-audit\n" ] ], "file_path": "/Dockerfile.dev", "file_abs_path": "/scan/Dockerfile.dev", "repo_file_path": "/Dockerfile.dev", "file_line_range": [ 5, 5 ], "resource": "/Dockerfile.dev.RUN", "evaluations": null, "check_class": "checkov.common.graph.checks_infra.base_check", "fixed_definition": null, "entity_tags": null, "caller_file_path": null, "caller_file_line_range": null, "resource_address": null, "severity": null, "bc_category": null, "benchmarks": null, "description": null, "short_description": null, "vulnerability_details": null, "connected_node": null, "guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-rpm-signed", "details": [], "check_len": null, "definition_context_file_path": null }, { "check_id": "CKV2_DOCKER_10", "bc_check_id": null, "check_name": "Ensure that packages with untrusted or missing signatures are not used by rpm via the '--nodigest', '--nosignature', '--noverify', or '--nofiledigest' options", "check_result": { "result": "PASSED", "entity": { "block_name_": "RUN", "block_type_": "resource", "file_path_": "/Dockerfile.dev", "config_": { "content": "RUN npm ci --no-fund --no-audit\n", "value": "npm ci --no-fund --no-audit", "__startline__": 10, "__endline__": 10 }, "label_": "resource: RUN", "id_": "RUN", "source_": "Dockerfile", "content": "RUN npm ci --no-fund --no-audit\n", "value": "npm ci --no-fund --no-audit", "__startline__": 10, "__endline__": 10, "resource_type": "RUN", "hash": "57abb1bbe03890ab19f47e5f96b9cbcee02aab65f6980d523df42faf41b709fa" }, "evaluated_keys": [ "value" ] }, "code_block": [ [ 11, "RUN npm ci --no-fund --no-audit\n" ] ], "file_path": "/Dockerfile.dev", "file_abs_path": "/scan/Dockerfile.dev", "repo_file_path": "/Dockerfile.dev", "file_line_range": [ 11, 11 ], "resource": "/Dockerfile.dev.RUN", "evaluations": null, "check_class": "checkov.common.graph.checks_infra.base_check", "fixed_definition": null, "entity_tags": null, "caller_file_path": null, "caller_file_line_range": null, "resource_address": null, "severity": null, "bc_category": null, "benchmarks": null, "description": null, "short_description": null, "vulnerability_details": null, "connected_node": null, "guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-rpm-signed", "details": [], "check_len": null, "definition_context_file_path": null }, { "check_id": "CKV2_DOCKER_7", "bc_check_id": null, "check_name": "Ensure that packages with untrusted or missing signatures are not used by apk via the '--allow-untrusted' option", "check_result": { "result": "PASSED", "entity": { "block_name_": "RUN", "block_type_": "resource", "file_path_": "/Dockerfile.production", "config_": { "content": "RUN corepack enable && corepack prepare npm@10.5.0 --activate\n", "value": "corepack enable && corepack prepare npm@10.5.0 --activate", "__startline__": 4, "__endline__": 4 }, "label_": "resource: RUN", "id_": "RUN", "source_": "Dockerfile", "content": "RUN corepack enable && corepack prepare npm@10.5.0 --activate\n", "value": "corepack enable && corepack prepare npm@10.5.0 --activate", "__startline__": 4, "__endline__": 4, "resource_type": "RUN", "hash": "dbd32b6bad6b728919787011f82d60c50d7b2d1c079f814de2b1640696c98816" }, "evaluated_keys": [ "value" ] }, "code_block": [ [ 5, "RUN corepack enable && corepack prepare npm@10.5.0 --activate\n" ] ], "file_path": "/Dockerfile.production", "file_abs_path": "/scan/Dockerfile.production", "repo_file_path": "/Dockerfile.production", "file_line_range": [ 5, 5 ], "resource": "/Dockerfile.production.RUN", "evaluations": null, "check_class": "checkov.common.graph.checks_infra.base_check", "fixed_definition": null, "entity_tags": null, "caller_file_path": null, "caller_file_line_range": null, "resource_address": null, "severity": null, "bc_category": null, "benchmarks": null, "description": null, "short_description": null, "vulnerability_details": null, "connected_node": null, "guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-apk-trusted", "details": [], "check_len": null, "definition_context_file_path": null }, { "check_id": "CKV2_DOCKER_7", "bc_check_id": null, "check_name": "Ensure that packages with untrusted or missing signatures are not used by apk via the '--allow-untrusted' option", "check_result": { "result": "PASSED", "entity": { "block_name_": "RUN", "block_type_": "resource", "file_path_": "/Dockerfile.production", "config_": { "content": "RUN npm install\n", "value": "npm install", "__startline__": 20, "__endline__": 20 }, "label_": "resource: RUN", "id_": "RUN", "source_": "Dockerfile", "content": "RUN npm install\n", "value": "npm install", "__startline__": 20, "__endline__": 20, "resource_type": "RUN", "hash": "6979b14e6a853ac150ffef85c5e28fd49c956054ea2cb1d01440e13b17260c4a" }, "evaluated_keys": [ "value" ] }, "code_block": [ [ 21, "RUN npm install\n" ] ], "file_path": "/Dockerfile.production", "file_abs_path": "/scan/Dockerfile.production", "repo_file_path": "/Dockerfile.production", "file_line_range": [ 21, 21 ], "resource": "/Dockerfile.production.RUN", "evaluations": null, "check_class": "checkov.common.graph.checks_infra.base_check", "fixed_definition": null, "entity_tags": null, "caller_file_path": null, "caller_file_line_range": null, "resource_address": null, "severity": null, "bc_category": null, "benchmarks": null, "description": null, "short_description": null, "vulnerability_details": null, "connected_node": null, "guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-apk-trusted", "details": [], "check_len": null, "definition_context_file_path": null }, { "check_id": "CKV2_DOCKER_7", "bc_check_id": null, "check_name": "Ensure that packages with untrusted or missing signatures are not used by apk via the '--allow-untrusted' option", "check_result": { "result": "PASSED", "entity": { "block_name_": "RUN", "block_type_": "resource", "file_path_": "/Dockerfile.production", "config_": { "content": "RUN npm run db:generate\n", "value": "npm run db:generate", "__startline__": 21, "__endline__": 21 }, "label_": "resource: RUN", "id_": "RUN", "source_": "Dockerfile", "content": "RUN npm run db:generate\n", "value": "npm run db:generate", "__startline__": 21, "__endline__": 21, "resource_type": "RUN", "hash": "c1f9cc0c42260bb0183d7e7b9ec2edab99837111ad42dbbdd7fad09ff3e37ab0" }, "evaluated_keys": [ "value" ] }, "code_block": [ [ 22, "RUN npm run db:generate\n" ] ], "file_path": "/Dockerfile.production", "file_abs_path": "/scan/Dockerfile.production", "repo_file_path": "/Dockerfile.production", "file_line_range": [ 22, 22 ], "resource": "/Dockerfile.production.RUN", "evaluations": null, "check_class": "checkov.common.graph.checks_infra.base_check", "fixed_definition": null, "entity_tags": null, "caller_file_path": null, "caller_file_line_range": null, "resource_address": null, "severity": null, "bc_category": null, "benchmarks": null, "description": null, "short_description": null, "vulnerability_details": null, "connected_node": null, "guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-apk-trusted", "details": [], "check_len": null, "definition_context_file_path": null }, { "check_id": "CKV2_DOCKER_7", "bc_check_id": null, "check_name": "Ensure that packages with untrusted or missing signatures are not used by apk via the '--allow-untrusted' option", "check_result": { "result": "PASSED", "entity": { "block_name_": "RUN", "block_type_": "resource", "file_path_": "/Dockerfile.production", "config_": { "content": "RUN npm run build\n", "value": "npm run build", "__startline__": 22, "__endline__": 22 }, "label_": "resource: RUN", "id_": "RUN", "source_": "Dockerfile", "content": "RUN npm run build\n", "value": "npm run build", "__startline__": 22, "__endline__": 22, "resource_type": "RUN", "hash": "1bf185fb6038f1b491f2a2686de4dd9869ccdd9c3e34d2772cf43bd368377aa6" }, "evaluated_keys": [ "value" ] }, "code_block": [ [ 23, "RUN npm run build\n" ] ], "file_path": "/Dockerfile.production", "file_abs_path": "/scan/Dockerfile.production", "repo_file_path": "/Dockerfile.production", "file_line_range": [ 23, 23 ], "resource": "/Dockerfile.production.RUN", "evaluations": null, "check_class": "checkov.common.graph.checks_infra.base_check", "fixed_definition": null, "entity_tags": null, "caller_file_path": null, "caller_file_line_range": null, "resource_address": null, "severity": null, "bc_category": null, "benchmarks": null, "description": null, "short_description": null, "vulnerability_details": null, "connected_node": null, "guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-apk-trusted", "details": [], "check_len": null, "definition_context_file_path": null }, { "check_id": "CKV2_DOCKER_7", "bc_check_id": null, "check_name": "Ensure that packages with untrusted or missing signatures are not used by apk via the '--allow-untrusted' option", "check_result": { "result": "PASSED", "entity": { "block_name_": "RUN", "block_type_": "resource", "file_path_": "/Dockerfile.production", "config_": { "content": "RUN corepack enable && corepack prepare npm@10.5.0 --activate\n", "value": "corepack enable && corepack prepare npm@10.5.0 --activate", "__startline__": 30, "__endline__": 30 }, "label_": "resource: RUN", "id_": "RUN", "source_": "Dockerfile", "content": "RUN corepack enable && corepack prepare npm@10.5.0 --activate\n", "value": "corepack enable && corepack prepare npm@10.5.0 --activate", "__startline__": 30, "__endline__": 30, "resource_type": "RUN", "hash": "01c88e306f7db45ae7136e3bdb63c4b15978dd024f6ed18210961fc3db3df382" }, "evaluated_keys": [ "value" ] }, "code_block": [ [ 31, "RUN corepack enable && corepack prepare npm@10.5.0 --activate\n" ] ], "file_path": "/Dockerfile.production", "file_abs_path": "/scan/Dockerfile.production", "repo_file_path": "/Dockerfile.production", "file_line_range": [ 31, 31 ], "resource": "/Dockerfile.production.RUN", "evaluations": null, "check_class": "checkov.common.graph.checks_infra.base_check", "fixed_definition": null, "entity_tags": null, "caller_file_path": null, "caller_file_line_range": null, "resource_address": null, "severity": null, "bc_category": null, "benchmarks": null, "description": null, "short_description": null, "vulnerability_details": null, "connected_node": null, "guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-apk-trusted", "details": [], "check_len": null, "definition_context_file_path": null }, { "check_id": "CKV2_DOCKER_7", "bc_check_id": null, "check_name": "Ensure that packages with untrusted or missing signatures are not used by apk via the '--allow-untrusted' option", "check_result": { "result": "PASSED", "entity": { "block_name_": "RUN", "block_type_": "resource", "file_path_": "/Dockerfile.test", "config_": { "content": "RUN corepack enable && corepack prepare npm@10.5.0 --activate\n", "value": "corepack enable && corepack prepare npm@10.5.0 --activate", "__startline__": 4, "__endline__": 4 }, "label_": "resource: RUN", "id_": "RUN", "source_": "Dockerfile", "content": "RUN corepack enable && corepack prepare npm@10.5.0 --activate\n", "value": "corepack enable && corepack prepare npm@10.5.0 --activate", "__startline__": 4, "__endline__": 4, "resource_type": "RUN", "hash": "1d5fb0a211498b8baf37e5744578ad03459da7798534298981f23fdefb7eb757" }, "evaluated_keys": [ "value" ] }, "code_block": [ [ 5, "RUN corepack enable && corepack prepare npm@10.5.0 --activate\n" ] ], "file_path": "/Dockerfile.test", "file_abs_path": "/scan/Dockerfile.test", "repo_file_path": "/Dockerfile.test", "file_line_range": [ 5, 5 ], "resource": "/Dockerfile.test.RUN", "evaluations": null, "check_class": "checkov.common.graph.checks_infra.base_check", "fixed_definition": null, "entity_tags": null, "caller_file_path": null, "caller_file_line_range": null, "resource_address": null, "severity": null, "bc_category": null, "benchmarks": null, "description": null, "short_description": null, "vulnerability_details": null, "connected_node": null, "guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-apk-trusted", "details": [], "check_len": null, "definition_context_file_path": null }, { "check_id": "CKV2_DOCKER_7", "bc_check_id": null, "check_name": "Ensure that packages with untrusted or missing signatures are not used by apk via the '--allow-untrusted' option", "check_result": { "result": "PASSED", "entity": { "block_name_": "RUN", "block_type_": "resource", "file_path_": "/Dockerfile.test", "config_": { "content": "RUN npm install\n", "value": "npm install", "__startline__": 10, "__endline__": 10 }, "label_": "resource: RUN", "id_": "RUN", "source_": "Dockerfile", "content": "RUN npm install\n", "value": "npm install", "__startline__": 10, "__endline__": 10, "resource_type": "RUN", "hash": "fb809e4860a3131df821aea9480445cc6e2f66dd52744dab5f3d2ef5b2848436" }, "evaluated_keys": [ "value" ] }, "code_block": [ [ 11, "RUN npm install\n" ] ], "file_path": "/Dockerfile.test", "file_abs_path": "/scan/Dockerfile.test", "repo_file_path": "/Dockerfile.test", "file_line_range": [ 11, 11 ], "resource": "/Dockerfile.test.RUN", "evaluations": null, "check_class": "checkov.common.graph.checks_infra.base_check", "fixed_definition": null, "entity_tags": null, "caller_file_path": null, "caller_file_line_range": null, "resource_address": null, "severity": null, "bc_category": null, "benchmarks": null, "description": null, "short_description": null, "vulnerability_details": null, "connected_node": null, "guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-apk-trusted", "details": [], "check_len": null, "definition_context_file_path": null }, { "check_id": "CKV2_DOCKER_7", "bc_check_id": null, "check_name": "Ensure that packages with untrusted or missing signatures are not used by apk via the '--allow-untrusted' option", "check_result": { "result": "PASSED", "entity": { "block_name_": "RUN", "block_type_": "resource", "file_path_": "/Dockerfile.dev", "config_": { "content": "RUN npm install -g npm@10.5.0 --no-fund --no-audit\n", "value": "npm install -g npm@10.5.0 --no-fund --no-audit", "__startline__": 4, "__endline__": 4 }, "label_": "resource: RUN", "id_": "RUN", "source_": "Dockerfile", "content": "RUN npm install -g npm@10.5.0 --no-fund --no-audit\n", "value": "npm install -g npm@10.5.0 --no-fund --no-audit", "__startline__": 4, "__endline__": 4, "resource_type": "RUN", "hash": "435bba968d1d0b4c410ea33851637829a16b2ad878f0b9531a737c7a444f91b9" }, "evaluated_keys": [ "value" ] }, "code_block": [ [ 5, "RUN npm install -g npm@10.5.0 --no-fund --no-audit\n" ] ], "file_path": "/Dockerfile.dev", "file_abs_path": "/scan/Dockerfile.dev", "repo_file_path": "/Dockerfile.dev", "file_line_range": [ 5, 5 ], "resource": "/Dockerfile.dev.RUN", "evaluations": null, "check_class": "checkov.common.graph.checks_infra.base_check", "fixed_definition": null, "entity_tags": null, "caller_file_path": null, "caller_file_line_range": null, "resource_address": null, "severity": null, "bc_category": null, "benchmarks": null, "description": null, "short_description": null, "vulnerability_details": null, "connected_node": null, "guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-apk-trusted", "details": [], "check_len": null, "definition_context_file_path": null }, { "check_id": "CKV2_DOCKER_7", "bc_check_id": null, "check_name": "Ensure that packages with untrusted or missing signatures are not used by apk via the '--allow-untrusted' option", "check_result": { "result": "PASSED", "entity": { "block_name_": "RUN", "block_type_": "resource", "file_path_": "/Dockerfile.dev", "config_": { "content": "RUN npm ci --no-fund --no-audit\n", "value": "npm ci --no-fund --no-audit", "__startline__": 10, "__endline__": 10 }, "label_": "resource: RUN", "id_": "RUN", "source_": "Dockerfile", "content": "RUN npm ci --no-fund --no-audit\n", "value": "npm ci --no-fund --no-audit", "__startline__": 10, "__endline__": 10, "resource_type": "RUN", "hash": "57abb1bbe03890ab19f47e5f96b9cbcee02aab65f6980d523df42faf41b709fa" }, "evaluated_keys": [ "value" ] }, "code_block": [ [ 11, "RUN npm ci --no-fund --no-audit\n" ] ], "file_path": "/Dockerfile.dev", "file_abs_path": "/scan/Dockerfile.dev", "repo_file_path": "/Dockerfile.dev", "file_line_range": [ 11, 11 ], "resource": "/Dockerfile.dev.RUN", "evaluations": null, "check_class": "checkov.common.graph.checks_infra.base_check", "fixed_definition": null, "entity_tags": null, "caller_file_path": null, "caller_file_line_range": null, "resource_address": null, "severity": null, "bc_category": null, "benchmarks": null, "description": null, "short_description": null, "vulnerability_details": null, "connected_node": null, "guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-apk-trusted", "details": [], "check_len": null, "definition_context_file_path": null }, { "check_id": "CKV2_DOCKER_4", "bc_check_id": null, "check_name": "Ensure that certificate validation isn't disabled with the pip '--trusted-host' option", "check_result": { "result": "PASSED", "entity": { "block_name_": "RUN", "block_type_": "resource", "file_path_": "/Dockerfile.production", "config_": { "content": "RUN corepack enable && corepack prepare npm@10.5.0 --activate\n", "value": "corepack enable && corepack prepare npm@10.5.0 --activate", "__startline__": 4, "__endline__": 4 }, "label_": "resource: RUN", "id_": "RUN", "source_": "Dockerfile", "content": "RUN corepack enable && corepack prepare npm@10.5.0 --activate\n", "value": "corepack enable && corepack prepare npm@10.5.0 --activate", "__startline__": 4, "__endline__": 4, "resource_type": "RUN", "hash": "dbd32b6bad6b728919787011f82d60c50d7b2d1c079f814de2b1640696c98816" }, "evaluated_keys": [ "value" ] }, "code_block": [ [ 5, "RUN corepack enable && corepack prepare npm@10.5.0 --activate\n" ] ], "file_path": "/Dockerfile.production", "file_abs_path": "/scan/Dockerfile.production", "repo_file_path": "/Dockerfile.production", "file_line_range": [ 5, 5 ], "resource": "/Dockerfile.production.RUN", "evaluations": null, "check_class": "checkov.common.graph.checks_infra.base_check", "fixed_definition": null, "entity_tags": null, "caller_file_path": null, "caller_file_line_range": null, "resource_address": null, "severity": null, "bc_category": null, "benchmarks": null, "description": null, "short_description": null, "vulnerability_details": null, "connected_node": null, "guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-pip-secure", "details": [], "check_len": null, "definition_context_file_path": null }, { "check_id": "CKV2_DOCKER_4", "bc_check_id": null, "check_name": "Ensure that certificate validation isn't disabled with the pip '--trusted-host' option", "check_result": { "result": "PASSED", "entity": { "block_name_": "RUN", "block_type_": "resource", "file_path_": "/Dockerfile.production", "config_": { "content": "RUN npm install\n", "value": "npm install", "__startline__": 20, "__endline__": 20 }, "label_": "resource: RUN", "id_": "RUN", "source_": "Dockerfile", "content": "RUN npm install\n", "value": "npm install", "__startline__": 20, "__endline__": 20, "resource_type": "RUN", "hash": "6979b14e6a853ac150ffef85c5e28fd49c956054ea2cb1d01440e13b17260c4a" }, "evaluated_keys": [ "value" ] }, "code_block": [ [ 21, "RUN npm install\n" ] ], "file_path": "/Dockerfile.production", "file_abs_path": "/scan/Dockerfile.production", "repo_file_path": "/Dockerfile.production", "file_line_range": [ 21, 21 ], "resource": "/Dockerfile.production.RUN", "evaluations": null, "check_class": "checkov.common.graph.checks_infra.base_check", "fixed_definition": null, "entity_tags": null, "caller_file_path": null, "caller_file_line_range": null, "resource_address": null, "severity": null, "bc_category": null, "benchmarks": null, "description": null, "short_description": null, "vulnerability_details": null, "connected_node": null, "guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-pip-secure", "details": [], "check_len": null, "definition_context_file_path": null }, { "check_id": "CKV2_DOCKER_4", "bc_check_id": null, "check_name": "Ensure that certificate validation isn't disabled with the pip '--trusted-host' option", "check_result": { "result": "PASSED", "entity": { "block_name_": "RUN", "block_type_": "resource", "file_path_": "/Dockerfile.production", "config_": { "content": "RUN npm run db:generate\n", "value": "npm run db:generate", "__startline__": 21, "__endline__": 21 }, "label_": "resource: RUN", "id_": "RUN", "source_": "Dockerfile", "content": "RUN npm run db:generate\n", "value": "npm run db:generate", "__startline__": 21, "__endline__": 21, "resource_type": "RUN", "hash": "c1f9cc0c42260bb0183d7e7b9ec2edab99837111ad42dbbdd7fad09ff3e37ab0" }, "evaluated_keys": [ "value" ] }, "code_block": [ [ 22, "RUN npm run db:generate\n" ] ], "file_path": "/Dockerfile.production", "file_abs_path": "/scan/Dockerfile.production", "repo_file_path": "/Dockerfile.production", "file_line_range": [ 22, 22 ], "resource": "/Dockerfile.production.RUN", "evaluations": null, "check_class": "checkov.common.graph.checks_infra.base_check", "fixed_definition": null, "entity_tags": null, "caller_file_path": null, "caller_file_line_range": null, "resource_address": null, "severity": null, "bc_category": null, "benchmarks": null, "description": null, "short_description": null, "vulnerability_details": null, "connected_node": null, "guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-pip-secure", "details": [], "check_len": null, "definition_context_file_path": null }, { "check_id": "CKV2_DOCKER_4", "bc_check_id": null, "check_name": "Ensure that certificate validation isn't disabled with the pip '--trusted-host' option", "check_result": { "result": "PASSED", "entity": { "block_name_": "RUN", "block_type_": "resource", "file_path_": "/Dockerfile.production", "config_": { "content": "RUN npm run build\n", "value": "npm run build", "__startline__": 22, "__endline__": 22 }, "label_": "resource: RUN", "id_": "RUN", "source_": "Dockerfile", "content": "RUN npm run build\n", "value": "npm run build", "__startline__": 22, "__endline__": 22, "resource_type": "RUN", "hash": "1bf185fb6038f1b491f2a2686de4dd9869ccdd9c3e34d2772cf43bd368377aa6" }, "evaluated_keys": [ "value" ] }, "code_block": [ [ 23, "RUN npm run build\n" ] ], "file_path": "/Dockerfile.production", "file_abs_path": "/scan/Dockerfile.production", "repo_file_path": "/Dockerfile.production", "file_line_range": [ 23, 23 ], "resource": "/Dockerfile.production.RUN", "evaluations": null, "check_class": "checkov.common.graph.checks_infra.base_check", "fixed_definition": null, "entity_tags": null, "caller_file_path": null, "caller_file_line_range": null, "resource_address": null, "severity": null, "bc_category": null, "benchmarks": null, "description": null, "short_description": null, "vulnerability_details": null, "connected_node": null, "guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-pip-secure", "details": [], "check_len": null, "definition_context_file_path": null }, { "check_id": "CKV2_DOCKER_4", "bc_check_id": null, "check_name": "Ensure that certificate validation isn't disabled with the pip '--trusted-host' option", "check_result": { "result": "PASSED", "entity": { "block_name_": "RUN", "block_type_": "resource", "file_path_": "/Dockerfile.production", "config_": { "content": "RUN corepack enable && corepack prepare npm@10.5.0 --activate\n", "value": "corepack enable && corepack prepare npm@10.5.0 --activate", "__startline__": 30, "__endline__": 30 }, "label_": "resource: RUN", "id_": "RUN", "source_": "Dockerfile", "content": "RUN corepack enable && corepack prepare npm@10.5.0 --activate\n", "value": "corepack enable && corepack prepare npm@10.5.0 --activate", "__startline__": 30, "__endline__": 30, "resource_type": "RUN", "hash": "01c88e306f7db45ae7136e3bdb63c4b15978dd024f6ed18210961fc3db3df382" }, "evaluated_keys": [ "value" ] }, "code_block": [ [ 31, "RUN corepack enable && corepack prepare npm@10.5.0 --activate\n" ] ], "file_path": "/Dockerfile.production", "file_abs_path": "/scan/Dockerfile.production", "repo_file_path": "/Dockerfile.production", "file_line_range": [ 31, 31 ], "resource": "/Dockerfile.production.RUN", "evaluations": null, "check_class": "checkov.common.graph.checks_infra.base_check", "fixed_definition": null, "entity_tags": null, "caller_file_path": null, "caller_file_line_range": null, "resource_address": null, "severity": null, "bc_category": null, "benchmarks": null, "description": null, "short_description": null, "vulnerability_details": null, "connected_node": null, "guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-pip-secure", "details": [], "check_len": null, "definition_context_file_path": null }, { "check_id": "CKV2_DOCKER_4", "bc_check_id": null, "check_name": "Ensure that certificate validation isn't disabled with the pip '--trusted-host' option", "check_result": { "result": "PASSED", "entity": { "block_name_": "RUN", "block_type_": "resource", "file_path_": "/Dockerfile.test", "config_": { "content": "RUN corepack enable && corepack prepare npm@10.5.0 --activate\n", "value": "corepack enable && corepack prepare npm@10.5.0 --activate", "__startline__": 4, "__endline__": 4 }, "label_": "resource: RUN", "id_": "RUN", "source_": "Dockerfile", "content": "RUN corepack enable && corepack prepare npm@10.5.0 --activate\n", "value": "corepack enable && corepack prepare npm@10.5.0 --activate", "__startline__": 4, "__endline__": 4, "resource_type": "RUN", "hash": "1d5fb0a211498b8baf37e5744578ad03459da7798534298981f23fdefb7eb757" }, "evaluated_keys": [ "value" ] }, "code_block": [ [ 5, "RUN corepack enable && corepack prepare npm@10.5.0 --activate\n" ] ], "file_path": "/Dockerfile.test", "file_abs_path": "/scan/Dockerfile.test", "repo_file_path": "/Dockerfile.test", "file_line_range": [ 5, 5 ], "resource": "/Dockerfile.test.RUN", "evaluations": null, "check_class": "checkov.common.graph.checks_infra.base_check", "fixed_definition": null, "entity_tags": null, "caller_file_path": null, "caller_file_line_range": null, "resource_address": null, "severity": null, "bc_category": null, "benchmarks": null, "description": null, "short_description": null, "vulnerability_details": null, "connected_node": null, "guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-pip-secure", "details": [], "check_len": null, "definition_context_file_path": null }, { "check_id": "CKV2_DOCKER_4", "bc_check_id": null, "check_name": "Ensure that certificate validation isn't disabled with the pip '--trusted-host' option", "check_result": { "result": "PASSED", "entity": { "block_name_": "RUN", "block_type_": "resource", "file_path_": "/Dockerfile.test", "config_": { "content": "RUN npm install\n", "value": "npm install", "__startline__": 10, "__endline__": 10 }, "label_": "resource: RUN", "id_": "RUN", "source_": "Dockerfile", "content": "RUN npm install\n", "value": "npm install", "__startline__": 10, "__endline__": 10, "resource_type": "RUN", "hash": "fb809e4860a3131df821aea9480445cc6e2f66dd52744dab5f3d2ef5b2848436" }, "evaluated_keys": [ "value" ] }, "code_block": [ [ 11, "RUN npm install\n" ] ], "file_path": "/Dockerfile.test", "file_abs_path": "/scan/Dockerfile.test", "repo_file_path": "/Dockerfile.test", "file_line_range": [ 11, 11 ], "resource": "/Dockerfile.test.RUN", "evaluations": null, "check_class": "checkov.common.graph.checks_infra.base_check", "fixed_definition": null, "entity_tags": null, "caller_file_path": null, "caller_file_line_range": null, "resource_address": null, "severity": null, "bc_category": null, "benchmarks": null, "description": null, "short_description": null, "vulnerability_details": null, "connected_node": null, "guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-pip-secure", "details": [], "check_len": null, "definition_context_file_path": null }, { "check_id": "CKV2_DOCKER_4", "bc_check_id": null, "check_name": "Ensure that certificate validation isn't disabled with the pip '--trusted-host' option", "check_result": { "result": "PASSED", "entity": { "block_name_": "RUN", "block_type_": "resource", "file_path_": "/Dockerfile.dev", "config_": { "content": "RUN npm install -g npm@10.5.0 --no-fund --no-audit\n", "value": "npm install -g npm@10.5.0 --no-fund --no-audit", "__startline__": 4, "__endline__": 4 }, "label_": "resource: RUN", "id_": "RUN", "source_": "Dockerfile", "content": "RUN npm install -g npm@10.5.0 --no-fund --no-audit\n", "value": "npm install -g npm@10.5.0 --no-fund --no-audit", "__startline__": 4, "__endline__": 4, "resource_type": "RUN", "hash": "435bba968d1d0b4c410ea33851637829a16b2ad878f0b9531a737c7a444f91b9" }, "evaluated_keys": [ "value" ] }, "code_block": [ [ 5, "RUN npm install -g npm@10.5.0 --no-fund --no-audit\n" ] ], "file_path": "/Dockerfile.dev", "file_abs_path": "/scan/Dockerfile.dev", "repo_file_path": "/Dockerfile.dev", "file_line_range": [ 5, 5 ], "resource": "/Dockerfile.dev.RUN", "evaluations": null, "check_class": "checkov.common.graph.checks_infra.base_check", "fixed_definition": null, "entity_tags": null, "caller_file_path": null, "caller_file_line_range": null, "resource_address": null, "severity": null, "bc_category": null, "benchmarks": null, "description": null, "short_description": null, "vulnerability_details": null, "connected_node": null, "guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-pip-secure", "details": [], "check_len": null, "definition_context_file_path": null }, { "check_id": "CKV2_DOCKER_4", "bc_check_id": null, "check_name": "Ensure that certificate validation isn't disabled with the pip '--trusted-host' option", "check_result": { "result": "PASSED", "entity": { "block_name_": "RUN", "block_type_": "resource", "file_path_": "/Dockerfile.dev", "config_": { "content": "RUN npm ci --no-fund --no-audit\n", "value": "npm ci --no-fund --no-audit", "__startline__": 10, "__endline__": 10 }, "label_": "resource: RUN", "id_": "RUN", "source_": "Dockerfile", "content": "RUN npm ci --no-fund --no-audit\n", "value": "npm ci --no-fund --no-audit", "__startline__": 10, "__endline__": 10, "resource_type": "RUN", "hash": "57abb1bbe03890ab19f47e5f96b9cbcee02aab65f6980d523df42faf41b709fa" }, "evaluated_keys": [ "value" ] }, "code_block": [ [ 11, "RUN npm ci --no-fund --no-audit\n" ] ], "file_path": "/Dockerfile.dev", "file_abs_path": "/scan/Dockerfile.dev", "repo_file_path": "/Dockerfile.dev", "file_line_range": [ 11, 11 ], "resource": "/Dockerfile.dev.RUN", "evaluations": null, "check_class": "checkov.common.graph.checks_infra.base_check", "fixed_definition": null, "entity_tags": null, "caller_file_path": null, "caller_file_line_range": null, "resource_address": null, "severity": null, "bc_category": null, "benchmarks": null, "description": null, "short_description": null, "vulnerability_details": null, "connected_node": null, "guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-pip-secure", "details": [], "check_len": null, "definition_context_file_path": null }, { "check_id": "CKV2_DOCKER_2", "bc_check_id": null, "check_name": "Ensure that certificate validation isn't disabled with curl", "check_result": { "result": "PASSED", "entity": { "block_name_": "RUN", "block_type_": "resource", "file_path_": "/Dockerfile.production", "config_": { "content": "RUN corepack enable && corepack prepare npm@10.5.0 --activate\n", "value": "corepack enable && corepack prepare npm@10.5.0 --activate", "__startline__": 4, "__endline__": 4 }, "label_": "resource: RUN", "id_": "RUN", "source_": "Dockerfile", "content": "RUN corepack enable && corepack prepare npm@10.5.0 --activate\n", "value": "corepack enable && corepack prepare npm@10.5.0 --activate", "__startline__": 4, "__endline__": 4, "resource_type": "RUN", "hash": "dbd32b6bad6b728919787011f82d60c50d7b2d1c079f814de2b1640696c98816" }, "evaluated_keys": [ "value" ] }, "code_block": [ [ 5, "RUN corepack enable && corepack prepare npm@10.5.0 --activate\n" ] ], "file_path": "/Dockerfile.production", "file_abs_path": "/scan/Dockerfile.production", "repo_file_path": "/Dockerfile.production", "file_line_range": [ 5, 5 ], "resource": "/Dockerfile.production.RUN", "evaluations": null, "check_class": "checkov.common.graph.checks_infra.base_check", "fixed_definition": null, "entity_tags": null, "caller_file_path": null, "caller_file_line_range": null, "resource_address": null, "severity": null, "bc_category": null, "benchmarks": null, "description": null, "short_description": null, "vulnerability_details": null, "connected_node": null, "guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-curl-secure", "details": [], "check_len": null, "definition_context_file_path": null }, { "check_id": "CKV2_DOCKER_2", "bc_check_id": null, "check_name": "Ensure that certificate validation isn't disabled with curl", "check_result": { "result": "PASSED", "entity": { "block_name_": "RUN", "block_type_": "resource", "file_path_": "/Dockerfile.production", "config_": { "content": "RUN npm install\n", "value": "npm install", "__startline__": 20, "__endline__": 20 }, "label_": "resource: RUN", "id_": "RUN", "source_": "Dockerfile", "content": "RUN npm install\n", "value": "npm install", "__startline__": 20, "__endline__": 20, "resource_type": "RUN", "hash": "6979b14e6a853ac150ffef85c5e28fd49c956054ea2cb1d01440e13b17260c4a" }, "evaluated_keys": [ "value" ] }, "code_block": [ [ 21, "RUN npm install\n" ] ], "file_path": "/Dockerfile.production", "file_abs_path": "/scan/Dockerfile.production", "repo_file_path": "/Dockerfile.production", "file_line_range": [ 21, 21 ], "resource": "/Dockerfile.production.RUN", "evaluations": null, "check_class": "checkov.common.graph.checks_infra.base_check", "fixed_definition": null, "entity_tags": null, "caller_file_path": null, "caller_file_line_range": null, "resource_address": null, "severity": null, "bc_category": null, "benchmarks": null, "description": null, "short_description": null, "vulnerability_details": null, "connected_node": null, "guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-curl-secure", "details": [], "check_len": null, "definition_context_file_path": null }, { "check_id": "CKV2_DOCKER_2", "bc_check_id": null, "check_name": "Ensure that certificate validation isn't disabled with curl", "check_result": { "result": "PASSED", "entity": { "block_name_": "RUN", "block_type_": "resource", "file_path_": "/Dockerfile.production", "config_": { "content": "RUN npm run db:generate\n", "value": "npm run db:generate", "__startline__": 21, "__endline__": 21 }, "label_": "resource: RUN", "id_": "RUN", "source_": "Dockerfile", "content": "RUN npm run db:generate\n", "value": "npm run db:generate", "__startline__": 21, "__endline__": 21, "resource_type": "RUN", "hash": "c1f9cc0c42260bb0183d7e7b9ec2edab99837111ad42dbbdd7fad09ff3e37ab0" }, "evaluated_keys": [ "value" ] }, "code_block": [ [ 22, "RUN npm run db:generate\n" ] ], "file_path": "/Dockerfile.production", "file_abs_path": "/scan/Dockerfile.production", "repo_file_path": "/Dockerfile.production", "file_line_range": [ 22, 22 ], "resource": "/Dockerfile.production.RUN", "evaluations": null, "check_class": "checkov.common.graph.checks_infra.base_check", "fixed_definition": null, "entity_tags": null, "caller_file_path": null, "caller_file_line_range": null, "resource_address": null, "severity": null, "bc_category": null, "benchmarks": null, "description": null, "short_description": null, "vulnerability_details": null, "connected_node": null, "guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-curl-secure", "details": [], "check_len": null, "definition_context_file_path": null }, { "check_id": "CKV2_DOCKER_2", "bc_check_id": null, "check_name": "Ensure that certificate validation isn't disabled with curl", "check_result": { "result": "PASSED", "entity": { "block_name_": "RUN", "block_type_": "resource", "file_path_": "/Dockerfile.production", "config_": { "content": "RUN npm run build\n", "value": "npm run build", "__startline__": 22, "__endline__": 22 }, "label_": "resource: RUN", "id_": "RUN", "source_": "Dockerfile", "content": "RUN npm run build\n", "value": "npm run build", "__startline__": 22, "__endline__": 22, "resource_type": "RUN", "hash": "1bf185fb6038f1b491f2a2686de4dd9869ccdd9c3e34d2772cf43bd368377aa6" }, "evaluated_keys": [ "value" ] }, "code_block": [ [ 23, "RUN npm run build\n" ] ], "file_path": "/Dockerfile.production", "file_abs_path": "/scan/Dockerfile.production", "repo_file_path": "/Dockerfile.production", "file_line_range": [ 23, 23 ], "resource": "/Dockerfile.production.RUN", "evaluations": null, "check_class": "checkov.common.graph.checks_infra.base_check", "fixed_definition": null, "entity_tags": null, "caller_file_path": null, "caller_file_line_range": null, "resource_address": null, "severity": null, "bc_category": null, "benchmarks": null, "description": null, "short_description": null, "vulnerability_details": null, "connected_node": null, "guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-curl-secure", "details": [], "check_len": null, "definition_context_file_path": null }, { "check_id": "CKV2_DOCKER_2", "bc_check_id": null, "check_name": "Ensure that certificate validation isn't disabled with curl", "check_result": { "result": "PASSED", "entity": { "block_name_": "RUN", "block_type_": "resource", "file_path_": "/Dockerfile.production", "config_": { "content": "RUN corepack enable && corepack prepare npm@10.5.0 --activate\n", "value": "corepack enable && corepack prepare npm@10.5.0 --activate", "__startline__": 30, "__endline__": 30 }, "label_": "resource: RUN", "id_": "RUN", "source_": "Dockerfile", "content": "RUN corepack enable && corepack prepare npm@10.5.0 --activate\n", "value": "corepack enable && corepack prepare npm@10.5.0 --activate", "__startline__": 30, "__endline__": 30, "resource_type": "RUN", "hash": "01c88e306f7db45ae7136e3bdb63c4b15978dd024f6ed18210961fc3db3df382" }, "evaluated_keys": [ "value" ] }, "code_block": [ [ 31, "RUN corepack enable && corepack prepare npm@10.5.0 --activate\n" ] ], "file_path": "/Dockerfile.production", "file_abs_path": "/scan/Dockerfile.production", "repo_file_path": "/Dockerfile.production", "file_line_range": [ 31, 31 ], "resource": "/Dockerfile.production.RUN", "evaluations": null, "check_class": "checkov.common.graph.checks_infra.base_check", "fixed_definition": null, "entity_tags": null, "caller_file_path": null, "caller_file_line_range": null, "resource_address": null, "severity": null, "bc_category": null, "benchmarks": null, "description": null, "short_description": null, "vulnerability_details": null, "connected_node": null, "guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-curl-secure", "details": [], "check_len": null, "definition_context_file_path": null }, { "check_id": "CKV2_DOCKER_2", "bc_check_id": null, "check_name": "Ensure that certificate validation isn't disabled with curl", "check_result": { "result": "PASSED", "entity": { "block_name_": "RUN", "block_type_": "resource", "file_path_": "/Dockerfile.test", "config_": { "content": "RUN corepack enable && corepack prepare npm@10.5.0 --activate\n", "value": "corepack enable && corepack prepare npm@10.5.0 --activate", "__startline__": 4, "__endline__": 4 }, "label_": "resource: RUN", "id_": "RUN", "source_": "Dockerfile", "content": "RUN corepack enable && corepack prepare npm@10.5.0 --activate\n", "value": "corepack enable && corepack prepare npm@10.5.0 --activate", "__startline__": 4, "__endline__": 4, "resource_type": "RUN", "hash": "1d5fb0a211498b8baf37e5744578ad03459da7798534298981f23fdefb7eb757" }, "evaluated_keys": [ "value" ] }, "code_block": [ [ 5, "RUN corepack enable && corepack prepare npm@10.5.0 --activate\n" ] ], "file_path": "/Dockerfile.test", "file_abs_path": "/scan/Dockerfile.test", "repo_file_path": "/Dockerfile.test", "file_line_range": [ 5, 5 ], "resource": "/Dockerfile.test.RUN", "evaluations": null, "check_class": "checkov.common.graph.checks_infra.base_check", "fixed_definition": null, "entity_tags": null, "caller_file_path": null, "caller_file_line_range": null, "resource_address": null, "severity": null, "bc_category": null, "benchmarks": null, "description": null, "short_description": null, "vulnerability_details": null, "connected_node": null, "guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-curl-secure", "details": [], "check_len": null, "definition_context_file_path": null }, { "check_id": "CKV2_DOCKER_2", "bc_check_id": null, "check_name": "Ensure that certificate validation isn't disabled with curl", "check_result": { "result": "PASSED", "entity": { "block_name_": "RUN", "block_type_": "resource", "file_path_": "/Dockerfile.test", "config_": { "content": "RUN npm install\n", "value": "npm install", "__startline__": 10, "__endline__": 10 }, "label_": "resource: RUN", "id_": "RUN", "source_": "Dockerfile", "content": "RUN npm install\n", "value": "npm install", "__startline__": 10, "__endline__": 10, "resource_type": "RUN", "hash": "fb809e4860a3131df821aea9480445cc6e2f66dd52744dab5f3d2ef5b2848436" }, "evaluated_keys": [ "value" ] }, "code_block": [ [ 11, "RUN npm install\n" ] ], "file_path": "/Dockerfile.test", "file_abs_path": "/scan/Dockerfile.test", "repo_file_path": "/Dockerfile.test", "file_line_range": [ 11, 11 ], "resource": "/Dockerfile.test.RUN", "evaluations": null, "check_class": "checkov.common.graph.checks_infra.base_check", "fixed_definition": null, "entity_tags": null, "caller_file_path": null, "caller_file_line_range": null, "resource_address": null, "severity": null, "bc_category": null, "benchmarks": null, "description": null, "short_description": null, "vulnerability_details": null, "connected_node": null, "guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-curl-secure", "details": [], "check_len": null, "definition_context_file_path": null }, { "check_id": "CKV2_DOCKER_2", "bc_check_id": null, "check_name": "Ensure that certificate validation isn't disabled with curl", "check_result": { "result": "PASSED", "entity": { "block_name_": "RUN", "block_type_": "resource", "file_path_": "/Dockerfile.dev", "config_": { "content": "RUN npm install -g npm@10.5.0 --no-fund --no-audit\n", "value": "npm install -g npm@10.5.0 --no-fund --no-audit", "__startline__": 4, "__endline__": 4 }, "label_": "resource: RUN", "id_": "RUN", "source_": "Dockerfile", "content": "RUN npm install -g npm@10.5.0 --no-fund --no-audit\n", "value": "npm install -g npm@10.5.0 --no-fund --no-audit", "__startline__": 4, "__endline__": 4, "resource_type": "RUN", "hash": "435bba968d1d0b4c410ea33851637829a16b2ad878f0b9531a737c7a444f91b9" }, "evaluated_keys": [ "value" ] }, "code_block": [ [ 5, "RUN npm install -g npm@10.5.0 --no-fund --no-audit\n" ] ], "file_path": "/Dockerfile.dev", "file_abs_path": "/scan/Dockerfile.dev", "repo_file_path": "/Dockerfile.dev", "file_line_range": [ 5, 5 ], "resource": "/Dockerfile.dev.RUN", "evaluations": null, "check_class": "checkov.common.graph.checks_infra.base_check", "fixed_definition": null, "entity_tags": null, "caller_file_path": null, "caller_file_line_range": null, "resource_address": null, "severity": null, "bc_category": null, "benchmarks": null, "description": null, "short_description": null, "vulnerability_details": null, "connected_node": null, "guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-curl-secure", "details": [], "check_len": null, "definition_context_file_path": null }, { "check_id": "CKV2_DOCKER_2", "bc_check_id": null, "check_name": "Ensure that certificate validation isn't disabled with curl", "check_result": { "result": "PASSED", "entity": { "block_name_": "RUN", "block_type_": "resource", "file_path_": "/Dockerfile.dev", "config_": { "content": "RUN npm ci --no-fund --no-audit\n", "value": "npm ci --no-fund --no-audit", "__startline__": 10, "__endline__": 10 }, "label_": "resource: RUN", "id_": "RUN", "source_": "Dockerfile", "content": "RUN npm ci --no-fund --no-audit\n", "value": "npm ci --no-fund --no-audit", "__startline__": 10, "__endline__": 10, "resource_type": "RUN", "hash": "57abb1bbe03890ab19f47e5f96b9cbcee02aab65f6980d523df42faf41b709fa" }, "evaluated_keys": [ "value" ] }, "code_block": [ [ 11, "RUN npm ci --no-fund --no-audit\n" ] ], "file_path": "/Dockerfile.dev", "file_abs_path": "/scan/Dockerfile.dev", "repo_file_path": "/Dockerfile.dev", "file_line_range": [ 11, 11 ], "resource": "/Dockerfile.dev.RUN", "evaluations": null, "check_class": "checkov.common.graph.checks_infra.base_check", "fixed_definition": null, "entity_tags": null, "caller_file_path": null, "caller_file_line_range": null, "resource_address": null, "severity": null, "bc_category": null, "benchmarks": null, "description": null, "short_description": null, "vulnerability_details": null, "connected_node": null, "guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-curl-secure", "details": [], "check_len": null, "definition_context_file_path": null }, { "check_id": "CKV2_DOCKER_9", "bc_check_id": null, "check_name": "Ensure that packages with untrusted or missing GPG signatures are not used by dnf, tdnf, or yum via the '--nogpgcheck' option", "check_result": { "result": "PASSED", "entity": { "block_name_": "RUN", "block_type_": "resource", "file_path_": "/Dockerfile.production", "config_": { "content": "RUN corepack enable && corepack prepare npm@10.5.0 --activate\n", "value": "corepack enable && corepack prepare npm@10.5.0 --activate", "__startline__": 4, "__endline__": 4 }, "label_": "resource: RUN", "id_": "RUN", "source_": "Dockerfile", "content": "RUN corepack enable && corepack prepare npm@10.5.0 --activate\n", "value": "corepack enable && corepack prepare npm@10.5.0 --activate", "__startline__": 4, "__endline__": 4, "resource_type": "RUN", "hash": "dbd32b6bad6b728919787011f82d60c50d7b2d1c079f814de2b1640696c98816" }, "evaluated_keys": [ "value" ] }, "code_block": [ [ 5, "RUN corepack enable && corepack prepare npm@10.5.0 --activate\n" ] ], "file_path": "/Dockerfile.production", "file_abs_path": "/scan/Dockerfile.production", "repo_file_path": "/Dockerfile.production", "file_line_range": [ 5, 5 ], "resource": "/Dockerfile.production.RUN", "evaluations": null, "check_class": "checkov.common.graph.checks_infra.base_check", "fixed_definition": null, "entity_tags": null, "caller_file_path": null, "caller_file_line_range": null, "resource_address": null, "severity": null, "bc_category": null, "benchmarks": null, "description": null, "short_description": null, "vulnerability_details": null, "connected_node": null, "guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-yum-signed", "details": [], "check_len": null, "definition_context_file_path": null }, { "check_id": "CKV2_DOCKER_9", "bc_check_id": null, "check_name": "Ensure that packages with untrusted or missing GPG signatures are not used by dnf, tdnf, or yum via the '--nogpgcheck' option", "check_result": { "result": "PASSED", "entity": { "block_name_": "RUN", "block_type_": "resource", "file_path_": "/Dockerfile.production", "config_": { "content": "RUN npm install\n", "value": "npm install", "__startline__": 20, "__endline__": 20 }, "label_": "resource: RUN", "id_": "RUN", "source_": "Dockerfile", "content": "RUN npm install\n", "value": "npm install", "__startline__": 20, "__endline__": 20, "resource_type": "RUN", "hash": "6979b14e6a853ac150ffef85c5e28fd49c956054ea2cb1d01440e13b17260c4a" }, "evaluated_keys": [ "value" ] }, "code_block": [ [ 21, "RUN npm install\n" ] ], "file_path": "/Dockerfile.production", "file_abs_path": "/scan/Dockerfile.production", "repo_file_path": "/Dockerfile.production", "file_line_range": [ 21, 21 ], "resource": "/Dockerfile.production.RUN", "evaluations": null, "check_class": "checkov.common.graph.checks_infra.base_check", "fixed_definition": null, "entity_tags": null, "caller_file_path": null, "caller_file_line_range": null, "resource_address": null, "severity": null, "bc_category": null, "benchmarks": null, "description": null, "short_description": null, "vulnerability_details": null, "connected_node": null, "guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-yum-signed", "details": [], "check_len": null, "definition_context_file_path": null }, { "check_id": "CKV2_DOCKER_9", "bc_check_id": null, "check_name": "Ensure that packages with untrusted or missing GPG signatures are not used by dnf, tdnf, or yum via the '--nogpgcheck' option", "check_result": { "result": "PASSED", "entity": { "block_name_": "RUN", "block_type_": "resource", "file_path_": "/Dockerfile.production", "config_": { "content": "RUN npm run db:generate\n", "value": "npm run db:generate", "__startline__": 21, "__endline__": 21 }, "label_": "resource: RUN", "id_": "RUN", "source_": "Dockerfile", "content": "RUN npm run db:generate\n", "value": "npm run db:generate", "__startline__": 21, "__endline__": 21, "resource_type": "RUN", "hash": "c1f9cc0c42260bb0183d7e7b9ec2edab99837111ad42dbbdd7fad09ff3e37ab0" }, "evaluated_keys": [ "value" ] }, "code_block": [ [ 22, "RUN npm run db:generate\n" ] ], "file_path": "/Dockerfile.production", "file_abs_path": "/scan/Dockerfile.production", "repo_file_path": "/Dockerfile.production", "file_line_range": [ 22, 22 ], "resource": "/Dockerfile.production.RUN", "evaluations": null, "check_class": "checkov.common.graph.checks_infra.base_check", "fixed_definition": null, "entity_tags": null, "caller_file_path": null, "caller_file_line_range": null, "resource_address": null, "severity": null, "bc_category": null, "benchmarks": null, "description": null, "short_description": null, "vulnerability_details": null, "connected_node": null, "guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-yum-signed", "details": [], "check_len": null, "definition_context_file_path": null }, { "check_id": "CKV2_DOCKER_9", "bc_check_id": null, "check_name": "Ensure that packages with untrusted or missing GPG signatures are not used by dnf, tdnf, or yum via the '--nogpgcheck' option", "check_result": { "result": "PASSED", "entity": { "block_name_": "RUN", "block_type_": "resource", "file_path_": "/Dockerfile.production", "config_": { "content": "RUN npm run build\n", "value": "npm run build", "__startline__": 22, "__endline__": 22 }, "label_": "resource: RUN", "id_": "RUN", "source_": "Dockerfile", "content": "RUN npm run build\n", "value": "npm run build", "__startline__": 22, "__endline__": 22, "resource_type": "RUN", "hash": "1bf185fb6038f1b491f2a2686de4dd9869ccdd9c3e34d2772cf43bd368377aa6" }, "evaluated_keys": [ "value" ] }, "code_block": [ [ 23, "RUN npm run build\n" ] ], "file_path": "/Dockerfile.production", "file_abs_path": "/scan/Dockerfile.production", "repo_file_path": "/Dockerfile.production", "file_line_range": [ 23, 23 ], "resource": "/Dockerfile.production.RUN", "evaluations": null, "check_class": "checkov.common.graph.checks_infra.base_check", "fixed_definition": null, "entity_tags": null, "caller_file_path": null, "caller_file_line_range": null, "resource_address": null, "severity": null, "bc_category": null, "benchmarks": null, "description": null, "short_description": null, "vulnerability_details": null, "connected_node": null, "guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-yum-signed", "details": [], "check_len": null, "definition_context_file_path": null }, { "check_id": "CKV2_DOCKER_9", "bc_check_id": null, "check_name": "Ensure that packages with untrusted or missing GPG signatures are not used by dnf, tdnf, or yum via the '--nogpgcheck' option", "check_result": { "result": "PASSED", "entity": { "block_name_": "RUN", "block_type_": "resource", "file_path_": "/Dockerfile.production", "config_": { "content": "RUN corepack enable && corepack prepare npm@10.5.0 --activate\n", "value": "corepack enable && corepack prepare npm@10.5.0 --activate", "__startline__": 30, "__endline__": 30 }, "label_": "resource: RUN", "id_": "RUN", "source_": "Dockerfile", "content": "RUN corepack enable && corepack prepare npm@10.5.0 --activate\n", "value": "corepack enable && corepack prepare npm@10.5.0 --activate", "__startline__": 30, "__endline__": 30, "resource_type": "RUN", "hash": "01c88e306f7db45ae7136e3bdb63c4b15978dd024f6ed18210961fc3db3df382" }, "evaluated_keys": [ "value" ] }, "code_block": [ [ 31, "RUN corepack enable && corepack prepare npm@10.5.0 --activate\n" ] ], "file_path": "/Dockerfile.production", "file_abs_path": "/scan/Dockerfile.production", "repo_file_path": "/Dockerfile.production", "file_line_range": [ 31, 31 ], "resource": "/Dockerfile.production.RUN", "evaluations": null, "check_class": "checkov.common.graph.checks_infra.base_check", "fixed_definition": null, "entity_tags": null, "caller_file_path": null, "caller_file_line_range": null, "resource_address": null, "severity": null, "bc_category": null, "benchmarks": null, "description": null, "short_description": null, "vulnerability_details": null, "connected_node": null, "guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-yum-signed", "details": [], "check_len": null, "definition_context_file_path": null }, { "check_id": "CKV2_DOCKER_9", "bc_check_id": null, "check_name": "Ensure that packages with untrusted or missing GPG signatures are not used by dnf, tdnf, or yum via the '--nogpgcheck' option", "check_result": { "result": "PASSED", "entity": { "block_name_": "RUN", "block_type_": "resource", "file_path_": "/Dockerfile.test", "config_": { "content": "RUN corepack enable && corepack prepare npm@10.5.0 --activate\n", "value": "corepack enable && corepack prepare npm@10.5.0 --activate", "__startline__": 4, "__endline__": 4 }, "label_": "resource: RUN", "id_": "RUN", "source_": "Dockerfile", "content": "RUN corepack enable && corepack prepare npm@10.5.0 --activate\n", "value": "corepack enable && corepack prepare npm@10.5.0 --activate", "__startline__": 4, "__endline__": 4, "resource_type": "RUN", "hash": "1d5fb0a211498b8baf37e5744578ad03459da7798534298981f23fdefb7eb757" }, "evaluated_keys": [ "value" ] }, "code_block": [ [ 5, "RUN corepack enable && corepack prepare npm@10.5.0 --activate\n" ] ], "file_path": "/Dockerfile.test", "file_abs_path": "/scan/Dockerfile.test", "repo_file_path": "/Dockerfile.test", "file_line_range": [ 5, 5 ], "resource": "/Dockerfile.test.RUN", "evaluations": null, "check_class": "checkov.common.graph.checks_infra.base_check", "fixed_definition": null, "entity_tags": null, "caller_file_path": null, "caller_file_line_range": null, "resource_address": null, "severity": null, "bc_category": null, "benchmarks": null, "description": null, "short_description": null, "vulnerability_details": null, "connected_node": null, "guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-yum-signed", "details": [], "check_len": null, "definition_context_file_path": null }, { "check_id": "CKV2_DOCKER_9", "bc_check_id": null, "check_name": "Ensure that packages with untrusted or missing GPG signatures are not used by dnf, tdnf, or yum via the '--nogpgcheck' option", "check_result": { "result": "PASSED", "entity": { "block_name_": "RUN", "block_type_": "resource", "file_path_": "/Dockerfile.test", "config_": { "content": "RUN npm install\n", "value": "npm install", "__startline__": 10, "__endline__": 10 }, "label_": "resource: RUN", "id_": "RUN", "source_": "Dockerfile", "content": "RUN npm install\n", "value": "npm install", "__startline__": 10, "__endline__": 10, "resource_type": "RUN", "hash": "fb809e4860a3131df821aea9480445cc6e2f66dd52744dab5f3d2ef5b2848436" }, "evaluated_keys": [ "value" ] }, "code_block": [ [ 11, "RUN npm install\n" ] ], "file_path": "/Dockerfile.test", "file_abs_path": "/scan/Dockerfile.test", "repo_file_path": "/Dockerfile.test", "file_line_range": [ 11, 11 ], "resource": "/Dockerfile.test.RUN", "evaluations": null, "check_class": "checkov.common.graph.checks_infra.base_check", "fixed_definition": null, "entity_tags": null, "caller_file_path": null, "caller_file_line_range": null, "resource_address": null, "severity": null, "bc_category": null, "benchmarks": null, "description": null, "short_description": null, "vulnerability_details": null, "connected_node": null, "guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-yum-signed", "details": [], "check_len": null, "definition_context_file_path": null }, { "check_id": "CKV2_DOCKER_9", "bc_check_id": null, "check_name": "Ensure that packages with untrusted or missing GPG signatures are not used by dnf, tdnf, or yum via the '--nogpgcheck' option", "check_result": { "result": "PASSED", "entity": { "block_name_": "RUN", "block_type_": "resource", "file_path_": "/Dockerfile.dev", "config_": { "content": "RUN npm install -g npm@10.5.0 --no-fund --no-audit\n", "value": "npm install -g npm@10.5.0 --no-fund --no-audit", "__startline__": 4, "__endline__": 4 }, "label_": "resource: RUN", "id_": "RUN", "source_": "Dockerfile", "content": "RUN npm install -g npm@10.5.0 --no-fund --no-audit\n", "value": "npm install -g npm@10.5.0 --no-fund --no-audit", "__startline__": 4, "__endline__": 4, "resource_type": "RUN", "hash": "435bba968d1d0b4c410ea33851637829a16b2ad878f0b9531a737c7a444f91b9" }, "evaluated_keys": [ "value" ] }, "code_block": [ [ 5, "RUN npm install -g npm@10.5.0 --no-fund --no-audit\n" ] ], "file_path": "/Dockerfile.dev", "file_abs_path": "/scan/Dockerfile.dev", "repo_file_path": "/Dockerfile.dev", "file_line_range": [ 5, 5 ], "resource": "/Dockerfile.dev.RUN", "evaluations": null, "check_class": "checkov.common.graph.checks_infra.base_check", "fixed_definition": null, "entity_tags": null, "caller_file_path": null, "caller_file_line_range": null, "resource_address": null, "severity": null, "bc_category": null, "benchmarks": null, "description": null, "short_description": null, "vulnerability_details": null, "connected_node": null, "guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-yum-signed", "details": [], "check_len": null, "definition_context_file_path": null }, { "check_id": "CKV2_DOCKER_9", "bc_check_id": null, "check_name": "Ensure that packages with untrusted or missing GPG signatures are not used by dnf, tdnf, or yum via the '--nogpgcheck' option", "check_result": { "result": "PASSED", "entity": { "block_name_": "RUN", "block_type_": "resource", "file_path_": "/Dockerfile.dev", "config_": { "content": "RUN npm ci --no-fund --no-audit\n", "value": "npm ci --no-fund --no-audit", "__startline__": 10, "__endline__": 10 }, "label_": "resource: RUN", "id_": "RUN", "source_": "Dockerfile", "content": "RUN npm ci --no-fund --no-audit\n", "value": "npm ci --no-fund --no-audit", "__startline__": 10, "__endline__": 10, "resource_type": "RUN", "hash": "57abb1bbe03890ab19f47e5f96b9cbcee02aab65f6980d523df42faf41b709fa" }, "evaluated_keys": [ "value" ] }, "code_block": [ [ 11, "RUN npm ci --no-fund --no-audit\n" ] ], "file_path": "/Dockerfile.dev", "file_abs_path": "/scan/Dockerfile.dev", "repo_file_path": "/Dockerfile.dev", "file_line_range": [ 11, 11 ], "resource": "/Dockerfile.dev.RUN", "evaluations": null, "check_class": "checkov.common.graph.checks_infra.base_check", "fixed_definition": null, "entity_tags": null, "caller_file_path": null, "caller_file_line_range": null, "resource_address": null, "severity": null, "bc_category": null, "benchmarks": null, "description": null, "short_description": null, "vulnerability_details": null, "connected_node": null, "guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-yum-signed", "details": [], "check_len": null, "definition_context_file_path": null } ], "failed_checks": [ { "check_id": "CKV_DOCKER_2", "bc_check_id": "BC_DKR_2", "check_name": "Ensure that HEALTHCHECK instructions have been added to container images", "check_result": { "result": "FAILED", "results_configuration": null }, "code_block": [ [ 1, "FROM node:20-bookworm AS builder\n" ], [ 2, "\n" ], [ 3, "WORKDIR /app\n" ], [ 4, "\n" ], [ 5, "RUN corepack enable && corepack prepare npm@10.5.0 --activate\n" ], [ 6, "\n" ], [ 7, "COPY package.json package-lock.json turbo.json tsconfig.base.json ./\n" ], [ 8, "COPY apps ./apps\n" ], [ 9, "COPY packages ./packages\n" ], [ 10, "\n" ], [ 11, "# NEXT_PUBLIC_* vars must be present at build time \u2014 they are inlined into JS bundles\n" ], [ 12, "ARG NEXT_PUBLIC_API_URL\n" ], [ 13, "ARG NEXT_PUBLIC_MARKETPLACE_URL\n" ], [ 14, "ARG NEXT_PUBLIC_DASHBOARD_URL\n" ], [ 15, "ARG NEXT_PUBLIC_ADMIN_URL\n" ], [ 16, "ENV NEXT_PUBLIC_API_URL=$NEXT_PUBLIC_API_URL \\\n" ], [ 17, " NEXT_PUBLIC_MARKETPLACE_URL=$NEXT_PUBLIC_MARKETPLACE_URL \\\n" ], [ 18, " NEXT_PUBLIC_DASHBOARD_URL=$NEXT_PUBLIC_DASHBOARD_URL \\\n" ], [ 19, " NEXT_PUBLIC_ADMIN_URL=$NEXT_PUBLIC_ADMIN_URL\n" ], [ 20, "\n" ], [ 21, "RUN npm install\n" ], [ 22, "RUN npm run db:generate\n" ], [ 23, "RUN npm run build\n" ], [ 24, "\n" ], [ 25, "FROM node:20-bookworm AS runner\n" ], [ 26, "\n" ], [ 27, "WORKDIR /app\n" ], [ 28, "\n" ], [ 29, "ENV NODE_ENV=production\n" ], [ 30, "\n" ], [ 31, "RUN corepack enable && corepack prepare npm@10.5.0 --activate\n" ], [ 32, "\n" ], [ 33, "COPY --from=builder /app/package.json /app/package-lock.json /app/turbo.json /app/tsconfig.base.json ./\n" ], [ 34, "COPY --from=builder /app/node_modules ./node_modules\n" ], [ 35, "COPY --from=builder /app/apps ./apps\n" ], [ 36, "COPY --from=builder /app/packages ./packages\n" ], [ 37, "\n" ], [ 38, "EXPOSE 3000 3001 3002 4000\n" ], [ 39, "\n" ], [ 40, "CMD [\"npm\", \"run\", \"start\", \"--workspace\", \"@rentaldrivego/api\"]" ] ], "file_path": "/Dockerfile.production", "file_abs_path": "/scan/Dockerfile.production", "repo_file_path": "/Dockerfile.production", "file_line_range": [ 1, 40 ], "resource": "/Dockerfile.production.", "evaluations": null, "check_class": "checkov.dockerfile.checks.HealthcheckExists", "fixed_definition": null, "entity_tags": null, "caller_file_path": null, "caller_file_line_range": null, "resource_address": null, "severity": null, "bc_category": null, "benchmarks": null, "description": null, "short_description": null, "vulnerability_details": null, "connected_node": null, "guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-that-healthcheck-instructions-have-been-added-to-container-images", "details": [], "check_len": null, "definition_context_file_path": null }, { "check_id": "CKV_DOCKER_3", "bc_check_id": "BC_DKR_3", "check_name": "Ensure that a user for the container has been created", "check_result": { "result": "FAILED", "results_configuration": null }, "code_block": [ [ 1, "FROM node:20-bookworm AS builder\n" ], [ 2, "\n" ], [ 3, "WORKDIR /app\n" ], [ 4, "\n" ], [ 5, "RUN corepack enable && corepack prepare npm@10.5.0 --activate\n" ], [ 6, "\n" ], [ 7, "COPY package.json package-lock.json turbo.json tsconfig.base.json ./\n" ], [ 8, "COPY apps ./apps\n" ], [ 9, "COPY packages ./packages\n" ], [ 10, "\n" ], [ 11, "# NEXT_PUBLIC_* vars must be present at build time \u2014 they are inlined into JS bundles\n" ], [ 12, "ARG NEXT_PUBLIC_API_URL\n" ], [ 13, "ARG NEXT_PUBLIC_MARKETPLACE_URL\n" ], [ 14, "ARG NEXT_PUBLIC_DASHBOARD_URL\n" ], [ 15, "ARG NEXT_PUBLIC_ADMIN_URL\n" ], [ 16, "ENV NEXT_PUBLIC_API_URL=$NEXT_PUBLIC_API_URL \\\n" ], [ 17, " NEXT_PUBLIC_MARKETPLACE_URL=$NEXT_PUBLIC_MARKETPLACE_URL \\\n" ], [ 18, " NEXT_PUBLIC_DASHBOARD_URL=$NEXT_PUBLIC_DASHBOARD_URL \\\n" ], [ 19, " NEXT_PUBLIC_ADMIN_URL=$NEXT_PUBLIC_ADMIN_URL\n" ], [ 20, "\n" ], [ 21, "RUN npm install\n" ], [ 22, "RUN npm run db:generate\n" ], [ 23, "RUN npm run build\n" ], [ 24, "\n" ], [ 25, "FROM node:20-bookworm AS runner\n" ], [ 26, "\n" ], [ 27, "WORKDIR /app\n" ], [ 28, "\n" ], [ 29, "ENV NODE_ENV=production\n" ], [ 30, "\n" ], [ 31, "RUN corepack enable && corepack prepare npm@10.5.0 --activate\n" ], [ 32, "\n" ], [ 33, "COPY --from=builder /app/package.json /app/package-lock.json /app/turbo.json /app/tsconfig.base.json ./\n" ], [ 34, "COPY --from=builder /app/node_modules ./node_modules\n" ], [ 35, "COPY --from=builder /app/apps ./apps\n" ], [ 36, "COPY --from=builder /app/packages ./packages\n" ], [ 37, "\n" ], [ 38, "EXPOSE 3000 3001 3002 4000\n" ], [ 39, "\n" ], [ 40, "CMD [\"npm\", \"run\", \"start\", \"--workspace\", \"@rentaldrivego/api\"]" ] ], "file_path": "/Dockerfile.production", "file_abs_path": "/scan/Dockerfile.production", "repo_file_path": "/Dockerfile.production", "file_line_range": [ 1, 40 ], "resource": "/Dockerfile.production.", "evaluations": null, "check_class": "checkov.dockerfile.checks.UserExists", "fixed_definition": null, "entity_tags": null, "caller_file_path": null, "caller_file_line_range": null, "resource_address": null, "severity": null, "bc_category": null, "benchmarks": null, "description": null, "short_description": null, "vulnerability_details": null, "connected_node": null, "guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-that-a-user-for-the-container-has-been-created", "details": [], "check_len": null, "definition_context_file_path": null }, { "check_id": "CKV_DOCKER_2", "bc_check_id": "BC_DKR_2", "check_name": "Ensure that HEALTHCHECK instructions have been added to container images", "check_result": { "result": "FAILED", "results_configuration": null }, "code_block": [ [ 1, "FROM node:20-bookworm\n" ], [ 2, "\n" ], [ 3, "WORKDIR /app\n" ], [ 4, "\n" ], [ 5, "RUN corepack enable && corepack prepare npm@10.5.0 --activate\n" ], [ 6, "\n" ], [ 7, "COPY package.json package-lock.json turbo.json tsconfig.base.json ./\n" ], [ 8, "COPY apps ./apps\n" ], [ 9, "COPY packages ./packages\n" ], [ 10, "\n" ], [ 11, "RUN npm install\n" ], [ 12, "\n" ], [ 13, "ENV NODE_ENV=test\n" ], [ 14, "\n" ], [ 15, "CMD [\"sh\", \"-c\", \"npm run db:deploy && npm run db:generate && npm run type-check && npm run build && npm run test:api:integration\"]" ] ], "file_path": "/Dockerfile.test", "file_abs_path": "/scan/Dockerfile.test", "repo_file_path": "/Dockerfile.test", "file_line_range": [ 1, 15 ], "resource": "/Dockerfile.test.", "evaluations": null, "check_class": "checkov.dockerfile.checks.HealthcheckExists", "fixed_definition": null, "entity_tags": null, "caller_file_path": null, "caller_file_line_range": null, "resource_address": null, "severity": null, "bc_category": null, "benchmarks": null, "description": null, "short_description": null, "vulnerability_details": null, "connected_node": null, "guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-that-healthcheck-instructions-have-been-added-to-container-images", "details": [], "check_len": null, "definition_context_file_path": null }, { "check_id": "CKV_DOCKER_3", "bc_check_id": "BC_DKR_3", "check_name": "Ensure that a user for the container has been created", "check_result": { "result": "FAILED", "results_configuration": null }, "code_block": [ [ 1, "FROM node:20-bookworm\n" ], [ 2, "\n" ], [ 3, "WORKDIR /app\n" ], [ 4, "\n" ], [ 5, "RUN corepack enable && corepack prepare npm@10.5.0 --activate\n" ], [ 6, "\n" ], [ 7, "COPY package.json package-lock.json turbo.json tsconfig.base.json ./\n" ], [ 8, "COPY apps ./apps\n" ], [ 9, "COPY packages ./packages\n" ], [ 10, "\n" ], [ 11, "RUN npm install\n" ], [ 12, "\n" ], [ 13, "ENV NODE_ENV=test\n" ], [ 14, "\n" ], [ 15, "CMD [\"sh\", \"-c\", \"npm run db:deploy && npm run db:generate && npm run type-check && npm run build && npm run test:api:integration\"]" ] ], "file_path": "/Dockerfile.test", "file_abs_path": "/scan/Dockerfile.test", "repo_file_path": "/Dockerfile.test", "file_line_range": [ 1, 15 ], "resource": "/Dockerfile.test.", "evaluations": null, "check_class": "checkov.dockerfile.checks.UserExists", "fixed_definition": null, "entity_tags": null, "caller_file_path": null, "caller_file_line_range": null, "resource_address": null, "severity": null, "bc_category": null, "benchmarks": null, "description": null, "short_description": null, "vulnerability_details": null, "connected_node": null, "guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-that-a-user-for-the-container-has-been-created", "details": [], "check_len": null, "definition_context_file_path": null }, { "check_id": "CKV_DOCKER_2", "bc_check_id": "BC_DKR_2", "check_name": "Ensure that HEALTHCHECK instructions have been added to container images", "check_result": { "result": "FAILED", "results_configuration": null }, "code_block": [ [ 1, "FROM node:20-bookworm\n" ], [ 2, "\n" ], [ 3, "WORKDIR /app\n" ], [ 4, "\n" ], [ 5, "RUN npm install -g npm@10.5.0 --no-fund --no-audit\n" ], [ 6, "\n" ], [ 7, "COPY package.json package-lock.json turbo.json tsconfig.base.json ./\n" ], [ 8, "COPY apps ./apps\n" ], [ 9, "COPY packages ./packages\n" ], [ 10, "\n" ], [ 11, "RUN npm ci --no-fund --no-audit\n" ], [ 12, "\n" ], [ 13, "EXPOSE 3000 3001 3002 3003 4000\n" ], [ 14, "\n" ], [ 15, "CMD [\"sh\", \"-c\", \"npm run db:generate && npm run dev\"]" ] ], "file_path": "/Dockerfile.dev", "file_abs_path": "/scan/Dockerfile.dev", "repo_file_path": "/Dockerfile.dev", "file_line_range": [ 1, 15 ], "resource": "/Dockerfile.dev.", "evaluations": null, "check_class": "checkov.dockerfile.checks.HealthcheckExists", "fixed_definition": null, "entity_tags": null, "caller_file_path": null, "caller_file_line_range": null, "resource_address": null, "severity": null, "bc_category": null, "benchmarks": null, "description": null, "short_description": null, "vulnerability_details": null, "connected_node": null, "guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-that-healthcheck-instructions-have-been-added-to-container-images", "details": [], "check_len": null, "definition_context_file_path": null }, { "check_id": "CKV_DOCKER_3", "bc_check_id": "BC_DKR_3", "check_name": "Ensure that a user for the container has been created", "check_result": { "result": "FAILED", "results_configuration": null }, "code_block": [ [ 1, "FROM node:20-bookworm\n" ], [ 2, "\n" ], [ 3, "WORKDIR /app\n" ], [ 4, "\n" ], [ 5, "RUN npm install -g npm@10.5.0 --no-fund --no-audit\n" ], [ 6, "\n" ], [ 7, "COPY package.json package-lock.json turbo.json tsconfig.base.json ./\n" ], [ 8, "COPY apps ./apps\n" ], [ 9, "COPY packages ./packages\n" ], [ 10, "\n" ], [ 11, "RUN npm ci --no-fund --no-audit\n" ], [ 12, "\n" ], [ 13, "EXPOSE 3000 3001 3002 3003 4000\n" ], [ 14, "\n" ], [ 15, "CMD [\"sh\", \"-c\", \"npm run db:generate && npm run dev\"]" ] ], "file_path": "/Dockerfile.dev", "file_abs_path": "/scan/Dockerfile.dev", "repo_file_path": "/Dockerfile.dev", "file_line_range": [ 1, 15 ], "resource": "/Dockerfile.dev.", "evaluations": null, "check_class": "checkov.dockerfile.checks.UserExists", "fixed_definition": null, "entity_tags": null, "caller_file_path": null, "caller_file_line_range": null, "resource_address": null, "severity": null, "bc_category": null, "benchmarks": null, "description": null, "short_description": null, "vulnerability_details": null, "connected_node": null, "guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-that-a-user-for-the-container-has-been-created", "details": [], "check_len": null, "definition_context_file_path": null } ], "skipped_checks": [], "parsing_errors": [] }, "summary": { "passed": 205, "failed": 6, "skipped": 0, "parsing_errors": 0, "resource_count": 3, "checkov_version": "3.2.501" }, "url": "Add an api key '--bc-api-key ' to see more detailed insights via https://bridgecrew.cloud" }, { "check_type": "gitlab_ci", "results": { "passed_checks": [ { "check_id": "CKV_GITLABCI_1", "bc_check_id": null, "check_name": "Suspicious use of curl with CI environment variables in script", "check_result": { "result": "PASSED", "results_configuration": { "0": "ssh $VPS_USER@$VPS_IP \"docker login -u $CI_REGISTRY_USER -p $CI_REGISTRY_PASSWORD $CI_REGISTRY\"", "__startline__": 25, "__endline__": 25 } }, "code_block": [ [ 25, " - ssh $VPS_USER@$VPS_IP \"docker login -u $CI_REGISTRY_USER -p $CI_REGISTRY_PASSWORD $CI_REGISTRY\"\n" ], [ 26, " - ssh $VPS_USER@$VPS_IP \"docker pull $DOCKER_IMAGE\"\n" ] ], "file_path": "/.gitlab-ci.yml", "file_abs_path": "/scan/.gitlab-ci.yml", "repo_file_path": "/.gitlab-ci.yml", "file_line_range": [ 25, 26 ], "resource": "deploy", "evaluations": null, "check_class": "checkov.gitlab_ci.checks.job.SuspectCurlInScript", "fixed_definition": null, "entity_tags": null, "caller_file_path": null, "caller_file_line_range": null, "resource_address": null, "severity": null, "bc_category": null, "benchmarks": null, "description": null, "short_description": null, "vulnerability_details": null, "connected_node": null, "guideline": null, "details": [], "check_len": null, "definition_context_file_path": null }, { "check_id": "CKV_GITLABCI_1", "bc_check_id": null, "check_name": "Suspicious use of curl with CI environment variables in script", "check_result": { "result": "PASSED", "results_configuration": { "0": "docker build -t $DOCKER_IMAGE .", "__startline__": 15, "__endline__": 15 } }, "code_block": [ [ 15, " - docker build -t $DOCKER_IMAGE .\n" ], [ 16, " - docker push $DOCKER_IMAGE\n" ] ], "file_path": "/.gitlab-ci.yml", "file_abs_path": "/scan/.gitlab-ci.yml", "repo_file_path": "/.gitlab-ci.yml", "file_line_range": [ 15, 16 ], "resource": "build", "evaluations": null, "check_class": "checkov.gitlab_ci.checks.job.SuspectCurlInScript", "fixed_definition": null, "entity_tags": null, "caller_file_path": null, "caller_file_line_range": null, "resource_address": null, "severity": null, "bc_category": null, "benchmarks": null, "description": null, "short_description": null, "vulnerability_details": null, "connected_node": null, "guideline": null, "details": [], "check_len": null, "definition_context_file_path": null }, { "check_id": "CKV_GITLABCI_1", "bc_check_id": null, "check_name": "Suspicious use of curl with CI environment variables in script", "check_result": { "result": "PASSED", "results_configuration": { "0": "docker push $DOCKER_IMAGE", "__startline__": 16, "__endline__": 16 } }, "code_block": [ [ 16, " - docker push $DOCKER_IMAGE\n" ], [ 17, " only:\n" ] ], "file_path": "/.gitlab-ci.yml", "file_abs_path": "/scan/.gitlab-ci.yml", "repo_file_path": "/.gitlab-ci.yml", "file_line_range": [ 16, 17 ], "resource": "build", "evaluations": null, "check_class": "checkov.gitlab_ci.checks.job.SuspectCurlInScript", "fixed_definition": null, "entity_tags": null, "caller_file_path": null, "caller_file_line_range": null, "resource_address": null, "severity": null, "bc_category": null, "benchmarks": null, "description": null, "short_description": null, "vulnerability_details": null, "connected_node": null, "guideline": null, "details": [], "check_len": null, "definition_context_file_path": null }, { "check_id": "CKV_GITLABCI_1", "bc_check_id": null, "check_name": "Suspicious use of curl with CI environment variables in script", "check_result": { "result": "PASSED", "results_configuration": { "0": "ssh $VPS_USER@$VPS_IP \"docker pull $DOCKER_IMAGE\"", "__startline__": 26, "__endline__": 26 } }, "code_block": [ [ 26, " - ssh $VPS_USER@$VPS_IP \"docker pull $DOCKER_IMAGE\"\n" ], [ 27, " - ssh $VPS_USER@$VPS_IP \"docker stop myapp || true\"\n" ] ], "file_path": "/.gitlab-ci.yml", "file_abs_path": "/scan/.gitlab-ci.yml", "repo_file_path": "/.gitlab-ci.yml", "file_line_range": [ 26, 27 ], "resource": "deploy", "evaluations": null, "check_class": "checkov.gitlab_ci.checks.job.SuspectCurlInScript", "fixed_definition": null, "entity_tags": null, "caller_file_path": null, "caller_file_line_range": null, "resource_address": null, "severity": null, "bc_category": null, "benchmarks": null, "description": null, "short_description": null, "vulnerability_details": null, "connected_node": null, "guideline": null, "details": [], "check_len": null, "definition_context_file_path": null }, { "check_id": "CKV_GITLABCI_1", "bc_check_id": null, "check_name": "Suspicious use of curl with CI environment variables in script", "check_result": { "result": "PASSED", "results_configuration": { "0": "ssh $VPS_USER@$VPS_IP \"docker stop myapp || true\"", "__startline__": 27, "__endline__": 27 } }, "code_block": [ [ 27, " - ssh $VPS_USER@$VPS_IP \"docker stop myapp || true\"\n" ], [ 28, " - ssh $VPS_USER@$VPS_IP \"docker run -d --name myapp -p 80:3000 $DOCKER_IMAGE\"" ] ], "file_path": "/.gitlab-ci.yml", "file_abs_path": "/scan/.gitlab-ci.yml", "repo_file_path": "/.gitlab-ci.yml", "file_line_range": [ 27, 28 ], "resource": "deploy", "evaluations": null, "check_class": "checkov.gitlab_ci.checks.job.SuspectCurlInScript", "fixed_definition": null, "entity_tags": null, "caller_file_path": null, "caller_file_line_range": null, "resource_address": null, "severity": null, "bc_category": null, "benchmarks": null, "description": null, "short_description": null, "vulnerability_details": null, "connected_node": null, "guideline": null, "details": [], "check_len": null, "definition_context_file_path": null }, { "check_id": "CKV_GITLABCI_1", "bc_check_id": null, "check_name": "Suspicious use of curl with CI environment variables in script", "check_result": { "result": "PASSED", "results_configuration": { "0": "ssh $VPS_USER@$VPS_IP \"docker run -d --name myapp -p 80:3000 $DOCKER_IMAGE\"", "__startline__": 28, "__endline__": 28 } }, "code_block": [ [ 28, " - ssh $VPS_USER@$VPS_IP \"docker run -d --name myapp -p 80:3000 $DOCKER_IMAGE\"" ] ], "file_path": "/.gitlab-ci.yml", "file_abs_path": "/scan/.gitlab-ci.yml", "repo_file_path": "/.gitlab-ci.yml", "file_line_range": [ 28, 29 ], "resource": "deploy", "evaluations": null, "check_class": "checkov.gitlab_ci.checks.job.SuspectCurlInScript", "fixed_definition": null, "entity_tags": null, "caller_file_path": null, "caller_file_line_range": null, "resource_address": null, "severity": null, "bc_category": null, "benchmarks": null, "description": null, "short_description": null, "vulnerability_details": null, "connected_node": null, "guideline": null, "details": [], "check_len": null, "definition_context_file_path": null }, { "check_id": "CKV_GITLABCI_3", "bc_check_id": null, "check_name": "Detecting image usages in gitlab workflows", "check_result": { "result": "PASSED", "results_configuration": { "0": "docker:24", "__startline__": 10, "__endline__": 10 } }, "code_block": [ [ 10, " image: docker:24\n" ], [ 11, " services:\n" ] ], "file_path": "/.gitlab-ci.yml", "file_abs_path": "/scan/.gitlab-ci.yml", "repo_file_path": "/.gitlab-ci.yml", "file_line_range": [ 10, 11 ], "resource": "build", "evaluations": null, "check_class": "checkov.gitlab_ci.checks.job.DetectImagesUsage", "fixed_definition": null, "entity_tags": null, "caller_file_path": null, "caller_file_line_range": null, "resource_address": null, "severity": null, "bc_category": null, "benchmarks": null, "description": null, "short_description": null, "vulnerability_details": null, "connected_node": null, "guideline": null, "details": [], "check_len": null, "definition_context_file_path": null }, { "check_id": "CKV_GITLABCI_3", "bc_check_id": null, "check_name": "Detecting image usages in gitlab workflows", "check_result": { "result": "PASSED", "results_configuration": { "0": "docker:dind", "__startline__": 12, "__endline__": 12 } }, "code_block": [ [ 12, " - docker:dind\n" ], [ 13, " script:\n" ] ], "file_path": "/.gitlab-ci.yml", "file_abs_path": "/scan/.gitlab-ci.yml", "repo_file_path": "/.gitlab-ci.yml", "file_line_range": [ 12, 13 ], "resource": "build", "evaluations": null, "check_class": "checkov.gitlab_ci.checks.job.DetectImagesUsage", "fixed_definition": null, "entity_tags": null, "caller_file_path": null, "caller_file_line_range": null, "resource_address": null, "severity": null, "bc_category": null, "benchmarks": null, "description": null, "short_description": null, "vulnerability_details": null, "connected_node": null, "guideline": null, "details": [], "check_len": null, "definition_context_file_path": null } ], "failed_checks": [], "skipped_checks": [], "parsing_errors": [] }, "summary": { "passed": 8, "failed": 0, "skipped": 0, "parsing_errors": 0, "resource_count": 0, "checkov_version": "3.2.501" }, "url": "Add an api key '--bc-api-key ' to see more detailed insights via https://bridgecrew.cloud" } ]