Files
2026-05-21 12:35:49 -04:00

15121 lines
706 KiB
JSON

[
{
"check_type": "dockerfile",
"results": {
"passed_checks": [
{
"check_id": "CKV_DOCKER_9",
"bc_check_id": "BC_DKR_NETWORKING_1",
"check_name": "Ensure that APT isn't used",
"check_result": {
"result": "PASSED",
"results_configuration": null
},
"code_block": [
[
1,
"FROM node:20-bookworm AS builder\n"
],
[
2,
"\n"
],
[
3,
"WORKDIR /app\n"
],
[
4,
"\n"
],
[
5,
"RUN corepack enable && corepack prepare npm@10.5.0 --activate\n"
],
[
6,
"\n"
],
[
7,
"COPY package.json package-lock.json turbo.json tsconfig.base.json ./\n"
],
[
8,
"COPY apps ./apps\n"
],
[
9,
"COPY packages ./packages\n"
],
[
10,
"\n"
],
[
11,
"# NEXT_PUBLIC_* vars must be present at build time \u2014 they are inlined into JS bundles\n"
],
[
12,
"ARG NEXT_PUBLIC_API_URL\n"
],
[
13,
"ARG NEXT_PUBLIC_MARKETPLACE_URL\n"
],
[
14,
"ARG NEXT_PUBLIC_DASHBOARD_URL\n"
],
[
15,
"ARG NEXT_PUBLIC_ADMIN_URL\n"
],
[
16,
"ENV NEXT_PUBLIC_API_URL=$NEXT_PUBLIC_API_URL \\\n"
],
[
17,
" NEXT_PUBLIC_MARKETPLACE_URL=$NEXT_PUBLIC_MARKETPLACE_URL \\\n"
],
[
18,
" NEXT_PUBLIC_DASHBOARD_URL=$NEXT_PUBLIC_DASHBOARD_URL \\\n"
],
[
19,
" NEXT_PUBLIC_ADMIN_URL=$NEXT_PUBLIC_ADMIN_URL\n"
],
[
20,
"\n"
],
[
21,
"RUN npm install\n"
],
[
22,
"RUN npm run db:generate\n"
],
[
23,
"RUN npm run build\n"
],
[
24,
"\n"
],
[
25,
"FROM node:20-bookworm AS runner\n"
],
[
26,
"\n"
],
[
27,
"WORKDIR /app\n"
],
[
28,
"\n"
],
[
29,
"ENV NODE_ENV=production\n"
],
[
30,
"\n"
],
[
31,
"RUN corepack enable && corepack prepare npm@10.5.0 --activate\n"
],
[
32,
"\n"
],
[
33,
"COPY --from=builder /app/package.json /app/package-lock.json /app/turbo.json /app/tsconfig.base.json ./\n"
],
[
34,
"COPY --from=builder /app/node_modules ./node_modules\n"
],
[
35,
"COPY --from=builder /app/apps ./apps\n"
],
[
36,
"COPY --from=builder /app/packages ./packages\n"
],
[
37,
"\n"
],
[
38,
"EXPOSE 3000 3001 3002 4000\n"
],
[
39,
"\n"
],
[
40,
"CMD [\"npm\", \"run\", \"start\", \"--workspace\", \"@rentaldrivego/api\"]"
]
],
"file_path": "/Dockerfile.production",
"file_abs_path": "/scan/Dockerfile.production",
"repo_file_path": "/Dockerfile.production",
"file_line_range": [
1,
40
],
"resource": "/Dockerfile.production.",
"evaluations": null,
"check_class": "checkov.dockerfile.checks.RunUsingAPT",
"fixed_definition": null,
"entity_tags": null,
"caller_file_path": null,
"caller_file_line_range": null,
"resource_address": null,
"severity": null,
"bc_category": null,
"benchmarks": null,
"description": null,
"short_description": null,
"vulnerability_details": null,
"connected_node": null,
"guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-apt-is-not-used",
"details": [],
"check_len": null,
"definition_context_file_path": null
},
{
"check_id": "CKV_DOCKER_5",
"bc_check_id": "BC_DKR_4",
"check_name": "Ensure update instructions are not use alone in the Dockerfile",
"check_result": {
"result": "PASSED",
"results_configuration": null
},
"code_block": [
[
1,
"FROM node:20-bookworm AS builder\n"
],
[
2,
"\n"
],
[
3,
"WORKDIR /app\n"
],
[
4,
"\n"
],
[
5,
"RUN corepack enable && corepack prepare npm@10.5.0 --activate\n"
],
[
6,
"\n"
],
[
7,
"COPY package.json package-lock.json turbo.json tsconfig.base.json ./\n"
],
[
8,
"COPY apps ./apps\n"
],
[
9,
"COPY packages ./packages\n"
],
[
10,
"\n"
],
[
11,
"# NEXT_PUBLIC_* vars must be present at build time \u2014 they are inlined into JS bundles\n"
],
[
12,
"ARG NEXT_PUBLIC_API_URL\n"
],
[
13,
"ARG NEXT_PUBLIC_MARKETPLACE_URL\n"
],
[
14,
"ARG NEXT_PUBLIC_DASHBOARD_URL\n"
],
[
15,
"ARG NEXT_PUBLIC_ADMIN_URL\n"
],
[
16,
"ENV NEXT_PUBLIC_API_URL=$NEXT_PUBLIC_API_URL \\\n"
],
[
17,
" NEXT_PUBLIC_MARKETPLACE_URL=$NEXT_PUBLIC_MARKETPLACE_URL \\\n"
],
[
18,
" NEXT_PUBLIC_DASHBOARD_URL=$NEXT_PUBLIC_DASHBOARD_URL \\\n"
],
[
19,
" NEXT_PUBLIC_ADMIN_URL=$NEXT_PUBLIC_ADMIN_URL\n"
],
[
20,
"\n"
],
[
21,
"RUN npm install\n"
],
[
22,
"RUN npm run db:generate\n"
],
[
23,
"RUN npm run build\n"
],
[
24,
"\n"
],
[
25,
"FROM node:20-bookworm AS runner\n"
],
[
26,
"\n"
],
[
27,
"WORKDIR /app\n"
],
[
28,
"\n"
],
[
29,
"ENV NODE_ENV=production\n"
],
[
30,
"\n"
],
[
31,
"RUN corepack enable && corepack prepare npm@10.5.0 --activate\n"
],
[
32,
"\n"
],
[
33,
"COPY --from=builder /app/package.json /app/package-lock.json /app/turbo.json /app/tsconfig.base.json ./\n"
],
[
34,
"COPY --from=builder /app/node_modules ./node_modules\n"
],
[
35,
"COPY --from=builder /app/apps ./apps\n"
],
[
36,
"COPY --from=builder /app/packages ./packages\n"
],
[
37,
"\n"
],
[
38,
"EXPOSE 3000 3001 3002 4000\n"
],
[
39,
"\n"
],
[
40,
"CMD [\"npm\", \"run\", \"start\", \"--workspace\", \"@rentaldrivego/api\"]"
]
],
"file_path": "/Dockerfile.production",
"file_abs_path": "/scan/Dockerfile.production",
"repo_file_path": "/Dockerfile.production",
"file_line_range": [
1,
40
],
"resource": "/Dockerfile.production.",
"evaluations": null,
"check_class": "checkov.dockerfile.checks.UpdateNotAlone",
"fixed_definition": null,
"entity_tags": null,
"caller_file_path": null,
"caller_file_line_range": null,
"resource_address": null,
"severity": null,
"bc_category": null,
"benchmarks": null,
"description": null,
"short_description": null,
"vulnerability_details": null,
"connected_node": null,
"guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-update-instructions-are-not-used-alone-in-the-dockerfile",
"details": [],
"check_len": null,
"definition_context_file_path": null
},
{
"check_id": "CKV_DOCKER_11",
"bc_check_id": "BC_DKR_GENERAL_9",
"check_name": "Ensure From Alias are unique for multistage builds.",
"check_result": {
"result": "PASSED",
"results_configuration": null
},
"code_block": [
[
1,
"FROM node:20-bookworm AS builder\n"
],
[
2,
"\n"
],
[
3,
"WORKDIR /app\n"
],
[
4,
"\n"
],
[
5,
"RUN corepack enable && corepack prepare npm@10.5.0 --activate\n"
],
[
6,
"\n"
],
[
7,
"COPY package.json package-lock.json turbo.json tsconfig.base.json ./\n"
],
[
8,
"COPY apps ./apps\n"
],
[
9,
"COPY packages ./packages\n"
],
[
10,
"\n"
],
[
11,
"# NEXT_PUBLIC_* vars must be present at build time \u2014 they are inlined into JS bundles\n"
],
[
12,
"ARG NEXT_PUBLIC_API_URL\n"
],
[
13,
"ARG NEXT_PUBLIC_MARKETPLACE_URL\n"
],
[
14,
"ARG NEXT_PUBLIC_DASHBOARD_URL\n"
],
[
15,
"ARG NEXT_PUBLIC_ADMIN_URL\n"
],
[
16,
"ENV NEXT_PUBLIC_API_URL=$NEXT_PUBLIC_API_URL \\\n"
],
[
17,
" NEXT_PUBLIC_MARKETPLACE_URL=$NEXT_PUBLIC_MARKETPLACE_URL \\\n"
],
[
18,
" NEXT_PUBLIC_DASHBOARD_URL=$NEXT_PUBLIC_DASHBOARD_URL \\\n"
],
[
19,
" NEXT_PUBLIC_ADMIN_URL=$NEXT_PUBLIC_ADMIN_URL\n"
],
[
20,
"\n"
],
[
21,
"RUN npm install\n"
],
[
22,
"RUN npm run db:generate\n"
],
[
23,
"RUN npm run build\n"
],
[
24,
"\n"
],
[
25,
"FROM node:20-bookworm AS runner\n"
],
[
26,
"\n"
],
[
27,
"WORKDIR /app\n"
],
[
28,
"\n"
],
[
29,
"ENV NODE_ENV=production\n"
],
[
30,
"\n"
],
[
31,
"RUN corepack enable && corepack prepare npm@10.5.0 --activate\n"
],
[
32,
"\n"
],
[
33,
"COPY --from=builder /app/package.json /app/package-lock.json /app/turbo.json /app/tsconfig.base.json ./\n"
],
[
34,
"COPY --from=builder /app/node_modules ./node_modules\n"
],
[
35,
"COPY --from=builder /app/apps ./apps\n"
],
[
36,
"COPY --from=builder /app/packages ./packages\n"
],
[
37,
"\n"
],
[
38,
"EXPOSE 3000 3001 3002 4000\n"
],
[
39,
"\n"
],
[
40,
"CMD [\"npm\", \"run\", \"start\", \"--workspace\", \"@rentaldrivego/api\"]"
]
],
"file_path": "/Dockerfile.production",
"file_abs_path": "/scan/Dockerfile.production",
"repo_file_path": "/Dockerfile.production",
"file_line_range": [
1,
40
],
"resource": "/Dockerfile.production.",
"evaluations": null,
"check_class": "checkov.dockerfile.checks.AliasIsUnique",
"fixed_definition": null,
"entity_tags": null,
"caller_file_path": null,
"caller_file_line_range": null,
"resource_address": null,
"severity": null,
"bc_category": null,
"benchmarks": null,
"description": null,
"short_description": null,
"vulnerability_details": null,
"connected_node": null,
"guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-from-alias-is-unique-for-multistage-builds",
"details": [],
"check_len": null,
"definition_context_file_path": null
},
{
"check_id": "CKV_DOCKER_7",
"bc_check_id": "BC_DKR_7",
"check_name": "Ensure the base image uses a non latest version tag",
"check_result": {
"result": "PASSED",
"results_configuration": [
{
"instruction": "FROM",
"startline": 24,
"endline": 24,
"content": "FROM node:20-bookworm AS runner\n",
"value": "node:20-bookworm AS runner"
}
]
},
"code_block": [
[
25,
"FROM node:20-bookworm AS runner\n"
]
],
"file_path": "/Dockerfile.production",
"file_abs_path": "/scan/Dockerfile.production",
"repo_file_path": "/Dockerfile.production",
"file_line_range": [
25,
25
],
"resource": "/Dockerfile.production.FROM",
"evaluations": null,
"check_class": "checkov.dockerfile.checks.ReferenceLatestTag",
"fixed_definition": null,
"entity_tags": null,
"caller_file_path": null,
"caller_file_line_range": null,
"resource_address": null,
"severity": null,
"bc_category": null,
"benchmarks": null,
"description": null,
"short_description": null,
"vulnerability_details": null,
"connected_node": null,
"guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-the-base-image-uses-a-non-latest-version-tag",
"details": [],
"check_len": null,
"definition_context_file_path": null
},
{
"check_id": "CKV_DOCKER_1",
"bc_check_id": "BC_DKR_1",
"check_name": "Ensure port 22 is not exposed",
"check_result": {
"result": "PASSED",
"results_configuration": null
},
"code_block": [
[
1,
"FROM node:20-bookworm AS builder\n"
],
[
2,
"\n"
],
[
3,
"WORKDIR /app\n"
],
[
4,
"\n"
],
[
5,
"RUN corepack enable && corepack prepare npm@10.5.0 --activate\n"
],
[
6,
"\n"
],
[
7,
"COPY package.json package-lock.json turbo.json tsconfig.base.json ./\n"
],
[
8,
"COPY apps ./apps\n"
],
[
9,
"COPY packages ./packages\n"
],
[
10,
"\n"
],
[
11,
"# NEXT_PUBLIC_* vars must be present at build time \u2014 they are inlined into JS bundles\n"
],
[
12,
"ARG NEXT_PUBLIC_API_URL\n"
],
[
13,
"ARG NEXT_PUBLIC_MARKETPLACE_URL\n"
],
[
14,
"ARG NEXT_PUBLIC_DASHBOARD_URL\n"
],
[
15,
"ARG NEXT_PUBLIC_ADMIN_URL\n"
],
[
16,
"ENV NEXT_PUBLIC_API_URL=$NEXT_PUBLIC_API_URL \\\n"
],
[
17,
" NEXT_PUBLIC_MARKETPLACE_URL=$NEXT_PUBLIC_MARKETPLACE_URL \\\n"
],
[
18,
" NEXT_PUBLIC_DASHBOARD_URL=$NEXT_PUBLIC_DASHBOARD_URL \\\n"
],
[
19,
" NEXT_PUBLIC_ADMIN_URL=$NEXT_PUBLIC_ADMIN_URL\n"
],
[
20,
"\n"
],
[
21,
"RUN npm install\n"
],
[
22,
"RUN npm run db:generate\n"
],
[
23,
"RUN npm run build\n"
],
[
24,
"\n"
],
[
25,
"FROM node:20-bookworm AS runner\n"
],
[
26,
"\n"
],
[
27,
"WORKDIR /app\n"
],
[
28,
"\n"
],
[
29,
"ENV NODE_ENV=production\n"
],
[
30,
"\n"
],
[
31,
"RUN corepack enable && corepack prepare npm@10.5.0 --activate\n"
],
[
32,
"\n"
],
[
33,
"COPY --from=builder /app/package.json /app/package-lock.json /app/turbo.json /app/tsconfig.base.json ./\n"
],
[
34,
"COPY --from=builder /app/node_modules ./node_modules\n"
],
[
35,
"COPY --from=builder /app/apps ./apps\n"
],
[
36,
"COPY --from=builder /app/packages ./packages\n"
],
[
37,
"\n"
],
[
38,
"EXPOSE 3000 3001 3002 4000\n"
],
[
39,
"\n"
],
[
40,
"CMD [\"npm\", \"run\", \"start\", \"--workspace\", \"@rentaldrivego/api\"]"
]
],
"file_path": "/Dockerfile.production",
"file_abs_path": "/scan/Dockerfile.production",
"repo_file_path": "/Dockerfile.production",
"file_line_range": [
1,
40
],
"resource": "/Dockerfile.production.",
"evaluations": null,
"check_class": "checkov.dockerfile.checks.ExposePort22",
"fixed_definition": null,
"entity_tags": null,
"caller_file_path": null,
"caller_file_line_range": null,
"resource_address": null,
"severity": null,
"bc_category": null,
"benchmarks": null,
"description": null,
"short_description": null,
"vulnerability_details": null,
"connected_node": null,
"guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-port-22-is-not-exposed",
"details": [],
"check_len": null,
"definition_context_file_path": null
},
{
"check_id": "CKV_DOCKER_10",
"bc_check_id": "BC_DKR_GENERAL_10",
"check_name": "Ensure that WORKDIR values are absolute paths",
"check_result": {
"result": "PASSED",
"results_configuration": null
},
"code_block": [
[
1,
"FROM node:20-bookworm AS builder\n"
],
[
2,
"\n"
],
[
3,
"WORKDIR /app\n"
],
[
4,
"\n"
],
[
5,
"RUN corepack enable && corepack prepare npm@10.5.0 --activate\n"
],
[
6,
"\n"
],
[
7,
"COPY package.json package-lock.json turbo.json tsconfig.base.json ./\n"
],
[
8,
"COPY apps ./apps\n"
],
[
9,
"COPY packages ./packages\n"
],
[
10,
"\n"
],
[
11,
"# NEXT_PUBLIC_* vars must be present at build time \u2014 they are inlined into JS bundles\n"
],
[
12,
"ARG NEXT_PUBLIC_API_URL\n"
],
[
13,
"ARG NEXT_PUBLIC_MARKETPLACE_URL\n"
],
[
14,
"ARG NEXT_PUBLIC_DASHBOARD_URL\n"
],
[
15,
"ARG NEXT_PUBLIC_ADMIN_URL\n"
],
[
16,
"ENV NEXT_PUBLIC_API_URL=$NEXT_PUBLIC_API_URL \\\n"
],
[
17,
" NEXT_PUBLIC_MARKETPLACE_URL=$NEXT_PUBLIC_MARKETPLACE_URL \\\n"
],
[
18,
" NEXT_PUBLIC_DASHBOARD_URL=$NEXT_PUBLIC_DASHBOARD_URL \\\n"
],
[
19,
" NEXT_PUBLIC_ADMIN_URL=$NEXT_PUBLIC_ADMIN_URL\n"
],
[
20,
"\n"
],
[
21,
"RUN npm install\n"
],
[
22,
"RUN npm run db:generate\n"
],
[
23,
"RUN npm run build\n"
],
[
24,
"\n"
],
[
25,
"FROM node:20-bookworm AS runner\n"
],
[
26,
"\n"
],
[
27,
"WORKDIR /app\n"
],
[
28,
"\n"
],
[
29,
"ENV NODE_ENV=production\n"
],
[
30,
"\n"
],
[
31,
"RUN corepack enable && corepack prepare npm@10.5.0 --activate\n"
],
[
32,
"\n"
],
[
33,
"COPY --from=builder /app/package.json /app/package-lock.json /app/turbo.json /app/tsconfig.base.json ./\n"
],
[
34,
"COPY --from=builder /app/node_modules ./node_modules\n"
],
[
35,
"COPY --from=builder /app/apps ./apps\n"
],
[
36,
"COPY --from=builder /app/packages ./packages\n"
],
[
37,
"\n"
],
[
38,
"EXPOSE 3000 3001 3002 4000\n"
],
[
39,
"\n"
],
[
40,
"CMD [\"npm\", \"run\", \"start\", \"--workspace\", \"@rentaldrivego/api\"]"
]
],
"file_path": "/Dockerfile.production",
"file_abs_path": "/scan/Dockerfile.production",
"repo_file_path": "/Dockerfile.production",
"file_line_range": [
1,
40
],
"resource": "/Dockerfile.production.",
"evaluations": null,
"check_class": "checkov.dockerfile.checks.WorkdirIsAbsolute",
"fixed_definition": null,
"entity_tags": null,
"caller_file_path": null,
"caller_file_line_range": null,
"resource_address": null,
"severity": null,
"bc_category": null,
"benchmarks": null,
"description": null,
"short_description": null,
"vulnerability_details": null,
"connected_node": null,
"guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-workdir-values-are-absolute-paths",
"details": [],
"check_len": null,
"definition_context_file_path": null
},
{
"check_id": "CKV_DOCKER_9",
"bc_check_id": "BC_DKR_NETWORKING_1",
"check_name": "Ensure that APT isn't used",
"check_result": {
"result": "PASSED",
"results_configuration": null
},
"code_block": [
[
1,
"FROM node:20-bookworm\n"
],
[
2,
"\n"
],
[
3,
"WORKDIR /app\n"
],
[
4,
"\n"
],
[
5,
"RUN corepack enable && corepack prepare npm@10.5.0 --activate\n"
],
[
6,
"\n"
],
[
7,
"COPY package.json package-lock.json turbo.json tsconfig.base.json ./\n"
],
[
8,
"COPY apps ./apps\n"
],
[
9,
"COPY packages ./packages\n"
],
[
10,
"\n"
],
[
11,
"RUN npm install\n"
],
[
12,
"\n"
],
[
13,
"ENV NODE_ENV=test\n"
],
[
14,
"\n"
],
[
15,
"CMD [\"sh\", \"-c\", \"npm run db:deploy && npm run db:generate && npm run type-check && npm run build && npm run test:api:integration\"]"
]
],
"file_path": "/Dockerfile.test",
"file_abs_path": "/scan/Dockerfile.test",
"repo_file_path": "/Dockerfile.test",
"file_line_range": [
1,
15
],
"resource": "/Dockerfile.test.",
"evaluations": null,
"check_class": "checkov.dockerfile.checks.RunUsingAPT",
"fixed_definition": null,
"entity_tags": null,
"caller_file_path": null,
"caller_file_line_range": null,
"resource_address": null,
"severity": null,
"bc_category": null,
"benchmarks": null,
"description": null,
"short_description": null,
"vulnerability_details": null,
"connected_node": null,
"guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-apt-is-not-used",
"details": [],
"check_len": null,
"definition_context_file_path": null
},
{
"check_id": "CKV_DOCKER_5",
"bc_check_id": "BC_DKR_4",
"check_name": "Ensure update instructions are not use alone in the Dockerfile",
"check_result": {
"result": "PASSED",
"results_configuration": null
},
"code_block": [
[
1,
"FROM node:20-bookworm\n"
],
[
2,
"\n"
],
[
3,
"WORKDIR /app\n"
],
[
4,
"\n"
],
[
5,
"RUN corepack enable && corepack prepare npm@10.5.0 --activate\n"
],
[
6,
"\n"
],
[
7,
"COPY package.json package-lock.json turbo.json tsconfig.base.json ./\n"
],
[
8,
"COPY apps ./apps\n"
],
[
9,
"COPY packages ./packages\n"
],
[
10,
"\n"
],
[
11,
"RUN npm install\n"
],
[
12,
"\n"
],
[
13,
"ENV NODE_ENV=test\n"
],
[
14,
"\n"
],
[
15,
"CMD [\"sh\", \"-c\", \"npm run db:deploy && npm run db:generate && npm run type-check && npm run build && npm run test:api:integration\"]"
]
],
"file_path": "/Dockerfile.test",
"file_abs_path": "/scan/Dockerfile.test",
"repo_file_path": "/Dockerfile.test",
"file_line_range": [
1,
15
],
"resource": "/Dockerfile.test.",
"evaluations": null,
"check_class": "checkov.dockerfile.checks.UpdateNotAlone",
"fixed_definition": null,
"entity_tags": null,
"caller_file_path": null,
"caller_file_line_range": null,
"resource_address": null,
"severity": null,
"bc_category": null,
"benchmarks": null,
"description": null,
"short_description": null,
"vulnerability_details": null,
"connected_node": null,
"guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-update-instructions-are-not-used-alone-in-the-dockerfile",
"details": [],
"check_len": null,
"definition_context_file_path": null
},
{
"check_id": "CKV_DOCKER_11",
"bc_check_id": "BC_DKR_GENERAL_9",
"check_name": "Ensure From Alias are unique for multistage builds.",
"check_result": {
"result": "PASSED",
"results_configuration": null
},
"code_block": [
[
1,
"FROM node:20-bookworm\n"
],
[
2,
"\n"
],
[
3,
"WORKDIR /app\n"
],
[
4,
"\n"
],
[
5,
"RUN corepack enable && corepack prepare npm@10.5.0 --activate\n"
],
[
6,
"\n"
],
[
7,
"COPY package.json package-lock.json turbo.json tsconfig.base.json ./\n"
],
[
8,
"COPY apps ./apps\n"
],
[
9,
"COPY packages ./packages\n"
],
[
10,
"\n"
],
[
11,
"RUN npm install\n"
],
[
12,
"\n"
],
[
13,
"ENV NODE_ENV=test\n"
],
[
14,
"\n"
],
[
15,
"CMD [\"sh\", \"-c\", \"npm run db:deploy && npm run db:generate && npm run type-check && npm run build && npm run test:api:integration\"]"
]
],
"file_path": "/Dockerfile.test",
"file_abs_path": "/scan/Dockerfile.test",
"repo_file_path": "/Dockerfile.test",
"file_line_range": [
1,
15
],
"resource": "/Dockerfile.test.",
"evaluations": null,
"check_class": "checkov.dockerfile.checks.AliasIsUnique",
"fixed_definition": null,
"entity_tags": null,
"caller_file_path": null,
"caller_file_line_range": null,
"resource_address": null,
"severity": null,
"bc_category": null,
"benchmarks": null,
"description": null,
"short_description": null,
"vulnerability_details": null,
"connected_node": null,
"guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-from-alias-is-unique-for-multistage-builds",
"details": [],
"check_len": null,
"definition_context_file_path": null
},
{
"check_id": "CKV_DOCKER_7",
"bc_check_id": "BC_DKR_7",
"check_name": "Ensure the base image uses a non latest version tag",
"check_result": {
"result": "PASSED",
"results_configuration": [
{
"instruction": "FROM",
"startline": 0,
"endline": 0,
"content": "FROM node:20-bookworm\n",
"value": "node:20-bookworm"
}
]
},
"code_block": [
[
1,
"FROM node:20-bookworm\n"
]
],
"file_path": "/Dockerfile.test",
"file_abs_path": "/scan/Dockerfile.test",
"repo_file_path": "/Dockerfile.test",
"file_line_range": [
1,
1
],
"resource": "/Dockerfile.test.FROM",
"evaluations": null,
"check_class": "checkov.dockerfile.checks.ReferenceLatestTag",
"fixed_definition": null,
"entity_tags": null,
"caller_file_path": null,
"caller_file_line_range": null,
"resource_address": null,
"severity": null,
"bc_category": null,
"benchmarks": null,
"description": null,
"short_description": null,
"vulnerability_details": null,
"connected_node": null,
"guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-the-base-image-uses-a-non-latest-version-tag",
"details": [],
"check_len": null,
"definition_context_file_path": null
},
{
"check_id": "CKV_DOCKER_10",
"bc_check_id": "BC_DKR_GENERAL_10",
"check_name": "Ensure that WORKDIR values are absolute paths",
"check_result": {
"result": "PASSED",
"results_configuration": null
},
"code_block": [
[
1,
"FROM node:20-bookworm\n"
],
[
2,
"\n"
],
[
3,
"WORKDIR /app\n"
],
[
4,
"\n"
],
[
5,
"RUN corepack enable && corepack prepare npm@10.5.0 --activate\n"
],
[
6,
"\n"
],
[
7,
"COPY package.json package-lock.json turbo.json tsconfig.base.json ./\n"
],
[
8,
"COPY apps ./apps\n"
],
[
9,
"COPY packages ./packages\n"
],
[
10,
"\n"
],
[
11,
"RUN npm install\n"
],
[
12,
"\n"
],
[
13,
"ENV NODE_ENV=test\n"
],
[
14,
"\n"
],
[
15,
"CMD [\"sh\", \"-c\", \"npm run db:deploy && npm run db:generate && npm run type-check && npm run build && npm run test:api:integration\"]"
]
],
"file_path": "/Dockerfile.test",
"file_abs_path": "/scan/Dockerfile.test",
"repo_file_path": "/Dockerfile.test",
"file_line_range": [
1,
15
],
"resource": "/Dockerfile.test.",
"evaluations": null,
"check_class": "checkov.dockerfile.checks.WorkdirIsAbsolute",
"fixed_definition": null,
"entity_tags": null,
"caller_file_path": null,
"caller_file_line_range": null,
"resource_address": null,
"severity": null,
"bc_category": null,
"benchmarks": null,
"description": null,
"short_description": null,
"vulnerability_details": null,
"connected_node": null,
"guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-workdir-values-are-absolute-paths",
"details": [],
"check_len": null,
"definition_context_file_path": null
},
{
"check_id": "CKV_DOCKER_9",
"bc_check_id": "BC_DKR_NETWORKING_1",
"check_name": "Ensure that APT isn't used",
"check_result": {
"result": "PASSED",
"results_configuration": null
},
"code_block": [
[
1,
"FROM node:20-bookworm\n"
],
[
2,
"\n"
],
[
3,
"WORKDIR /app\n"
],
[
4,
"\n"
],
[
5,
"RUN npm install -g npm@10.5.0 --no-fund --no-audit\n"
],
[
6,
"\n"
],
[
7,
"COPY package.json package-lock.json turbo.json tsconfig.base.json ./\n"
],
[
8,
"COPY apps ./apps\n"
],
[
9,
"COPY packages ./packages\n"
],
[
10,
"\n"
],
[
11,
"RUN npm ci --no-fund --no-audit\n"
],
[
12,
"\n"
],
[
13,
"EXPOSE 3000 3001 3002 3003 4000\n"
],
[
14,
"\n"
],
[
15,
"CMD [\"sh\", \"-c\", \"npm run db:generate && npm run dev\"]"
]
],
"file_path": "/Dockerfile.dev",
"file_abs_path": "/scan/Dockerfile.dev",
"repo_file_path": "/Dockerfile.dev",
"file_line_range": [
1,
15
],
"resource": "/Dockerfile.dev.",
"evaluations": null,
"check_class": "checkov.dockerfile.checks.RunUsingAPT",
"fixed_definition": null,
"entity_tags": null,
"caller_file_path": null,
"caller_file_line_range": null,
"resource_address": null,
"severity": null,
"bc_category": null,
"benchmarks": null,
"description": null,
"short_description": null,
"vulnerability_details": null,
"connected_node": null,
"guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-apt-is-not-used",
"details": [],
"check_len": null,
"definition_context_file_path": null
},
{
"check_id": "CKV_DOCKER_5",
"bc_check_id": "BC_DKR_4",
"check_name": "Ensure update instructions are not use alone in the Dockerfile",
"check_result": {
"result": "PASSED",
"results_configuration": null
},
"code_block": [
[
1,
"FROM node:20-bookworm\n"
],
[
2,
"\n"
],
[
3,
"WORKDIR /app\n"
],
[
4,
"\n"
],
[
5,
"RUN npm install -g npm@10.5.0 --no-fund --no-audit\n"
],
[
6,
"\n"
],
[
7,
"COPY package.json package-lock.json turbo.json tsconfig.base.json ./\n"
],
[
8,
"COPY apps ./apps\n"
],
[
9,
"COPY packages ./packages\n"
],
[
10,
"\n"
],
[
11,
"RUN npm ci --no-fund --no-audit\n"
],
[
12,
"\n"
],
[
13,
"EXPOSE 3000 3001 3002 3003 4000\n"
],
[
14,
"\n"
],
[
15,
"CMD [\"sh\", \"-c\", \"npm run db:generate && npm run dev\"]"
]
],
"file_path": "/Dockerfile.dev",
"file_abs_path": "/scan/Dockerfile.dev",
"repo_file_path": "/Dockerfile.dev",
"file_line_range": [
1,
15
],
"resource": "/Dockerfile.dev.",
"evaluations": null,
"check_class": "checkov.dockerfile.checks.UpdateNotAlone",
"fixed_definition": null,
"entity_tags": null,
"caller_file_path": null,
"caller_file_line_range": null,
"resource_address": null,
"severity": null,
"bc_category": null,
"benchmarks": null,
"description": null,
"short_description": null,
"vulnerability_details": null,
"connected_node": null,
"guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-update-instructions-are-not-used-alone-in-the-dockerfile",
"details": [],
"check_len": null,
"definition_context_file_path": null
},
{
"check_id": "CKV_DOCKER_11",
"bc_check_id": "BC_DKR_GENERAL_9",
"check_name": "Ensure From Alias are unique for multistage builds.",
"check_result": {
"result": "PASSED",
"results_configuration": null
},
"code_block": [
[
1,
"FROM node:20-bookworm\n"
],
[
2,
"\n"
],
[
3,
"WORKDIR /app\n"
],
[
4,
"\n"
],
[
5,
"RUN npm install -g npm@10.5.0 --no-fund --no-audit\n"
],
[
6,
"\n"
],
[
7,
"COPY package.json package-lock.json turbo.json tsconfig.base.json ./\n"
],
[
8,
"COPY apps ./apps\n"
],
[
9,
"COPY packages ./packages\n"
],
[
10,
"\n"
],
[
11,
"RUN npm ci --no-fund --no-audit\n"
],
[
12,
"\n"
],
[
13,
"EXPOSE 3000 3001 3002 3003 4000\n"
],
[
14,
"\n"
],
[
15,
"CMD [\"sh\", \"-c\", \"npm run db:generate && npm run dev\"]"
]
],
"file_path": "/Dockerfile.dev",
"file_abs_path": "/scan/Dockerfile.dev",
"repo_file_path": "/Dockerfile.dev",
"file_line_range": [
1,
15
],
"resource": "/Dockerfile.dev.",
"evaluations": null,
"check_class": "checkov.dockerfile.checks.AliasIsUnique",
"fixed_definition": null,
"entity_tags": null,
"caller_file_path": null,
"caller_file_line_range": null,
"resource_address": null,
"severity": null,
"bc_category": null,
"benchmarks": null,
"description": null,
"short_description": null,
"vulnerability_details": null,
"connected_node": null,
"guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-from-alias-is-unique-for-multistage-builds",
"details": [],
"check_len": null,
"definition_context_file_path": null
},
{
"check_id": "CKV_DOCKER_7",
"bc_check_id": "BC_DKR_7",
"check_name": "Ensure the base image uses a non latest version tag",
"check_result": {
"result": "PASSED",
"results_configuration": [
{
"instruction": "FROM",
"startline": 0,
"endline": 0,
"content": "FROM node:20-bookworm\n",
"value": "node:20-bookworm"
}
]
},
"code_block": [
[
1,
"FROM node:20-bookworm\n"
]
],
"file_path": "/Dockerfile.dev",
"file_abs_path": "/scan/Dockerfile.dev",
"repo_file_path": "/Dockerfile.dev",
"file_line_range": [
1,
1
],
"resource": "/Dockerfile.dev.FROM",
"evaluations": null,
"check_class": "checkov.dockerfile.checks.ReferenceLatestTag",
"fixed_definition": null,
"entity_tags": null,
"caller_file_path": null,
"caller_file_line_range": null,
"resource_address": null,
"severity": null,
"bc_category": null,
"benchmarks": null,
"description": null,
"short_description": null,
"vulnerability_details": null,
"connected_node": null,
"guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-the-base-image-uses-a-non-latest-version-tag",
"details": [],
"check_len": null,
"definition_context_file_path": null
},
{
"check_id": "CKV_DOCKER_1",
"bc_check_id": "BC_DKR_1",
"check_name": "Ensure port 22 is not exposed",
"check_result": {
"result": "PASSED",
"results_configuration": null
},
"code_block": [
[
1,
"FROM node:20-bookworm\n"
],
[
2,
"\n"
],
[
3,
"WORKDIR /app\n"
],
[
4,
"\n"
],
[
5,
"RUN npm install -g npm@10.5.0 --no-fund --no-audit\n"
],
[
6,
"\n"
],
[
7,
"COPY package.json package-lock.json turbo.json tsconfig.base.json ./\n"
],
[
8,
"COPY apps ./apps\n"
],
[
9,
"COPY packages ./packages\n"
],
[
10,
"\n"
],
[
11,
"RUN npm ci --no-fund --no-audit\n"
],
[
12,
"\n"
],
[
13,
"EXPOSE 3000 3001 3002 3003 4000\n"
],
[
14,
"\n"
],
[
15,
"CMD [\"sh\", \"-c\", \"npm run db:generate && npm run dev\"]"
]
],
"file_path": "/Dockerfile.dev",
"file_abs_path": "/scan/Dockerfile.dev",
"repo_file_path": "/Dockerfile.dev",
"file_line_range": [
1,
15
],
"resource": "/Dockerfile.dev.",
"evaluations": null,
"check_class": "checkov.dockerfile.checks.ExposePort22",
"fixed_definition": null,
"entity_tags": null,
"caller_file_path": null,
"caller_file_line_range": null,
"resource_address": null,
"severity": null,
"bc_category": null,
"benchmarks": null,
"description": null,
"short_description": null,
"vulnerability_details": null,
"connected_node": null,
"guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-port-22-is-not-exposed",
"details": [],
"check_len": null,
"definition_context_file_path": null
},
{
"check_id": "CKV_DOCKER_10",
"bc_check_id": "BC_DKR_GENERAL_10",
"check_name": "Ensure that WORKDIR values are absolute paths",
"check_result": {
"result": "PASSED",
"results_configuration": null
},
"code_block": [
[
1,
"FROM node:20-bookworm\n"
],
[
2,
"\n"
],
[
3,
"WORKDIR /app\n"
],
[
4,
"\n"
],
[
5,
"RUN npm install -g npm@10.5.0 --no-fund --no-audit\n"
],
[
6,
"\n"
],
[
7,
"COPY package.json package-lock.json turbo.json tsconfig.base.json ./\n"
],
[
8,
"COPY apps ./apps\n"
],
[
9,
"COPY packages ./packages\n"
],
[
10,
"\n"
],
[
11,
"RUN npm ci --no-fund --no-audit\n"
],
[
12,
"\n"
],
[
13,
"EXPOSE 3000 3001 3002 3003 4000\n"
],
[
14,
"\n"
],
[
15,
"CMD [\"sh\", \"-c\", \"npm run db:generate && npm run dev\"]"
]
],
"file_path": "/Dockerfile.dev",
"file_abs_path": "/scan/Dockerfile.dev",
"repo_file_path": "/Dockerfile.dev",
"file_line_range": [
1,
15
],
"resource": "/Dockerfile.dev.",
"evaluations": null,
"check_class": "checkov.dockerfile.checks.WorkdirIsAbsolute",
"fixed_definition": null,
"entity_tags": null,
"caller_file_path": null,
"caller_file_line_range": null,
"resource_address": null,
"severity": null,
"bc_category": null,
"benchmarks": null,
"description": null,
"short_description": null,
"vulnerability_details": null,
"connected_node": null,
"guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-workdir-values-are-absolute-paths",
"details": [],
"check_len": null,
"definition_context_file_path": null
},
{
"check_id": "CKV2_DOCKER_1",
"bc_check_id": null,
"check_name": "Ensure that sudo isn't used",
"check_result": {
"result": "PASSED",
"entity": {
"block_name_": "RUN",
"block_type_": "resource",
"file_path_": "/Dockerfile.production",
"config_": {
"content": "RUN corepack enable && corepack prepare npm@10.5.0 --activate\n",
"value": "corepack enable && corepack prepare npm@10.5.0 --activate",
"__startline__": 4,
"__endline__": 4
},
"label_": "resource: RUN",
"id_": "RUN",
"source_": "Dockerfile",
"content": "RUN corepack enable && corepack prepare npm@10.5.0 --activate\n",
"value": "corepack enable && corepack prepare npm@10.5.0 --activate",
"__startline__": 4,
"__endline__": 4,
"resource_type": "RUN",
"hash": "dbd32b6bad6b728919787011f82d60c50d7b2d1c079f814de2b1640696c98816"
},
"evaluated_keys": [
"value"
]
},
"code_block": [
[
5,
"RUN corepack enable && corepack prepare npm@10.5.0 --activate\n"
]
],
"file_path": "/Dockerfile.production",
"file_abs_path": "/scan/Dockerfile.production",
"repo_file_path": "/Dockerfile.production",
"file_line_range": [
5,
5
],
"resource": "/Dockerfile.production.RUN",
"evaluations": null,
"check_class": "checkov.common.graph.checks_infra.base_check",
"fixed_definition": null,
"entity_tags": null,
"caller_file_path": null,
"caller_file_line_range": null,
"resource_address": null,
"severity": null,
"bc_category": null,
"benchmarks": null,
"description": null,
"short_description": null,
"vulnerability_details": null,
"connected_node": null,
"guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-dont-use-sudo",
"details": [],
"check_len": null,
"definition_context_file_path": null
},
{
"check_id": "CKV2_DOCKER_1",
"bc_check_id": null,
"check_name": "Ensure that sudo isn't used",
"check_result": {
"result": "PASSED",
"entity": {
"block_name_": "RUN",
"block_type_": "resource",
"file_path_": "/Dockerfile.production",
"config_": {
"content": "RUN npm install\n",
"value": "npm install",
"__startline__": 20,
"__endline__": 20
},
"label_": "resource: RUN",
"id_": "RUN",
"source_": "Dockerfile",
"content": "RUN npm install\n",
"value": "npm install",
"__startline__": 20,
"__endline__": 20,
"resource_type": "RUN",
"hash": "6979b14e6a853ac150ffef85c5e28fd49c956054ea2cb1d01440e13b17260c4a"
},
"evaluated_keys": [
"value"
]
},
"code_block": [
[
21,
"RUN npm install\n"
]
],
"file_path": "/Dockerfile.production",
"file_abs_path": "/scan/Dockerfile.production",
"repo_file_path": "/Dockerfile.production",
"file_line_range": [
21,
21
],
"resource": "/Dockerfile.production.RUN",
"evaluations": null,
"check_class": "checkov.common.graph.checks_infra.base_check",
"fixed_definition": null,
"entity_tags": null,
"caller_file_path": null,
"caller_file_line_range": null,
"resource_address": null,
"severity": null,
"bc_category": null,
"benchmarks": null,
"description": null,
"short_description": null,
"vulnerability_details": null,
"connected_node": null,
"guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-dont-use-sudo",
"details": [],
"check_len": null,
"definition_context_file_path": null
},
{
"check_id": "CKV2_DOCKER_1",
"bc_check_id": null,
"check_name": "Ensure that sudo isn't used",
"check_result": {
"result": "PASSED",
"entity": {
"block_name_": "RUN",
"block_type_": "resource",
"file_path_": "/Dockerfile.production",
"config_": {
"content": "RUN npm run db:generate\n",
"value": "npm run db:generate",
"__startline__": 21,
"__endline__": 21
},
"label_": "resource: RUN",
"id_": "RUN",
"source_": "Dockerfile",
"content": "RUN npm run db:generate\n",
"value": "npm run db:generate",
"__startline__": 21,
"__endline__": 21,
"resource_type": "RUN",
"hash": "c1f9cc0c42260bb0183d7e7b9ec2edab99837111ad42dbbdd7fad09ff3e37ab0"
},
"evaluated_keys": [
"value"
]
},
"code_block": [
[
22,
"RUN npm run db:generate\n"
]
],
"file_path": "/Dockerfile.production",
"file_abs_path": "/scan/Dockerfile.production",
"repo_file_path": "/Dockerfile.production",
"file_line_range": [
22,
22
],
"resource": "/Dockerfile.production.RUN",
"evaluations": null,
"check_class": "checkov.common.graph.checks_infra.base_check",
"fixed_definition": null,
"entity_tags": null,
"caller_file_path": null,
"caller_file_line_range": null,
"resource_address": null,
"severity": null,
"bc_category": null,
"benchmarks": null,
"description": null,
"short_description": null,
"vulnerability_details": null,
"connected_node": null,
"guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-dont-use-sudo",
"details": [],
"check_len": null,
"definition_context_file_path": null
},
{
"check_id": "CKV2_DOCKER_1",
"bc_check_id": null,
"check_name": "Ensure that sudo isn't used",
"check_result": {
"result": "PASSED",
"entity": {
"block_name_": "RUN",
"block_type_": "resource",
"file_path_": "/Dockerfile.production",
"config_": {
"content": "RUN npm run build\n",
"value": "npm run build",
"__startline__": 22,
"__endline__": 22
},
"label_": "resource: RUN",
"id_": "RUN",
"source_": "Dockerfile",
"content": "RUN npm run build\n",
"value": "npm run build",
"__startline__": 22,
"__endline__": 22,
"resource_type": "RUN",
"hash": "1bf185fb6038f1b491f2a2686de4dd9869ccdd9c3e34d2772cf43bd368377aa6"
},
"evaluated_keys": [
"value"
]
},
"code_block": [
[
23,
"RUN npm run build\n"
]
],
"file_path": "/Dockerfile.production",
"file_abs_path": "/scan/Dockerfile.production",
"repo_file_path": "/Dockerfile.production",
"file_line_range": [
23,
23
],
"resource": "/Dockerfile.production.RUN",
"evaluations": null,
"check_class": "checkov.common.graph.checks_infra.base_check",
"fixed_definition": null,
"entity_tags": null,
"caller_file_path": null,
"caller_file_line_range": null,
"resource_address": null,
"severity": null,
"bc_category": null,
"benchmarks": null,
"description": null,
"short_description": null,
"vulnerability_details": null,
"connected_node": null,
"guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-dont-use-sudo",
"details": [],
"check_len": null,
"definition_context_file_path": null
},
{
"check_id": "CKV2_DOCKER_1",
"bc_check_id": null,
"check_name": "Ensure that sudo isn't used",
"check_result": {
"result": "PASSED",
"entity": {
"block_name_": "RUN",
"block_type_": "resource",
"file_path_": "/Dockerfile.production",
"config_": {
"content": "RUN corepack enable && corepack prepare npm@10.5.0 --activate\n",
"value": "corepack enable && corepack prepare npm@10.5.0 --activate",
"__startline__": 30,
"__endline__": 30
},
"label_": "resource: RUN",
"id_": "RUN",
"source_": "Dockerfile",
"content": "RUN corepack enable && corepack prepare npm@10.5.0 --activate\n",
"value": "corepack enable && corepack prepare npm@10.5.0 --activate",
"__startline__": 30,
"__endline__": 30,
"resource_type": "RUN",
"hash": "01c88e306f7db45ae7136e3bdb63c4b15978dd024f6ed18210961fc3db3df382"
},
"evaluated_keys": [
"value"
]
},
"code_block": [
[
31,
"RUN corepack enable && corepack prepare npm@10.5.0 --activate\n"
]
],
"file_path": "/Dockerfile.production",
"file_abs_path": "/scan/Dockerfile.production",
"repo_file_path": "/Dockerfile.production",
"file_line_range": [
31,
31
],
"resource": "/Dockerfile.production.RUN",
"evaluations": null,
"check_class": "checkov.common.graph.checks_infra.base_check",
"fixed_definition": null,
"entity_tags": null,
"caller_file_path": null,
"caller_file_line_range": null,
"resource_address": null,
"severity": null,
"bc_category": null,
"benchmarks": null,
"description": null,
"short_description": null,
"vulnerability_details": null,
"connected_node": null,
"guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-dont-use-sudo",
"details": [],
"check_len": null,
"definition_context_file_path": null
},
{
"check_id": "CKV2_DOCKER_1",
"bc_check_id": null,
"check_name": "Ensure that sudo isn't used",
"check_result": {
"result": "PASSED",
"entity": {
"block_name_": "RUN",
"block_type_": "resource",
"file_path_": "/Dockerfile.test",
"config_": {
"content": "RUN corepack enable && corepack prepare npm@10.5.0 --activate\n",
"value": "corepack enable && corepack prepare npm@10.5.0 --activate",
"__startline__": 4,
"__endline__": 4
},
"label_": "resource: RUN",
"id_": "RUN",
"source_": "Dockerfile",
"content": "RUN corepack enable && corepack prepare npm@10.5.0 --activate\n",
"value": "corepack enable && corepack prepare npm@10.5.0 --activate",
"__startline__": 4,
"__endline__": 4,
"resource_type": "RUN",
"hash": "1d5fb0a211498b8baf37e5744578ad03459da7798534298981f23fdefb7eb757"
},
"evaluated_keys": [
"value"
]
},
"code_block": [
[
5,
"RUN corepack enable && corepack prepare npm@10.5.0 --activate\n"
]
],
"file_path": "/Dockerfile.test",
"file_abs_path": "/scan/Dockerfile.test",
"repo_file_path": "/Dockerfile.test",
"file_line_range": [
5,
5
],
"resource": "/Dockerfile.test.RUN",
"evaluations": null,
"check_class": "checkov.common.graph.checks_infra.base_check",
"fixed_definition": null,
"entity_tags": null,
"caller_file_path": null,
"caller_file_line_range": null,
"resource_address": null,
"severity": null,
"bc_category": null,
"benchmarks": null,
"description": null,
"short_description": null,
"vulnerability_details": null,
"connected_node": null,
"guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-dont-use-sudo",
"details": [],
"check_len": null,
"definition_context_file_path": null
},
{
"check_id": "CKV2_DOCKER_1",
"bc_check_id": null,
"check_name": "Ensure that sudo isn't used",
"check_result": {
"result": "PASSED",
"entity": {
"block_name_": "RUN",
"block_type_": "resource",
"file_path_": "/Dockerfile.test",
"config_": {
"content": "RUN npm install\n",
"value": "npm install",
"__startline__": 10,
"__endline__": 10
},
"label_": "resource: RUN",
"id_": "RUN",
"source_": "Dockerfile",
"content": "RUN npm install\n",
"value": "npm install",
"__startline__": 10,
"__endline__": 10,
"resource_type": "RUN",
"hash": "fb809e4860a3131df821aea9480445cc6e2f66dd52744dab5f3d2ef5b2848436"
},
"evaluated_keys": [
"value"
]
},
"code_block": [
[
11,
"RUN npm install\n"
]
],
"file_path": "/Dockerfile.test",
"file_abs_path": "/scan/Dockerfile.test",
"repo_file_path": "/Dockerfile.test",
"file_line_range": [
11,
11
],
"resource": "/Dockerfile.test.RUN",
"evaluations": null,
"check_class": "checkov.common.graph.checks_infra.base_check",
"fixed_definition": null,
"entity_tags": null,
"caller_file_path": null,
"caller_file_line_range": null,
"resource_address": null,
"severity": null,
"bc_category": null,
"benchmarks": null,
"description": null,
"short_description": null,
"vulnerability_details": null,
"connected_node": null,
"guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-dont-use-sudo",
"details": [],
"check_len": null,
"definition_context_file_path": null
},
{
"check_id": "CKV2_DOCKER_1",
"bc_check_id": null,
"check_name": "Ensure that sudo isn't used",
"check_result": {
"result": "PASSED",
"entity": {
"block_name_": "RUN",
"block_type_": "resource",
"file_path_": "/Dockerfile.dev",
"config_": {
"content": "RUN npm install -g npm@10.5.0 --no-fund --no-audit\n",
"value": "npm install -g npm@10.5.0 --no-fund --no-audit",
"__startline__": 4,
"__endline__": 4
},
"label_": "resource: RUN",
"id_": "RUN",
"source_": "Dockerfile",
"content": "RUN npm install -g npm@10.5.0 --no-fund --no-audit\n",
"value": "npm install -g npm@10.5.0 --no-fund --no-audit",
"__startline__": 4,
"__endline__": 4,
"resource_type": "RUN",
"hash": "435bba968d1d0b4c410ea33851637829a16b2ad878f0b9531a737c7a444f91b9"
},
"evaluated_keys": [
"value"
]
},
"code_block": [
[
5,
"RUN npm install -g npm@10.5.0 --no-fund --no-audit\n"
]
],
"file_path": "/Dockerfile.dev",
"file_abs_path": "/scan/Dockerfile.dev",
"repo_file_path": "/Dockerfile.dev",
"file_line_range": [
5,
5
],
"resource": "/Dockerfile.dev.RUN",
"evaluations": null,
"check_class": "checkov.common.graph.checks_infra.base_check",
"fixed_definition": null,
"entity_tags": null,
"caller_file_path": null,
"caller_file_line_range": null,
"resource_address": null,
"severity": null,
"bc_category": null,
"benchmarks": null,
"description": null,
"short_description": null,
"vulnerability_details": null,
"connected_node": null,
"guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-dont-use-sudo",
"details": [],
"check_len": null,
"definition_context_file_path": null
},
{
"check_id": "CKV2_DOCKER_1",
"bc_check_id": null,
"check_name": "Ensure that sudo isn't used",
"check_result": {
"result": "PASSED",
"entity": {
"block_name_": "RUN",
"block_type_": "resource",
"file_path_": "/Dockerfile.dev",
"config_": {
"content": "RUN npm ci --no-fund --no-audit\n",
"value": "npm ci --no-fund --no-audit",
"__startline__": 10,
"__endline__": 10
},
"label_": "resource: RUN",
"id_": "RUN",
"source_": "Dockerfile",
"content": "RUN npm ci --no-fund --no-audit\n",
"value": "npm ci --no-fund --no-audit",
"__startline__": 10,
"__endline__": 10,
"resource_type": "RUN",
"hash": "57abb1bbe03890ab19f47e5f96b9cbcee02aab65f6980d523df42faf41b709fa"
},
"evaluated_keys": [
"value"
]
},
"code_block": [
[
11,
"RUN npm ci --no-fund --no-audit\n"
]
],
"file_path": "/Dockerfile.dev",
"file_abs_path": "/scan/Dockerfile.dev",
"repo_file_path": "/Dockerfile.dev",
"file_line_range": [
11,
11
],
"resource": "/Dockerfile.dev.RUN",
"evaluations": null,
"check_class": "checkov.common.graph.checks_infra.base_check",
"fixed_definition": null,
"entity_tags": null,
"caller_file_path": null,
"caller_file_line_range": null,
"resource_address": null,
"severity": null,
"bc_category": null,
"benchmarks": null,
"description": null,
"short_description": null,
"vulnerability_details": null,
"connected_node": null,
"guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-dont-use-sudo",
"details": [],
"check_len": null,
"definition_context_file_path": null
},
{
"check_id": "CKV2_DOCKER_16",
"bc_check_id": null,
"check_name": "Ensure that certificate validation isn't disabled with pip via the 'PIP_TRUSTED_HOST' environment variable",
"check_result": {
"result": "PASSED",
"entity": {
"block_name_": "RUN",
"block_type_": "resource",
"file_path_": "/Dockerfile.production",
"config_": {
"content": "RUN corepack enable && corepack prepare npm@10.5.0 --activate\n",
"value": "corepack enable && corepack prepare npm@10.5.0 --activate",
"__startline__": 4,
"__endline__": 4
},
"label_": "resource: RUN",
"id_": "RUN",
"source_": "Dockerfile",
"content": "RUN corepack enable && corepack prepare npm@10.5.0 --activate\n",
"value": "corepack enable && corepack prepare npm@10.5.0 --activate",
"__startline__": 4,
"__endline__": 4,
"resource_type": "RUN",
"hash": "dbd32b6bad6b728919787011f82d60c50d7b2d1c079f814de2b1640696c98816"
},
"evaluated_keys": [
"value"
]
},
"code_block": [
[
5,
"RUN corepack enable && corepack prepare npm@10.5.0 --activate\n"
]
],
"file_path": "/Dockerfile.production",
"file_abs_path": "/scan/Dockerfile.production",
"repo_file_path": "/Dockerfile.production",
"file_line_range": [
5,
5
],
"resource": "/Dockerfile.production.RUN",
"evaluations": null,
"check_class": "checkov.common.graph.checks_infra.base_check",
"fixed_definition": null,
"entity_tags": null,
"caller_file_path": null,
"caller_file_line_range": null,
"resource_address": null,
"severity": null,
"bc_category": null,
"benchmarks": null,
"description": null,
"short_description": null,
"vulnerability_details": null,
"connected_node": null,
"guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-pip-trusted-host",
"details": [],
"check_len": null,
"definition_context_file_path": null
},
{
"check_id": "CKV2_DOCKER_16",
"bc_check_id": null,
"check_name": "Ensure that certificate validation isn't disabled with pip via the 'PIP_TRUSTED_HOST' environment variable",
"check_result": {
"result": "PASSED",
"entity": {
"block_name_": "RUN",
"block_type_": "resource",
"file_path_": "/Dockerfile.production",
"config_": {
"content": "RUN npm install\n",
"value": "npm install",
"__startline__": 20,
"__endline__": 20
},
"label_": "resource: RUN",
"id_": "RUN",
"source_": "Dockerfile",
"content": "RUN npm install\n",
"value": "npm install",
"__startline__": 20,
"__endline__": 20,
"resource_type": "RUN",
"hash": "6979b14e6a853ac150ffef85c5e28fd49c956054ea2cb1d01440e13b17260c4a"
},
"evaluated_keys": [
"value"
]
},
"code_block": [
[
21,
"RUN npm install\n"
]
],
"file_path": "/Dockerfile.production",
"file_abs_path": "/scan/Dockerfile.production",
"repo_file_path": "/Dockerfile.production",
"file_line_range": [
21,
21
],
"resource": "/Dockerfile.production.RUN",
"evaluations": null,
"check_class": "checkov.common.graph.checks_infra.base_check",
"fixed_definition": null,
"entity_tags": null,
"caller_file_path": null,
"caller_file_line_range": null,
"resource_address": null,
"severity": null,
"bc_category": null,
"benchmarks": null,
"description": null,
"short_description": null,
"vulnerability_details": null,
"connected_node": null,
"guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-pip-trusted-host",
"details": [],
"check_len": null,
"definition_context_file_path": null
},
{
"check_id": "CKV2_DOCKER_16",
"bc_check_id": null,
"check_name": "Ensure that certificate validation isn't disabled with pip via the 'PIP_TRUSTED_HOST' environment variable",
"check_result": {
"result": "PASSED",
"entity": {
"block_name_": "RUN",
"block_type_": "resource",
"file_path_": "/Dockerfile.production",
"config_": {
"content": "RUN npm run db:generate\n",
"value": "npm run db:generate",
"__startline__": 21,
"__endline__": 21
},
"label_": "resource: RUN",
"id_": "RUN",
"source_": "Dockerfile",
"content": "RUN npm run db:generate\n",
"value": "npm run db:generate",
"__startline__": 21,
"__endline__": 21,
"resource_type": "RUN",
"hash": "c1f9cc0c42260bb0183d7e7b9ec2edab99837111ad42dbbdd7fad09ff3e37ab0"
},
"evaluated_keys": [
"value"
]
},
"code_block": [
[
22,
"RUN npm run db:generate\n"
]
],
"file_path": "/Dockerfile.production",
"file_abs_path": "/scan/Dockerfile.production",
"repo_file_path": "/Dockerfile.production",
"file_line_range": [
22,
22
],
"resource": "/Dockerfile.production.RUN",
"evaluations": null,
"check_class": "checkov.common.graph.checks_infra.base_check",
"fixed_definition": null,
"entity_tags": null,
"caller_file_path": null,
"caller_file_line_range": null,
"resource_address": null,
"severity": null,
"bc_category": null,
"benchmarks": null,
"description": null,
"short_description": null,
"vulnerability_details": null,
"connected_node": null,
"guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-pip-trusted-host",
"details": [],
"check_len": null,
"definition_context_file_path": null
},
{
"check_id": "CKV2_DOCKER_16",
"bc_check_id": null,
"check_name": "Ensure that certificate validation isn't disabled with pip via the 'PIP_TRUSTED_HOST' environment variable",
"check_result": {
"result": "PASSED",
"entity": {
"block_name_": "RUN",
"block_type_": "resource",
"file_path_": "/Dockerfile.production",
"config_": {
"content": "RUN npm run build\n",
"value": "npm run build",
"__startline__": 22,
"__endline__": 22
},
"label_": "resource: RUN",
"id_": "RUN",
"source_": "Dockerfile",
"content": "RUN npm run build\n",
"value": "npm run build",
"__startline__": 22,
"__endline__": 22,
"resource_type": "RUN",
"hash": "1bf185fb6038f1b491f2a2686de4dd9869ccdd9c3e34d2772cf43bd368377aa6"
},
"evaluated_keys": [
"value"
]
},
"code_block": [
[
23,
"RUN npm run build\n"
]
],
"file_path": "/Dockerfile.production",
"file_abs_path": "/scan/Dockerfile.production",
"repo_file_path": "/Dockerfile.production",
"file_line_range": [
23,
23
],
"resource": "/Dockerfile.production.RUN",
"evaluations": null,
"check_class": "checkov.common.graph.checks_infra.base_check",
"fixed_definition": null,
"entity_tags": null,
"caller_file_path": null,
"caller_file_line_range": null,
"resource_address": null,
"severity": null,
"bc_category": null,
"benchmarks": null,
"description": null,
"short_description": null,
"vulnerability_details": null,
"connected_node": null,
"guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-pip-trusted-host",
"details": [],
"check_len": null,
"definition_context_file_path": null
},
{
"check_id": "CKV2_DOCKER_16",
"bc_check_id": null,
"check_name": "Ensure that certificate validation isn't disabled with pip via the 'PIP_TRUSTED_HOST' environment variable",
"check_result": {
"result": "PASSED",
"entity": {
"block_name_": "RUN",
"block_type_": "resource",
"file_path_": "/Dockerfile.production",
"config_": {
"content": "RUN corepack enable && corepack prepare npm@10.5.0 --activate\n",
"value": "corepack enable && corepack prepare npm@10.5.0 --activate",
"__startline__": 30,
"__endline__": 30
},
"label_": "resource: RUN",
"id_": "RUN",
"source_": "Dockerfile",
"content": "RUN corepack enable && corepack prepare npm@10.5.0 --activate\n",
"value": "corepack enable && corepack prepare npm@10.5.0 --activate",
"__startline__": 30,
"__endline__": 30,
"resource_type": "RUN",
"hash": "01c88e306f7db45ae7136e3bdb63c4b15978dd024f6ed18210961fc3db3df382"
},
"evaluated_keys": [
"value"
]
},
"code_block": [
[
31,
"RUN corepack enable && corepack prepare npm@10.5.0 --activate\n"
]
],
"file_path": "/Dockerfile.production",
"file_abs_path": "/scan/Dockerfile.production",
"repo_file_path": "/Dockerfile.production",
"file_line_range": [
31,
31
],
"resource": "/Dockerfile.production.RUN",
"evaluations": null,
"check_class": "checkov.common.graph.checks_infra.base_check",
"fixed_definition": null,
"entity_tags": null,
"caller_file_path": null,
"caller_file_line_range": null,
"resource_address": null,
"severity": null,
"bc_category": null,
"benchmarks": null,
"description": null,
"short_description": null,
"vulnerability_details": null,
"connected_node": null,
"guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-pip-trusted-host",
"details": [],
"check_len": null,
"definition_context_file_path": null
},
{
"check_id": "CKV2_DOCKER_16",
"bc_check_id": null,
"check_name": "Ensure that certificate validation isn't disabled with pip via the 'PIP_TRUSTED_HOST' environment variable",
"check_result": {
"result": "PASSED",
"entity": {
"block_name_": "ARG",
"block_type_": "resource",
"file_path_": "/Dockerfile.production",
"config_": {
"content": "ARG NEXT_PUBLIC_API_URL\n",
"value": "NEXT_PUBLIC_API_URL",
"__startline__": 11,
"__endline__": 11
},
"label_": "resource: ARG",
"id_": "ARG",
"source_": "Dockerfile",
"content": "ARG NEXT_PUBLIC_API_URL\n",
"value": "NEXT_PUBLIC_API_URL",
"__startline__": 11,
"__endline__": 11,
"resource_type": "ARG",
"hash": "fded00a21c81cd45d8985324636a2acafc73bef594a45811ca0d68265da3f9dc"
},
"evaluated_keys": [
"value"
]
},
"code_block": [
[
12,
"ARG NEXT_PUBLIC_API_URL\n"
]
],
"file_path": "/Dockerfile.production",
"file_abs_path": "/scan/Dockerfile.production",
"repo_file_path": "/Dockerfile.production",
"file_line_range": [
12,
12
],
"resource": "/Dockerfile.production.ARG",
"evaluations": null,
"check_class": "checkov.common.graph.checks_infra.base_check",
"fixed_definition": null,
"entity_tags": null,
"caller_file_path": null,
"caller_file_line_range": null,
"resource_address": null,
"severity": null,
"bc_category": null,
"benchmarks": null,
"description": null,
"short_description": null,
"vulnerability_details": null,
"connected_node": null,
"guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-pip-trusted-host",
"details": [],
"check_len": null,
"definition_context_file_path": null
},
{
"check_id": "CKV2_DOCKER_16",
"bc_check_id": null,
"check_name": "Ensure that certificate validation isn't disabled with pip via the 'PIP_TRUSTED_HOST' environment variable",
"check_result": {
"result": "PASSED",
"entity": {
"block_name_": "ARG",
"block_type_": "resource",
"file_path_": "/Dockerfile.production",
"config_": {
"content": "ARG NEXT_PUBLIC_MARKETPLACE_URL\n",
"value": "NEXT_PUBLIC_MARKETPLACE_URL",
"__startline__": 12,
"__endline__": 12
},
"label_": "resource: ARG",
"id_": "ARG",
"source_": "Dockerfile",
"content": "ARG NEXT_PUBLIC_MARKETPLACE_URL\n",
"value": "NEXT_PUBLIC_MARKETPLACE_URL",
"__startline__": 12,
"__endline__": 12,
"resource_type": "ARG",
"hash": "11d98758a432fc03021573afe4df769dc34ff0a4aec966f558b5e00c71c6cf3b"
},
"evaluated_keys": [
"value"
]
},
"code_block": [
[
13,
"ARG NEXT_PUBLIC_MARKETPLACE_URL\n"
]
],
"file_path": "/Dockerfile.production",
"file_abs_path": "/scan/Dockerfile.production",
"repo_file_path": "/Dockerfile.production",
"file_line_range": [
13,
13
],
"resource": "/Dockerfile.production.ARG",
"evaluations": null,
"check_class": "checkov.common.graph.checks_infra.base_check",
"fixed_definition": null,
"entity_tags": null,
"caller_file_path": null,
"caller_file_line_range": null,
"resource_address": null,
"severity": null,
"bc_category": null,
"benchmarks": null,
"description": null,
"short_description": null,
"vulnerability_details": null,
"connected_node": null,
"guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-pip-trusted-host",
"details": [],
"check_len": null,
"definition_context_file_path": null
},
{
"check_id": "CKV2_DOCKER_16",
"bc_check_id": null,
"check_name": "Ensure that certificate validation isn't disabled with pip via the 'PIP_TRUSTED_HOST' environment variable",
"check_result": {
"result": "PASSED",
"entity": {
"block_name_": "ARG",
"block_type_": "resource",
"file_path_": "/Dockerfile.production",
"config_": {
"content": "ARG NEXT_PUBLIC_DASHBOARD_URL\n",
"value": "NEXT_PUBLIC_DASHBOARD_URL",
"__startline__": 13,
"__endline__": 13
},
"label_": "resource: ARG",
"id_": "ARG",
"source_": "Dockerfile",
"content": "ARG NEXT_PUBLIC_DASHBOARD_URL\n",
"value": "NEXT_PUBLIC_DASHBOARD_URL",
"__startline__": 13,
"__endline__": 13,
"resource_type": "ARG",
"hash": "4075db881e0d222faeb86e03db8a05d9a998deab344c05aee0e89d2426e01383"
},
"evaluated_keys": [
"value"
]
},
"code_block": [
[
14,
"ARG NEXT_PUBLIC_DASHBOARD_URL\n"
]
],
"file_path": "/Dockerfile.production",
"file_abs_path": "/scan/Dockerfile.production",
"repo_file_path": "/Dockerfile.production",
"file_line_range": [
14,
14
],
"resource": "/Dockerfile.production.ARG",
"evaluations": null,
"check_class": "checkov.common.graph.checks_infra.base_check",
"fixed_definition": null,
"entity_tags": null,
"caller_file_path": null,
"caller_file_line_range": null,
"resource_address": null,
"severity": null,
"bc_category": null,
"benchmarks": null,
"description": null,
"short_description": null,
"vulnerability_details": null,
"connected_node": null,
"guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-pip-trusted-host",
"details": [],
"check_len": null,
"definition_context_file_path": null
},
{
"check_id": "CKV2_DOCKER_16",
"bc_check_id": null,
"check_name": "Ensure that certificate validation isn't disabled with pip via the 'PIP_TRUSTED_HOST' environment variable",
"check_result": {
"result": "PASSED",
"entity": {
"block_name_": "ARG",
"block_type_": "resource",
"file_path_": "/Dockerfile.production",
"config_": {
"content": "ARG NEXT_PUBLIC_ADMIN_URL\n",
"value": "NEXT_PUBLIC_ADMIN_URL",
"__startline__": 14,
"__endline__": 14
},
"label_": "resource: ARG",
"id_": "ARG",
"source_": "Dockerfile",
"content": "ARG NEXT_PUBLIC_ADMIN_URL\n",
"value": "NEXT_PUBLIC_ADMIN_URL",
"__startline__": 14,
"__endline__": 14,
"resource_type": "ARG",
"hash": "a4c9bf1c4e349946074fb4c606d0db63c06a809d125e58ddd09427e4d929fd6a"
},
"evaluated_keys": [
"value"
]
},
"code_block": [
[
15,
"ARG NEXT_PUBLIC_ADMIN_URL\n"
]
],
"file_path": "/Dockerfile.production",
"file_abs_path": "/scan/Dockerfile.production",
"repo_file_path": "/Dockerfile.production",
"file_line_range": [
15,
15
],
"resource": "/Dockerfile.production.ARG",
"evaluations": null,
"check_class": "checkov.common.graph.checks_infra.base_check",
"fixed_definition": null,
"entity_tags": null,
"caller_file_path": null,
"caller_file_line_range": null,
"resource_address": null,
"severity": null,
"bc_category": null,
"benchmarks": null,
"description": null,
"short_description": null,
"vulnerability_details": null,
"connected_node": null,
"guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-pip-trusted-host",
"details": [],
"check_len": null,
"definition_context_file_path": null
},
{
"check_id": "CKV2_DOCKER_16",
"bc_check_id": null,
"check_name": "Ensure that certificate validation isn't disabled with pip via the 'PIP_TRUSTED_HOST' environment variable",
"check_result": {
"result": "PASSED",
"entity": {
"block_name_": "ENV",
"block_type_": "resource",
"file_path_": "/Dockerfile.production",
"config_": {
"content": "ENV NEXT_PUBLIC_API_URL=$NEXT_PUBLIC_API_URL \\\n NEXT_PUBLIC_MARKETPLACE_URL=$NEXT_PUBLIC_MARKETPLACE_URL \\\n NEXT_PUBLIC_DASHBOARD_URL=$NEXT_PUBLIC_DASHBOARD_URL \\\n NEXT_PUBLIC_ADMIN_URL=$NEXT_PUBLIC_ADMIN_URL\n",
"value": "NEXT_PUBLIC_API_URL=$NEXT_PUBLIC_API_URL NEXT_PUBLIC_MARKETPLACE_URL=$NEXT_PUBLIC_MARKETPLACE_URL NEXT_PUBLIC_DASHBOARD_URL=$NEXT_PUBLIC_DASHBOARD_URL NEXT_PUBLIC_ADMIN_URL=$NEXT_PUBLIC_ADMIN_URL",
"__startline__": 15,
"__endline__": 18
},
"label_": "resource: ENV",
"id_": "ENV",
"source_": "Dockerfile",
"content": "ENV NEXT_PUBLIC_API_URL=$NEXT_PUBLIC_API_URL \\\n NEXT_PUBLIC_MARKETPLACE_URL=$NEXT_PUBLIC_MARKETPLACE_URL \\\n NEXT_PUBLIC_DASHBOARD_URL=$NEXT_PUBLIC_DASHBOARD_URL \\\n NEXT_PUBLIC_ADMIN_URL=$NEXT_PUBLIC_ADMIN_URL\n",
"value": "NEXT_PUBLIC_API_URL=$NEXT_PUBLIC_API_URL NEXT_PUBLIC_MARKETPLACE_URL=$NEXT_PUBLIC_MARKETPLACE_URL NEXT_PUBLIC_DASHBOARD_URL=$NEXT_PUBLIC_DASHBOARD_URL NEXT_PUBLIC_ADMIN_URL=$NEXT_PUBLIC_ADMIN_URL",
"__startline__": 15,
"__endline__": 18,
"resource_type": "ENV",
"hash": "65abe3eb0aadfa3b1ed513b9e21f4f8c4524ec8c298e7123de46806870b90557"
},
"evaluated_keys": [
"value"
]
},
"code_block": [
[
16,
"ENV NEXT_PUBLIC_API_URL=$NEXT_PUBLIC_API_URL \\\n"
],
[
17,
" NEXT_PUBLIC_MARKETPLACE_URL=$NEXT_PUBLIC_MARKETPLACE_URL \\\n"
],
[
18,
" NEXT_PUBLIC_DASHBOARD_URL=$NEXT_PUBLIC_DASHBOARD_URL \\\n"
],
[
19,
" NEXT_PUBLIC_ADMIN_URL=$NEXT_PUBLIC_ADMIN_URL\n"
]
],
"file_path": "/Dockerfile.production",
"file_abs_path": "/scan/Dockerfile.production",
"repo_file_path": "/Dockerfile.production",
"file_line_range": [
16,
19
],
"resource": "/Dockerfile.production.ENV",
"evaluations": null,
"check_class": "checkov.common.graph.checks_infra.base_check",
"fixed_definition": null,
"entity_tags": null,
"caller_file_path": null,
"caller_file_line_range": null,
"resource_address": null,
"severity": null,
"bc_category": null,
"benchmarks": null,
"description": null,
"short_description": null,
"vulnerability_details": null,
"connected_node": null,
"guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-pip-trusted-host",
"details": [],
"check_len": null,
"definition_context_file_path": null
},
{
"check_id": "CKV2_DOCKER_16",
"bc_check_id": null,
"check_name": "Ensure that certificate validation isn't disabled with pip via the 'PIP_TRUSTED_HOST' environment variable",
"check_result": {
"result": "PASSED",
"entity": {
"block_name_": "ENV",
"block_type_": "resource",
"file_path_": "/Dockerfile.production",
"config_": {
"content": "ENV NODE_ENV=production\n",
"value": "NODE_ENV=production",
"__startline__": 28,
"__endline__": 28
},
"label_": "resource: ENV",
"id_": "ENV",
"source_": "Dockerfile",
"content": "ENV NODE_ENV=production\n",
"value": "NODE_ENV=production",
"__startline__": 28,
"__endline__": 28,
"resource_type": "ENV",
"hash": "5a6afcff0e4c111b04ace6d372feb2943096034796456739be650482e87f3e0e"
},
"evaluated_keys": [
"value"
]
},
"code_block": [
[
29,
"ENV NODE_ENV=production\n"
]
],
"file_path": "/Dockerfile.production",
"file_abs_path": "/scan/Dockerfile.production",
"repo_file_path": "/Dockerfile.production",
"file_line_range": [
29,
29
],
"resource": "/Dockerfile.production.ENV",
"evaluations": null,
"check_class": "checkov.common.graph.checks_infra.base_check",
"fixed_definition": null,
"entity_tags": null,
"caller_file_path": null,
"caller_file_line_range": null,
"resource_address": null,
"severity": null,
"bc_category": null,
"benchmarks": null,
"description": null,
"short_description": null,
"vulnerability_details": null,
"connected_node": null,
"guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-pip-trusted-host",
"details": [],
"check_len": null,
"definition_context_file_path": null
},
{
"check_id": "CKV2_DOCKER_16",
"bc_check_id": null,
"check_name": "Ensure that certificate validation isn't disabled with pip via the 'PIP_TRUSTED_HOST' environment variable",
"check_result": {
"result": "PASSED",
"entity": {
"block_name_": "RUN",
"block_type_": "resource",
"file_path_": "/Dockerfile.test",
"config_": {
"content": "RUN corepack enable && corepack prepare npm@10.5.0 --activate\n",
"value": "corepack enable && corepack prepare npm@10.5.0 --activate",
"__startline__": 4,
"__endline__": 4
},
"label_": "resource: RUN",
"id_": "RUN",
"source_": "Dockerfile",
"content": "RUN corepack enable && corepack prepare npm@10.5.0 --activate\n",
"value": "corepack enable && corepack prepare npm@10.5.0 --activate",
"__startline__": 4,
"__endline__": 4,
"resource_type": "RUN",
"hash": "1d5fb0a211498b8baf37e5744578ad03459da7798534298981f23fdefb7eb757"
},
"evaluated_keys": [
"value"
]
},
"code_block": [
[
5,
"RUN corepack enable && corepack prepare npm@10.5.0 --activate\n"
]
],
"file_path": "/Dockerfile.test",
"file_abs_path": "/scan/Dockerfile.test",
"repo_file_path": "/Dockerfile.test",
"file_line_range": [
5,
5
],
"resource": "/Dockerfile.test.RUN",
"evaluations": null,
"check_class": "checkov.common.graph.checks_infra.base_check",
"fixed_definition": null,
"entity_tags": null,
"caller_file_path": null,
"caller_file_line_range": null,
"resource_address": null,
"severity": null,
"bc_category": null,
"benchmarks": null,
"description": null,
"short_description": null,
"vulnerability_details": null,
"connected_node": null,
"guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-pip-trusted-host",
"details": [],
"check_len": null,
"definition_context_file_path": null
},
{
"check_id": "CKV2_DOCKER_16",
"bc_check_id": null,
"check_name": "Ensure that certificate validation isn't disabled with pip via the 'PIP_TRUSTED_HOST' environment variable",
"check_result": {
"result": "PASSED",
"entity": {
"block_name_": "RUN",
"block_type_": "resource",
"file_path_": "/Dockerfile.test",
"config_": {
"content": "RUN npm install\n",
"value": "npm install",
"__startline__": 10,
"__endline__": 10
},
"label_": "resource: RUN",
"id_": "RUN",
"source_": "Dockerfile",
"content": "RUN npm install\n",
"value": "npm install",
"__startline__": 10,
"__endline__": 10,
"resource_type": "RUN",
"hash": "fb809e4860a3131df821aea9480445cc6e2f66dd52744dab5f3d2ef5b2848436"
},
"evaluated_keys": [
"value"
]
},
"code_block": [
[
11,
"RUN npm install\n"
]
],
"file_path": "/Dockerfile.test",
"file_abs_path": "/scan/Dockerfile.test",
"repo_file_path": "/Dockerfile.test",
"file_line_range": [
11,
11
],
"resource": "/Dockerfile.test.RUN",
"evaluations": null,
"check_class": "checkov.common.graph.checks_infra.base_check",
"fixed_definition": null,
"entity_tags": null,
"caller_file_path": null,
"caller_file_line_range": null,
"resource_address": null,
"severity": null,
"bc_category": null,
"benchmarks": null,
"description": null,
"short_description": null,
"vulnerability_details": null,
"connected_node": null,
"guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-pip-trusted-host",
"details": [],
"check_len": null,
"definition_context_file_path": null
},
{
"check_id": "CKV2_DOCKER_16",
"bc_check_id": null,
"check_name": "Ensure that certificate validation isn't disabled with pip via the 'PIP_TRUSTED_HOST' environment variable",
"check_result": {
"result": "PASSED",
"entity": {
"block_name_": "ENV",
"block_type_": "resource",
"file_path_": "/Dockerfile.test",
"config_": {
"content": "ENV NODE_ENV=test\n",
"value": "NODE_ENV=test",
"__startline__": 12,
"__endline__": 12
},
"label_": "resource: ENV",
"id_": "ENV",
"source_": "Dockerfile",
"content": "ENV NODE_ENV=test\n",
"value": "NODE_ENV=test",
"__startline__": 12,
"__endline__": 12,
"resource_type": "ENV",
"hash": "14d83a642c69d4cf67fcdbeb6dace7ba464024fdcad52f8129d63c78042457cb"
},
"evaluated_keys": [
"value"
]
},
"code_block": [
[
13,
"ENV NODE_ENV=test\n"
]
],
"file_path": "/Dockerfile.test",
"file_abs_path": "/scan/Dockerfile.test",
"repo_file_path": "/Dockerfile.test",
"file_line_range": [
13,
13
],
"resource": "/Dockerfile.test.ENV",
"evaluations": null,
"check_class": "checkov.common.graph.checks_infra.base_check",
"fixed_definition": null,
"entity_tags": null,
"caller_file_path": null,
"caller_file_line_range": null,
"resource_address": null,
"severity": null,
"bc_category": null,
"benchmarks": null,
"description": null,
"short_description": null,
"vulnerability_details": null,
"connected_node": null,
"guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-pip-trusted-host",
"details": [],
"check_len": null,
"definition_context_file_path": null
},
{
"check_id": "CKV2_DOCKER_16",
"bc_check_id": null,
"check_name": "Ensure that certificate validation isn't disabled with pip via the 'PIP_TRUSTED_HOST' environment variable",
"check_result": {
"result": "PASSED",
"entity": {
"block_name_": "RUN",
"block_type_": "resource",
"file_path_": "/Dockerfile.dev",
"config_": {
"content": "RUN npm install -g npm@10.5.0 --no-fund --no-audit\n",
"value": "npm install -g npm@10.5.0 --no-fund --no-audit",
"__startline__": 4,
"__endline__": 4
},
"label_": "resource: RUN",
"id_": "RUN",
"source_": "Dockerfile",
"content": "RUN npm install -g npm@10.5.0 --no-fund --no-audit\n",
"value": "npm install -g npm@10.5.0 --no-fund --no-audit",
"__startline__": 4,
"__endline__": 4,
"resource_type": "RUN",
"hash": "435bba968d1d0b4c410ea33851637829a16b2ad878f0b9531a737c7a444f91b9"
},
"evaluated_keys": [
"value"
]
},
"code_block": [
[
5,
"RUN npm install -g npm@10.5.0 --no-fund --no-audit\n"
]
],
"file_path": "/Dockerfile.dev",
"file_abs_path": "/scan/Dockerfile.dev",
"repo_file_path": "/Dockerfile.dev",
"file_line_range": [
5,
5
],
"resource": "/Dockerfile.dev.RUN",
"evaluations": null,
"check_class": "checkov.common.graph.checks_infra.base_check",
"fixed_definition": null,
"entity_tags": null,
"caller_file_path": null,
"caller_file_line_range": null,
"resource_address": null,
"severity": null,
"bc_category": null,
"benchmarks": null,
"description": null,
"short_description": null,
"vulnerability_details": null,
"connected_node": null,
"guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-pip-trusted-host",
"details": [],
"check_len": null,
"definition_context_file_path": null
},
{
"check_id": "CKV2_DOCKER_16",
"bc_check_id": null,
"check_name": "Ensure that certificate validation isn't disabled with pip via the 'PIP_TRUSTED_HOST' environment variable",
"check_result": {
"result": "PASSED",
"entity": {
"block_name_": "RUN",
"block_type_": "resource",
"file_path_": "/Dockerfile.dev",
"config_": {
"content": "RUN npm ci --no-fund --no-audit\n",
"value": "npm ci --no-fund --no-audit",
"__startline__": 10,
"__endline__": 10
},
"label_": "resource: RUN",
"id_": "RUN",
"source_": "Dockerfile",
"content": "RUN npm ci --no-fund --no-audit\n",
"value": "npm ci --no-fund --no-audit",
"__startline__": 10,
"__endline__": 10,
"resource_type": "RUN",
"hash": "57abb1bbe03890ab19f47e5f96b9cbcee02aab65f6980d523df42faf41b709fa"
},
"evaluated_keys": [
"value"
]
},
"code_block": [
[
11,
"RUN npm ci --no-fund --no-audit\n"
]
],
"file_path": "/Dockerfile.dev",
"file_abs_path": "/scan/Dockerfile.dev",
"repo_file_path": "/Dockerfile.dev",
"file_line_range": [
11,
11
],
"resource": "/Dockerfile.dev.RUN",
"evaluations": null,
"check_class": "checkov.common.graph.checks_infra.base_check",
"fixed_definition": null,
"entity_tags": null,
"caller_file_path": null,
"caller_file_line_range": null,
"resource_address": null,
"severity": null,
"bc_category": null,
"benchmarks": null,
"description": null,
"short_description": null,
"vulnerability_details": null,
"connected_node": null,
"guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-pip-trusted-host",
"details": [],
"check_len": null,
"definition_context_file_path": null
},
{
"check_id": "CKV2_DOCKER_5",
"bc_check_id": null,
"check_name": "Ensure that certificate validation isn't disabled with the PYTHONHTTPSVERIFY environment variable",
"check_result": {
"result": "PASSED",
"entity": {
"block_name_": "RUN",
"block_type_": "resource",
"file_path_": "/Dockerfile.production",
"config_": {
"content": "RUN corepack enable && corepack prepare npm@10.5.0 --activate\n",
"value": "corepack enable && corepack prepare npm@10.5.0 --activate",
"__startline__": 4,
"__endline__": 4
},
"label_": "resource: RUN",
"id_": "RUN",
"source_": "Dockerfile",
"content": "RUN corepack enable && corepack prepare npm@10.5.0 --activate\n",
"value": "corepack enable && corepack prepare npm@10.5.0 --activate",
"__startline__": 4,
"__endline__": 4,
"resource_type": "RUN",
"hash": "dbd32b6bad6b728919787011f82d60c50d7b2d1c079f814de2b1640696c98816"
},
"evaluated_keys": [
"value"
]
},
"code_block": [
[
5,
"RUN corepack enable && corepack prepare npm@10.5.0 --activate\n"
]
],
"file_path": "/Dockerfile.production",
"file_abs_path": "/scan/Dockerfile.production",
"repo_file_path": "/Dockerfile.production",
"file_line_range": [
5,
5
],
"resource": "/Dockerfile.production.RUN",
"evaluations": null,
"check_class": "checkov.common.graph.checks_infra.base_check",
"fixed_definition": null,
"entity_tags": null,
"caller_file_path": null,
"caller_file_line_range": null,
"resource_address": null,
"severity": null,
"bc_category": null,
"benchmarks": null,
"description": null,
"short_description": null,
"vulnerability_details": null,
"connected_node": null,
"guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-PYTHONHTTPSVERIFY-secure",
"details": [],
"check_len": null,
"definition_context_file_path": null
},
{
"check_id": "CKV2_DOCKER_5",
"bc_check_id": null,
"check_name": "Ensure that certificate validation isn't disabled with the PYTHONHTTPSVERIFY environment variable",
"check_result": {
"result": "PASSED",
"entity": {
"block_name_": "RUN",
"block_type_": "resource",
"file_path_": "/Dockerfile.production",
"config_": {
"content": "RUN npm install\n",
"value": "npm install",
"__startline__": 20,
"__endline__": 20
},
"label_": "resource: RUN",
"id_": "RUN",
"source_": "Dockerfile",
"content": "RUN npm install\n",
"value": "npm install",
"__startline__": 20,
"__endline__": 20,
"resource_type": "RUN",
"hash": "6979b14e6a853ac150ffef85c5e28fd49c956054ea2cb1d01440e13b17260c4a"
},
"evaluated_keys": [
"value"
]
},
"code_block": [
[
21,
"RUN npm install\n"
]
],
"file_path": "/Dockerfile.production",
"file_abs_path": "/scan/Dockerfile.production",
"repo_file_path": "/Dockerfile.production",
"file_line_range": [
21,
21
],
"resource": "/Dockerfile.production.RUN",
"evaluations": null,
"check_class": "checkov.common.graph.checks_infra.base_check",
"fixed_definition": null,
"entity_tags": null,
"caller_file_path": null,
"caller_file_line_range": null,
"resource_address": null,
"severity": null,
"bc_category": null,
"benchmarks": null,
"description": null,
"short_description": null,
"vulnerability_details": null,
"connected_node": null,
"guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-PYTHONHTTPSVERIFY-secure",
"details": [],
"check_len": null,
"definition_context_file_path": null
},
{
"check_id": "CKV2_DOCKER_5",
"bc_check_id": null,
"check_name": "Ensure that certificate validation isn't disabled with the PYTHONHTTPSVERIFY environment variable",
"check_result": {
"result": "PASSED",
"entity": {
"block_name_": "RUN",
"block_type_": "resource",
"file_path_": "/Dockerfile.production",
"config_": {
"content": "RUN npm run db:generate\n",
"value": "npm run db:generate",
"__startline__": 21,
"__endline__": 21
},
"label_": "resource: RUN",
"id_": "RUN",
"source_": "Dockerfile",
"content": "RUN npm run db:generate\n",
"value": "npm run db:generate",
"__startline__": 21,
"__endline__": 21,
"resource_type": "RUN",
"hash": "c1f9cc0c42260bb0183d7e7b9ec2edab99837111ad42dbbdd7fad09ff3e37ab0"
},
"evaluated_keys": [
"value"
]
},
"code_block": [
[
22,
"RUN npm run db:generate\n"
]
],
"file_path": "/Dockerfile.production",
"file_abs_path": "/scan/Dockerfile.production",
"repo_file_path": "/Dockerfile.production",
"file_line_range": [
22,
22
],
"resource": "/Dockerfile.production.RUN",
"evaluations": null,
"check_class": "checkov.common.graph.checks_infra.base_check",
"fixed_definition": null,
"entity_tags": null,
"caller_file_path": null,
"caller_file_line_range": null,
"resource_address": null,
"severity": null,
"bc_category": null,
"benchmarks": null,
"description": null,
"short_description": null,
"vulnerability_details": null,
"connected_node": null,
"guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-PYTHONHTTPSVERIFY-secure",
"details": [],
"check_len": null,
"definition_context_file_path": null
},
{
"check_id": "CKV2_DOCKER_5",
"bc_check_id": null,
"check_name": "Ensure that certificate validation isn't disabled with the PYTHONHTTPSVERIFY environment variable",
"check_result": {
"result": "PASSED",
"entity": {
"block_name_": "RUN",
"block_type_": "resource",
"file_path_": "/Dockerfile.production",
"config_": {
"content": "RUN npm run build\n",
"value": "npm run build",
"__startline__": 22,
"__endline__": 22
},
"label_": "resource: RUN",
"id_": "RUN",
"source_": "Dockerfile",
"content": "RUN npm run build\n",
"value": "npm run build",
"__startline__": 22,
"__endline__": 22,
"resource_type": "RUN",
"hash": "1bf185fb6038f1b491f2a2686de4dd9869ccdd9c3e34d2772cf43bd368377aa6"
},
"evaluated_keys": [
"value"
]
},
"code_block": [
[
23,
"RUN npm run build\n"
]
],
"file_path": "/Dockerfile.production",
"file_abs_path": "/scan/Dockerfile.production",
"repo_file_path": "/Dockerfile.production",
"file_line_range": [
23,
23
],
"resource": "/Dockerfile.production.RUN",
"evaluations": null,
"check_class": "checkov.common.graph.checks_infra.base_check",
"fixed_definition": null,
"entity_tags": null,
"caller_file_path": null,
"caller_file_line_range": null,
"resource_address": null,
"severity": null,
"bc_category": null,
"benchmarks": null,
"description": null,
"short_description": null,
"vulnerability_details": null,
"connected_node": null,
"guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-PYTHONHTTPSVERIFY-secure",
"details": [],
"check_len": null,
"definition_context_file_path": null
},
{
"check_id": "CKV2_DOCKER_5",
"bc_check_id": null,
"check_name": "Ensure that certificate validation isn't disabled with the PYTHONHTTPSVERIFY environment variable",
"check_result": {
"result": "PASSED",
"entity": {
"block_name_": "RUN",
"block_type_": "resource",
"file_path_": "/Dockerfile.production",
"config_": {
"content": "RUN corepack enable && corepack prepare npm@10.5.0 --activate\n",
"value": "corepack enable && corepack prepare npm@10.5.0 --activate",
"__startline__": 30,
"__endline__": 30
},
"label_": "resource: RUN",
"id_": "RUN",
"source_": "Dockerfile",
"content": "RUN corepack enable && corepack prepare npm@10.5.0 --activate\n",
"value": "corepack enable && corepack prepare npm@10.5.0 --activate",
"__startline__": 30,
"__endline__": 30,
"resource_type": "RUN",
"hash": "01c88e306f7db45ae7136e3bdb63c4b15978dd024f6ed18210961fc3db3df382"
},
"evaluated_keys": [
"value"
]
},
"code_block": [
[
31,
"RUN corepack enable && corepack prepare npm@10.5.0 --activate\n"
]
],
"file_path": "/Dockerfile.production",
"file_abs_path": "/scan/Dockerfile.production",
"repo_file_path": "/Dockerfile.production",
"file_line_range": [
31,
31
],
"resource": "/Dockerfile.production.RUN",
"evaluations": null,
"check_class": "checkov.common.graph.checks_infra.base_check",
"fixed_definition": null,
"entity_tags": null,
"caller_file_path": null,
"caller_file_line_range": null,
"resource_address": null,
"severity": null,
"bc_category": null,
"benchmarks": null,
"description": null,
"short_description": null,
"vulnerability_details": null,
"connected_node": null,
"guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-PYTHONHTTPSVERIFY-secure",
"details": [],
"check_len": null,
"definition_context_file_path": null
},
{
"check_id": "CKV2_DOCKER_5",
"bc_check_id": null,
"check_name": "Ensure that certificate validation isn't disabled with the PYTHONHTTPSVERIFY environment variable",
"check_result": {
"result": "PASSED",
"entity": {
"block_name_": "ARG",
"block_type_": "resource",
"file_path_": "/Dockerfile.production",
"config_": {
"content": "ARG NEXT_PUBLIC_API_URL\n",
"value": "NEXT_PUBLIC_API_URL",
"__startline__": 11,
"__endline__": 11
},
"label_": "resource: ARG",
"id_": "ARG",
"source_": "Dockerfile",
"content": "ARG NEXT_PUBLIC_API_URL\n",
"value": "NEXT_PUBLIC_API_URL",
"__startline__": 11,
"__endline__": 11,
"resource_type": "ARG",
"hash": "fded00a21c81cd45d8985324636a2acafc73bef594a45811ca0d68265da3f9dc"
},
"evaluated_keys": [
"value"
]
},
"code_block": [
[
12,
"ARG NEXT_PUBLIC_API_URL\n"
]
],
"file_path": "/Dockerfile.production",
"file_abs_path": "/scan/Dockerfile.production",
"repo_file_path": "/Dockerfile.production",
"file_line_range": [
12,
12
],
"resource": "/Dockerfile.production.ARG",
"evaluations": null,
"check_class": "checkov.common.graph.checks_infra.base_check",
"fixed_definition": null,
"entity_tags": null,
"caller_file_path": null,
"caller_file_line_range": null,
"resource_address": null,
"severity": null,
"bc_category": null,
"benchmarks": null,
"description": null,
"short_description": null,
"vulnerability_details": null,
"connected_node": null,
"guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-PYTHONHTTPSVERIFY-secure",
"details": [],
"check_len": null,
"definition_context_file_path": null
},
{
"check_id": "CKV2_DOCKER_5",
"bc_check_id": null,
"check_name": "Ensure that certificate validation isn't disabled with the PYTHONHTTPSVERIFY environment variable",
"check_result": {
"result": "PASSED",
"entity": {
"block_name_": "ARG",
"block_type_": "resource",
"file_path_": "/Dockerfile.production",
"config_": {
"content": "ARG NEXT_PUBLIC_MARKETPLACE_URL\n",
"value": "NEXT_PUBLIC_MARKETPLACE_URL",
"__startline__": 12,
"__endline__": 12
},
"label_": "resource: ARG",
"id_": "ARG",
"source_": "Dockerfile",
"content": "ARG NEXT_PUBLIC_MARKETPLACE_URL\n",
"value": "NEXT_PUBLIC_MARKETPLACE_URL",
"__startline__": 12,
"__endline__": 12,
"resource_type": "ARG",
"hash": "11d98758a432fc03021573afe4df769dc34ff0a4aec966f558b5e00c71c6cf3b"
},
"evaluated_keys": [
"value"
]
},
"code_block": [
[
13,
"ARG NEXT_PUBLIC_MARKETPLACE_URL\n"
]
],
"file_path": "/Dockerfile.production",
"file_abs_path": "/scan/Dockerfile.production",
"repo_file_path": "/Dockerfile.production",
"file_line_range": [
13,
13
],
"resource": "/Dockerfile.production.ARG",
"evaluations": null,
"check_class": "checkov.common.graph.checks_infra.base_check",
"fixed_definition": null,
"entity_tags": null,
"caller_file_path": null,
"caller_file_line_range": null,
"resource_address": null,
"severity": null,
"bc_category": null,
"benchmarks": null,
"description": null,
"short_description": null,
"vulnerability_details": null,
"connected_node": null,
"guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-PYTHONHTTPSVERIFY-secure",
"details": [],
"check_len": null,
"definition_context_file_path": null
},
{
"check_id": "CKV2_DOCKER_5",
"bc_check_id": null,
"check_name": "Ensure that certificate validation isn't disabled with the PYTHONHTTPSVERIFY environment variable",
"check_result": {
"result": "PASSED",
"entity": {
"block_name_": "ARG",
"block_type_": "resource",
"file_path_": "/Dockerfile.production",
"config_": {
"content": "ARG NEXT_PUBLIC_DASHBOARD_URL\n",
"value": "NEXT_PUBLIC_DASHBOARD_URL",
"__startline__": 13,
"__endline__": 13
},
"label_": "resource: ARG",
"id_": "ARG",
"source_": "Dockerfile",
"content": "ARG NEXT_PUBLIC_DASHBOARD_URL\n",
"value": "NEXT_PUBLIC_DASHBOARD_URL",
"__startline__": 13,
"__endline__": 13,
"resource_type": "ARG",
"hash": "4075db881e0d222faeb86e03db8a05d9a998deab344c05aee0e89d2426e01383"
},
"evaluated_keys": [
"value"
]
},
"code_block": [
[
14,
"ARG NEXT_PUBLIC_DASHBOARD_URL\n"
]
],
"file_path": "/Dockerfile.production",
"file_abs_path": "/scan/Dockerfile.production",
"repo_file_path": "/Dockerfile.production",
"file_line_range": [
14,
14
],
"resource": "/Dockerfile.production.ARG",
"evaluations": null,
"check_class": "checkov.common.graph.checks_infra.base_check",
"fixed_definition": null,
"entity_tags": null,
"caller_file_path": null,
"caller_file_line_range": null,
"resource_address": null,
"severity": null,
"bc_category": null,
"benchmarks": null,
"description": null,
"short_description": null,
"vulnerability_details": null,
"connected_node": null,
"guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-PYTHONHTTPSVERIFY-secure",
"details": [],
"check_len": null,
"definition_context_file_path": null
},
{
"check_id": "CKV2_DOCKER_5",
"bc_check_id": null,
"check_name": "Ensure that certificate validation isn't disabled with the PYTHONHTTPSVERIFY environment variable",
"check_result": {
"result": "PASSED",
"entity": {
"block_name_": "ARG",
"block_type_": "resource",
"file_path_": "/Dockerfile.production",
"config_": {
"content": "ARG NEXT_PUBLIC_ADMIN_URL\n",
"value": "NEXT_PUBLIC_ADMIN_URL",
"__startline__": 14,
"__endline__": 14
},
"label_": "resource: ARG",
"id_": "ARG",
"source_": "Dockerfile",
"content": "ARG NEXT_PUBLIC_ADMIN_URL\n",
"value": "NEXT_PUBLIC_ADMIN_URL",
"__startline__": 14,
"__endline__": 14,
"resource_type": "ARG",
"hash": "a4c9bf1c4e349946074fb4c606d0db63c06a809d125e58ddd09427e4d929fd6a"
},
"evaluated_keys": [
"value"
]
},
"code_block": [
[
15,
"ARG NEXT_PUBLIC_ADMIN_URL\n"
]
],
"file_path": "/Dockerfile.production",
"file_abs_path": "/scan/Dockerfile.production",
"repo_file_path": "/Dockerfile.production",
"file_line_range": [
15,
15
],
"resource": "/Dockerfile.production.ARG",
"evaluations": null,
"check_class": "checkov.common.graph.checks_infra.base_check",
"fixed_definition": null,
"entity_tags": null,
"caller_file_path": null,
"caller_file_line_range": null,
"resource_address": null,
"severity": null,
"bc_category": null,
"benchmarks": null,
"description": null,
"short_description": null,
"vulnerability_details": null,
"connected_node": null,
"guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-PYTHONHTTPSVERIFY-secure",
"details": [],
"check_len": null,
"definition_context_file_path": null
},
{
"check_id": "CKV2_DOCKER_5",
"bc_check_id": null,
"check_name": "Ensure that certificate validation isn't disabled with the PYTHONHTTPSVERIFY environment variable",
"check_result": {
"result": "PASSED",
"entity": {
"block_name_": "ENV",
"block_type_": "resource",
"file_path_": "/Dockerfile.production",
"config_": {
"content": "ENV NEXT_PUBLIC_API_URL=$NEXT_PUBLIC_API_URL \\\n NEXT_PUBLIC_MARKETPLACE_URL=$NEXT_PUBLIC_MARKETPLACE_URL \\\n NEXT_PUBLIC_DASHBOARD_URL=$NEXT_PUBLIC_DASHBOARD_URL \\\n NEXT_PUBLIC_ADMIN_URL=$NEXT_PUBLIC_ADMIN_URL\n",
"value": "NEXT_PUBLIC_API_URL=$NEXT_PUBLIC_API_URL NEXT_PUBLIC_MARKETPLACE_URL=$NEXT_PUBLIC_MARKETPLACE_URL NEXT_PUBLIC_DASHBOARD_URL=$NEXT_PUBLIC_DASHBOARD_URL NEXT_PUBLIC_ADMIN_URL=$NEXT_PUBLIC_ADMIN_URL",
"__startline__": 15,
"__endline__": 18
},
"label_": "resource: ENV",
"id_": "ENV",
"source_": "Dockerfile",
"content": "ENV NEXT_PUBLIC_API_URL=$NEXT_PUBLIC_API_URL \\\n NEXT_PUBLIC_MARKETPLACE_URL=$NEXT_PUBLIC_MARKETPLACE_URL \\\n NEXT_PUBLIC_DASHBOARD_URL=$NEXT_PUBLIC_DASHBOARD_URL \\\n NEXT_PUBLIC_ADMIN_URL=$NEXT_PUBLIC_ADMIN_URL\n",
"value": "NEXT_PUBLIC_API_URL=$NEXT_PUBLIC_API_URL NEXT_PUBLIC_MARKETPLACE_URL=$NEXT_PUBLIC_MARKETPLACE_URL NEXT_PUBLIC_DASHBOARD_URL=$NEXT_PUBLIC_DASHBOARD_URL NEXT_PUBLIC_ADMIN_URL=$NEXT_PUBLIC_ADMIN_URL",
"__startline__": 15,
"__endline__": 18,
"resource_type": "ENV",
"hash": "65abe3eb0aadfa3b1ed513b9e21f4f8c4524ec8c298e7123de46806870b90557"
},
"evaluated_keys": [
"value"
]
},
"code_block": [
[
16,
"ENV NEXT_PUBLIC_API_URL=$NEXT_PUBLIC_API_URL \\\n"
],
[
17,
" NEXT_PUBLIC_MARKETPLACE_URL=$NEXT_PUBLIC_MARKETPLACE_URL \\\n"
],
[
18,
" NEXT_PUBLIC_DASHBOARD_URL=$NEXT_PUBLIC_DASHBOARD_URL \\\n"
],
[
19,
" NEXT_PUBLIC_ADMIN_URL=$NEXT_PUBLIC_ADMIN_URL\n"
]
],
"file_path": "/Dockerfile.production",
"file_abs_path": "/scan/Dockerfile.production",
"repo_file_path": "/Dockerfile.production",
"file_line_range": [
16,
19
],
"resource": "/Dockerfile.production.ENV",
"evaluations": null,
"check_class": "checkov.common.graph.checks_infra.base_check",
"fixed_definition": null,
"entity_tags": null,
"caller_file_path": null,
"caller_file_line_range": null,
"resource_address": null,
"severity": null,
"bc_category": null,
"benchmarks": null,
"description": null,
"short_description": null,
"vulnerability_details": null,
"connected_node": null,
"guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-PYTHONHTTPSVERIFY-secure",
"details": [],
"check_len": null,
"definition_context_file_path": null
},
{
"check_id": "CKV2_DOCKER_5",
"bc_check_id": null,
"check_name": "Ensure that certificate validation isn't disabled with the PYTHONHTTPSVERIFY environment variable",
"check_result": {
"result": "PASSED",
"entity": {
"block_name_": "ENV",
"block_type_": "resource",
"file_path_": "/Dockerfile.production",
"config_": {
"content": "ENV NODE_ENV=production\n",
"value": "NODE_ENV=production",
"__startline__": 28,
"__endline__": 28
},
"label_": "resource: ENV",
"id_": "ENV",
"source_": "Dockerfile",
"content": "ENV NODE_ENV=production\n",
"value": "NODE_ENV=production",
"__startline__": 28,
"__endline__": 28,
"resource_type": "ENV",
"hash": "5a6afcff0e4c111b04ace6d372feb2943096034796456739be650482e87f3e0e"
},
"evaluated_keys": [
"value"
]
},
"code_block": [
[
29,
"ENV NODE_ENV=production\n"
]
],
"file_path": "/Dockerfile.production",
"file_abs_path": "/scan/Dockerfile.production",
"repo_file_path": "/Dockerfile.production",
"file_line_range": [
29,
29
],
"resource": "/Dockerfile.production.ENV",
"evaluations": null,
"check_class": "checkov.common.graph.checks_infra.base_check",
"fixed_definition": null,
"entity_tags": null,
"caller_file_path": null,
"caller_file_line_range": null,
"resource_address": null,
"severity": null,
"bc_category": null,
"benchmarks": null,
"description": null,
"short_description": null,
"vulnerability_details": null,
"connected_node": null,
"guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-PYTHONHTTPSVERIFY-secure",
"details": [],
"check_len": null,
"definition_context_file_path": null
},
{
"check_id": "CKV2_DOCKER_5",
"bc_check_id": null,
"check_name": "Ensure that certificate validation isn't disabled with the PYTHONHTTPSVERIFY environment variable",
"check_result": {
"result": "PASSED",
"entity": {
"block_name_": "RUN",
"block_type_": "resource",
"file_path_": "/Dockerfile.test",
"config_": {
"content": "RUN corepack enable && corepack prepare npm@10.5.0 --activate\n",
"value": "corepack enable && corepack prepare npm@10.5.0 --activate",
"__startline__": 4,
"__endline__": 4
},
"label_": "resource: RUN",
"id_": "RUN",
"source_": "Dockerfile",
"content": "RUN corepack enable && corepack prepare npm@10.5.0 --activate\n",
"value": "corepack enable && corepack prepare npm@10.5.0 --activate",
"__startline__": 4,
"__endline__": 4,
"resource_type": "RUN",
"hash": "1d5fb0a211498b8baf37e5744578ad03459da7798534298981f23fdefb7eb757"
},
"evaluated_keys": [
"value"
]
},
"code_block": [
[
5,
"RUN corepack enable && corepack prepare npm@10.5.0 --activate\n"
]
],
"file_path": "/Dockerfile.test",
"file_abs_path": "/scan/Dockerfile.test",
"repo_file_path": "/Dockerfile.test",
"file_line_range": [
5,
5
],
"resource": "/Dockerfile.test.RUN",
"evaluations": null,
"check_class": "checkov.common.graph.checks_infra.base_check",
"fixed_definition": null,
"entity_tags": null,
"caller_file_path": null,
"caller_file_line_range": null,
"resource_address": null,
"severity": null,
"bc_category": null,
"benchmarks": null,
"description": null,
"short_description": null,
"vulnerability_details": null,
"connected_node": null,
"guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-PYTHONHTTPSVERIFY-secure",
"details": [],
"check_len": null,
"definition_context_file_path": null
},
{
"check_id": "CKV2_DOCKER_5",
"bc_check_id": null,
"check_name": "Ensure that certificate validation isn't disabled with the PYTHONHTTPSVERIFY environment variable",
"check_result": {
"result": "PASSED",
"entity": {
"block_name_": "RUN",
"block_type_": "resource",
"file_path_": "/Dockerfile.test",
"config_": {
"content": "RUN npm install\n",
"value": "npm install",
"__startline__": 10,
"__endline__": 10
},
"label_": "resource: RUN",
"id_": "RUN",
"source_": "Dockerfile",
"content": "RUN npm install\n",
"value": "npm install",
"__startline__": 10,
"__endline__": 10,
"resource_type": "RUN",
"hash": "fb809e4860a3131df821aea9480445cc6e2f66dd52744dab5f3d2ef5b2848436"
},
"evaluated_keys": [
"value"
]
},
"code_block": [
[
11,
"RUN npm install\n"
]
],
"file_path": "/Dockerfile.test",
"file_abs_path": "/scan/Dockerfile.test",
"repo_file_path": "/Dockerfile.test",
"file_line_range": [
11,
11
],
"resource": "/Dockerfile.test.RUN",
"evaluations": null,
"check_class": "checkov.common.graph.checks_infra.base_check",
"fixed_definition": null,
"entity_tags": null,
"caller_file_path": null,
"caller_file_line_range": null,
"resource_address": null,
"severity": null,
"bc_category": null,
"benchmarks": null,
"description": null,
"short_description": null,
"vulnerability_details": null,
"connected_node": null,
"guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-PYTHONHTTPSVERIFY-secure",
"details": [],
"check_len": null,
"definition_context_file_path": null
},
{
"check_id": "CKV2_DOCKER_5",
"bc_check_id": null,
"check_name": "Ensure that certificate validation isn't disabled with the PYTHONHTTPSVERIFY environment variable",
"check_result": {
"result": "PASSED",
"entity": {
"block_name_": "ENV",
"block_type_": "resource",
"file_path_": "/Dockerfile.test",
"config_": {
"content": "ENV NODE_ENV=test\n",
"value": "NODE_ENV=test",
"__startline__": 12,
"__endline__": 12
},
"label_": "resource: ENV",
"id_": "ENV",
"source_": "Dockerfile",
"content": "ENV NODE_ENV=test\n",
"value": "NODE_ENV=test",
"__startline__": 12,
"__endline__": 12,
"resource_type": "ENV",
"hash": "14d83a642c69d4cf67fcdbeb6dace7ba464024fdcad52f8129d63c78042457cb"
},
"evaluated_keys": [
"value"
]
},
"code_block": [
[
13,
"ENV NODE_ENV=test\n"
]
],
"file_path": "/Dockerfile.test",
"file_abs_path": "/scan/Dockerfile.test",
"repo_file_path": "/Dockerfile.test",
"file_line_range": [
13,
13
],
"resource": "/Dockerfile.test.ENV",
"evaluations": null,
"check_class": "checkov.common.graph.checks_infra.base_check",
"fixed_definition": null,
"entity_tags": null,
"caller_file_path": null,
"caller_file_line_range": null,
"resource_address": null,
"severity": null,
"bc_category": null,
"benchmarks": null,
"description": null,
"short_description": null,
"vulnerability_details": null,
"connected_node": null,
"guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-PYTHONHTTPSVERIFY-secure",
"details": [],
"check_len": null,
"definition_context_file_path": null
},
{
"check_id": "CKV2_DOCKER_5",
"bc_check_id": null,
"check_name": "Ensure that certificate validation isn't disabled with the PYTHONHTTPSVERIFY environment variable",
"check_result": {
"result": "PASSED",
"entity": {
"block_name_": "RUN",
"block_type_": "resource",
"file_path_": "/Dockerfile.dev",
"config_": {
"content": "RUN npm install -g npm@10.5.0 --no-fund --no-audit\n",
"value": "npm install -g npm@10.5.0 --no-fund --no-audit",
"__startline__": 4,
"__endline__": 4
},
"label_": "resource: RUN",
"id_": "RUN",
"source_": "Dockerfile",
"content": "RUN npm install -g npm@10.5.0 --no-fund --no-audit\n",
"value": "npm install -g npm@10.5.0 --no-fund --no-audit",
"__startline__": 4,
"__endline__": 4,
"resource_type": "RUN",
"hash": "435bba968d1d0b4c410ea33851637829a16b2ad878f0b9531a737c7a444f91b9"
},
"evaluated_keys": [
"value"
]
},
"code_block": [
[
5,
"RUN npm install -g npm@10.5.0 --no-fund --no-audit\n"
]
],
"file_path": "/Dockerfile.dev",
"file_abs_path": "/scan/Dockerfile.dev",
"repo_file_path": "/Dockerfile.dev",
"file_line_range": [
5,
5
],
"resource": "/Dockerfile.dev.RUN",
"evaluations": null,
"check_class": "checkov.common.graph.checks_infra.base_check",
"fixed_definition": null,
"entity_tags": null,
"caller_file_path": null,
"caller_file_line_range": null,
"resource_address": null,
"severity": null,
"bc_category": null,
"benchmarks": null,
"description": null,
"short_description": null,
"vulnerability_details": null,
"connected_node": null,
"guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-PYTHONHTTPSVERIFY-secure",
"details": [],
"check_len": null,
"definition_context_file_path": null
},
{
"check_id": "CKV2_DOCKER_5",
"bc_check_id": null,
"check_name": "Ensure that certificate validation isn't disabled with the PYTHONHTTPSVERIFY environment variable",
"check_result": {
"result": "PASSED",
"entity": {
"block_name_": "RUN",
"block_type_": "resource",
"file_path_": "/Dockerfile.dev",
"config_": {
"content": "RUN npm ci --no-fund --no-audit\n",
"value": "npm ci --no-fund --no-audit",
"__startline__": 10,
"__endline__": 10
},
"label_": "resource: RUN",
"id_": "RUN",
"source_": "Dockerfile",
"content": "RUN npm ci --no-fund --no-audit\n",
"value": "npm ci --no-fund --no-audit",
"__startline__": 10,
"__endline__": 10,
"resource_type": "RUN",
"hash": "57abb1bbe03890ab19f47e5f96b9cbcee02aab65f6980d523df42faf41b709fa"
},
"evaluated_keys": [
"value"
]
},
"code_block": [
[
11,
"RUN npm ci --no-fund --no-audit\n"
]
],
"file_path": "/Dockerfile.dev",
"file_abs_path": "/scan/Dockerfile.dev",
"repo_file_path": "/Dockerfile.dev",
"file_line_range": [
11,
11
],
"resource": "/Dockerfile.dev.RUN",
"evaluations": null,
"check_class": "checkov.common.graph.checks_infra.base_check",
"fixed_definition": null,
"entity_tags": null,
"caller_file_path": null,
"caller_file_line_range": null,
"resource_address": null,
"severity": null,
"bc_category": null,
"benchmarks": null,
"description": null,
"short_description": null,
"vulnerability_details": null,
"connected_node": null,
"guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-PYTHONHTTPSVERIFY-secure",
"details": [],
"check_len": null,
"definition_context_file_path": null
},
{
"check_id": "CKV2_DOCKER_17",
"bc_check_id": null,
"check_name": "Ensure that 'chpasswd' is not used to set or remove passwords",
"check_result": {
"result": "PASSED",
"entity": {
"block_name_": "RUN",
"block_type_": "resource",
"file_path_": "/Dockerfile.production",
"config_": {
"content": "RUN corepack enable && corepack prepare npm@10.5.0 --activate\n",
"value": "corepack enable && corepack prepare npm@10.5.0 --activate",
"__startline__": 4,
"__endline__": 4
},
"label_": "resource: RUN",
"id_": "RUN",
"source_": "Dockerfile",
"content": "RUN corepack enable && corepack prepare npm@10.5.0 --activate\n",
"value": "corepack enable && corepack prepare npm@10.5.0 --activate",
"__startline__": 4,
"__endline__": 4,
"resource_type": "RUN",
"hash": "dbd32b6bad6b728919787011f82d60c50d7b2d1c079f814de2b1640696c98816"
},
"evaluated_keys": [
"value"
]
},
"code_block": [
[
5,
"RUN corepack enable && corepack prepare npm@10.5.0 --activate\n"
]
],
"file_path": "/Dockerfile.production",
"file_abs_path": "/scan/Dockerfile.production",
"repo_file_path": "/Dockerfile.production",
"file_line_range": [
5,
5
],
"resource": "/Dockerfile.production.RUN",
"evaluations": null,
"check_class": "checkov.common.graph.checks_infra.base_check",
"fixed_definition": null,
"entity_tags": null,
"caller_file_path": null,
"caller_file_line_range": null,
"resource_address": null,
"severity": null,
"bc_category": null,
"benchmarks": null,
"description": null,
"short_description": null,
"vulnerability_details": null,
"connected_node": null,
"guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/bc-docker-2-17",
"details": [],
"check_len": null,
"definition_context_file_path": null
},
{
"check_id": "CKV2_DOCKER_17",
"bc_check_id": null,
"check_name": "Ensure that 'chpasswd' is not used to set or remove passwords",
"check_result": {
"result": "PASSED",
"entity": {
"block_name_": "RUN",
"block_type_": "resource",
"file_path_": "/Dockerfile.production",
"config_": {
"content": "RUN npm install\n",
"value": "npm install",
"__startline__": 20,
"__endline__": 20
},
"label_": "resource: RUN",
"id_": "RUN",
"source_": "Dockerfile",
"content": "RUN npm install\n",
"value": "npm install",
"__startline__": 20,
"__endline__": 20,
"resource_type": "RUN",
"hash": "6979b14e6a853ac150ffef85c5e28fd49c956054ea2cb1d01440e13b17260c4a"
},
"evaluated_keys": [
"value"
]
},
"code_block": [
[
21,
"RUN npm install\n"
]
],
"file_path": "/Dockerfile.production",
"file_abs_path": "/scan/Dockerfile.production",
"repo_file_path": "/Dockerfile.production",
"file_line_range": [
21,
21
],
"resource": "/Dockerfile.production.RUN",
"evaluations": null,
"check_class": "checkov.common.graph.checks_infra.base_check",
"fixed_definition": null,
"entity_tags": null,
"caller_file_path": null,
"caller_file_line_range": null,
"resource_address": null,
"severity": null,
"bc_category": null,
"benchmarks": null,
"description": null,
"short_description": null,
"vulnerability_details": null,
"connected_node": null,
"guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/bc-docker-2-17",
"details": [],
"check_len": null,
"definition_context_file_path": null
},
{
"check_id": "CKV2_DOCKER_17",
"bc_check_id": null,
"check_name": "Ensure that 'chpasswd' is not used to set or remove passwords",
"check_result": {
"result": "PASSED",
"entity": {
"block_name_": "RUN",
"block_type_": "resource",
"file_path_": "/Dockerfile.production",
"config_": {
"content": "RUN npm run db:generate\n",
"value": "npm run db:generate",
"__startline__": 21,
"__endline__": 21
},
"label_": "resource: RUN",
"id_": "RUN",
"source_": "Dockerfile",
"content": "RUN npm run db:generate\n",
"value": "npm run db:generate",
"__startline__": 21,
"__endline__": 21,
"resource_type": "RUN",
"hash": "c1f9cc0c42260bb0183d7e7b9ec2edab99837111ad42dbbdd7fad09ff3e37ab0"
},
"evaluated_keys": [
"value"
]
},
"code_block": [
[
22,
"RUN npm run db:generate\n"
]
],
"file_path": "/Dockerfile.production",
"file_abs_path": "/scan/Dockerfile.production",
"repo_file_path": "/Dockerfile.production",
"file_line_range": [
22,
22
],
"resource": "/Dockerfile.production.RUN",
"evaluations": null,
"check_class": "checkov.common.graph.checks_infra.base_check",
"fixed_definition": null,
"entity_tags": null,
"caller_file_path": null,
"caller_file_line_range": null,
"resource_address": null,
"severity": null,
"bc_category": null,
"benchmarks": null,
"description": null,
"short_description": null,
"vulnerability_details": null,
"connected_node": null,
"guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/bc-docker-2-17",
"details": [],
"check_len": null,
"definition_context_file_path": null
},
{
"check_id": "CKV2_DOCKER_17",
"bc_check_id": null,
"check_name": "Ensure that 'chpasswd' is not used to set or remove passwords",
"check_result": {
"result": "PASSED",
"entity": {
"block_name_": "RUN",
"block_type_": "resource",
"file_path_": "/Dockerfile.production",
"config_": {
"content": "RUN npm run build\n",
"value": "npm run build",
"__startline__": 22,
"__endline__": 22
},
"label_": "resource: RUN",
"id_": "RUN",
"source_": "Dockerfile",
"content": "RUN npm run build\n",
"value": "npm run build",
"__startline__": 22,
"__endline__": 22,
"resource_type": "RUN",
"hash": "1bf185fb6038f1b491f2a2686de4dd9869ccdd9c3e34d2772cf43bd368377aa6"
},
"evaluated_keys": [
"value"
]
},
"code_block": [
[
23,
"RUN npm run build\n"
]
],
"file_path": "/Dockerfile.production",
"file_abs_path": "/scan/Dockerfile.production",
"repo_file_path": "/Dockerfile.production",
"file_line_range": [
23,
23
],
"resource": "/Dockerfile.production.RUN",
"evaluations": null,
"check_class": "checkov.common.graph.checks_infra.base_check",
"fixed_definition": null,
"entity_tags": null,
"caller_file_path": null,
"caller_file_line_range": null,
"resource_address": null,
"severity": null,
"bc_category": null,
"benchmarks": null,
"description": null,
"short_description": null,
"vulnerability_details": null,
"connected_node": null,
"guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/bc-docker-2-17",
"details": [],
"check_len": null,
"definition_context_file_path": null
},
{
"check_id": "CKV2_DOCKER_17",
"bc_check_id": null,
"check_name": "Ensure that 'chpasswd' is not used to set or remove passwords",
"check_result": {
"result": "PASSED",
"entity": {
"block_name_": "RUN",
"block_type_": "resource",
"file_path_": "/Dockerfile.production",
"config_": {
"content": "RUN corepack enable && corepack prepare npm@10.5.0 --activate\n",
"value": "corepack enable && corepack prepare npm@10.5.0 --activate",
"__startline__": 30,
"__endline__": 30
},
"label_": "resource: RUN",
"id_": "RUN",
"source_": "Dockerfile",
"content": "RUN corepack enable && corepack prepare npm@10.5.0 --activate\n",
"value": "corepack enable && corepack prepare npm@10.5.0 --activate",
"__startline__": 30,
"__endline__": 30,
"resource_type": "RUN",
"hash": "01c88e306f7db45ae7136e3bdb63c4b15978dd024f6ed18210961fc3db3df382"
},
"evaluated_keys": [
"value"
]
},
"code_block": [
[
31,
"RUN corepack enable && corepack prepare npm@10.5.0 --activate\n"
]
],
"file_path": "/Dockerfile.production",
"file_abs_path": "/scan/Dockerfile.production",
"repo_file_path": "/Dockerfile.production",
"file_line_range": [
31,
31
],
"resource": "/Dockerfile.production.RUN",
"evaluations": null,
"check_class": "checkov.common.graph.checks_infra.base_check",
"fixed_definition": null,
"entity_tags": null,
"caller_file_path": null,
"caller_file_line_range": null,
"resource_address": null,
"severity": null,
"bc_category": null,
"benchmarks": null,
"description": null,
"short_description": null,
"vulnerability_details": null,
"connected_node": null,
"guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/bc-docker-2-17",
"details": [],
"check_len": null,
"definition_context_file_path": null
},
{
"check_id": "CKV2_DOCKER_17",
"bc_check_id": null,
"check_name": "Ensure that 'chpasswd' is not used to set or remove passwords",
"check_result": {
"result": "PASSED",
"entity": {
"block_name_": "RUN",
"block_type_": "resource",
"file_path_": "/Dockerfile.test",
"config_": {
"content": "RUN corepack enable && corepack prepare npm@10.5.0 --activate\n",
"value": "corepack enable && corepack prepare npm@10.5.0 --activate",
"__startline__": 4,
"__endline__": 4
},
"label_": "resource: RUN",
"id_": "RUN",
"source_": "Dockerfile",
"content": "RUN corepack enable && corepack prepare npm@10.5.0 --activate\n",
"value": "corepack enable && corepack prepare npm@10.5.0 --activate",
"__startline__": 4,
"__endline__": 4,
"resource_type": "RUN",
"hash": "1d5fb0a211498b8baf37e5744578ad03459da7798534298981f23fdefb7eb757"
},
"evaluated_keys": [
"value"
]
},
"code_block": [
[
5,
"RUN corepack enable && corepack prepare npm@10.5.0 --activate\n"
]
],
"file_path": "/Dockerfile.test",
"file_abs_path": "/scan/Dockerfile.test",
"repo_file_path": "/Dockerfile.test",
"file_line_range": [
5,
5
],
"resource": "/Dockerfile.test.RUN",
"evaluations": null,
"check_class": "checkov.common.graph.checks_infra.base_check",
"fixed_definition": null,
"entity_tags": null,
"caller_file_path": null,
"caller_file_line_range": null,
"resource_address": null,
"severity": null,
"bc_category": null,
"benchmarks": null,
"description": null,
"short_description": null,
"vulnerability_details": null,
"connected_node": null,
"guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/bc-docker-2-17",
"details": [],
"check_len": null,
"definition_context_file_path": null
},
{
"check_id": "CKV2_DOCKER_17",
"bc_check_id": null,
"check_name": "Ensure that 'chpasswd' is not used to set or remove passwords",
"check_result": {
"result": "PASSED",
"entity": {
"block_name_": "RUN",
"block_type_": "resource",
"file_path_": "/Dockerfile.test",
"config_": {
"content": "RUN npm install\n",
"value": "npm install",
"__startline__": 10,
"__endline__": 10
},
"label_": "resource: RUN",
"id_": "RUN",
"source_": "Dockerfile",
"content": "RUN npm install\n",
"value": "npm install",
"__startline__": 10,
"__endline__": 10,
"resource_type": "RUN",
"hash": "fb809e4860a3131df821aea9480445cc6e2f66dd52744dab5f3d2ef5b2848436"
},
"evaluated_keys": [
"value"
]
},
"code_block": [
[
11,
"RUN npm install\n"
]
],
"file_path": "/Dockerfile.test",
"file_abs_path": "/scan/Dockerfile.test",
"repo_file_path": "/Dockerfile.test",
"file_line_range": [
11,
11
],
"resource": "/Dockerfile.test.RUN",
"evaluations": null,
"check_class": "checkov.common.graph.checks_infra.base_check",
"fixed_definition": null,
"entity_tags": null,
"caller_file_path": null,
"caller_file_line_range": null,
"resource_address": null,
"severity": null,
"bc_category": null,
"benchmarks": null,
"description": null,
"short_description": null,
"vulnerability_details": null,
"connected_node": null,
"guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/bc-docker-2-17",
"details": [],
"check_len": null,
"definition_context_file_path": null
},
{
"check_id": "CKV2_DOCKER_17",
"bc_check_id": null,
"check_name": "Ensure that 'chpasswd' is not used to set or remove passwords",
"check_result": {
"result": "PASSED",
"entity": {
"block_name_": "RUN",
"block_type_": "resource",
"file_path_": "/Dockerfile.dev",
"config_": {
"content": "RUN npm install -g npm@10.5.0 --no-fund --no-audit\n",
"value": "npm install -g npm@10.5.0 --no-fund --no-audit",
"__startline__": 4,
"__endline__": 4
},
"label_": "resource: RUN",
"id_": "RUN",
"source_": "Dockerfile",
"content": "RUN npm install -g npm@10.5.0 --no-fund --no-audit\n",
"value": "npm install -g npm@10.5.0 --no-fund --no-audit",
"__startline__": 4,
"__endline__": 4,
"resource_type": "RUN",
"hash": "435bba968d1d0b4c410ea33851637829a16b2ad878f0b9531a737c7a444f91b9"
},
"evaluated_keys": [
"value"
]
},
"code_block": [
[
5,
"RUN npm install -g npm@10.5.0 --no-fund --no-audit\n"
]
],
"file_path": "/Dockerfile.dev",
"file_abs_path": "/scan/Dockerfile.dev",
"repo_file_path": "/Dockerfile.dev",
"file_line_range": [
5,
5
],
"resource": "/Dockerfile.dev.RUN",
"evaluations": null,
"check_class": "checkov.common.graph.checks_infra.base_check",
"fixed_definition": null,
"entity_tags": null,
"caller_file_path": null,
"caller_file_line_range": null,
"resource_address": null,
"severity": null,
"bc_category": null,
"benchmarks": null,
"description": null,
"short_description": null,
"vulnerability_details": null,
"connected_node": null,
"guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/bc-docker-2-17",
"details": [],
"check_len": null,
"definition_context_file_path": null
},
{
"check_id": "CKV2_DOCKER_17",
"bc_check_id": null,
"check_name": "Ensure that 'chpasswd' is not used to set or remove passwords",
"check_result": {
"result": "PASSED",
"entity": {
"block_name_": "RUN",
"block_type_": "resource",
"file_path_": "/Dockerfile.dev",
"config_": {
"content": "RUN npm ci --no-fund --no-audit\n",
"value": "npm ci --no-fund --no-audit",
"__startline__": 10,
"__endline__": 10
},
"label_": "resource: RUN",
"id_": "RUN",
"source_": "Dockerfile",
"content": "RUN npm ci --no-fund --no-audit\n",
"value": "npm ci --no-fund --no-audit",
"__startline__": 10,
"__endline__": 10,
"resource_type": "RUN",
"hash": "57abb1bbe03890ab19f47e5f96b9cbcee02aab65f6980d523df42faf41b709fa"
},
"evaluated_keys": [
"value"
]
},
"code_block": [
[
11,
"RUN npm ci --no-fund --no-audit\n"
]
],
"file_path": "/Dockerfile.dev",
"file_abs_path": "/scan/Dockerfile.dev",
"repo_file_path": "/Dockerfile.dev",
"file_line_range": [
11,
11
],
"resource": "/Dockerfile.dev.RUN",
"evaluations": null,
"check_class": "checkov.common.graph.checks_infra.base_check",
"fixed_definition": null,
"entity_tags": null,
"caller_file_path": null,
"caller_file_line_range": null,
"resource_address": null,
"severity": null,
"bc_category": null,
"benchmarks": null,
"description": null,
"short_description": null,
"vulnerability_details": null,
"connected_node": null,
"guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/bc-docker-2-17",
"details": [],
"check_len": null,
"definition_context_file_path": null
},
{
"check_id": "CKV2_DOCKER_12",
"bc_check_id": null,
"check_name": "Ensure that certificate validation isn't disabled for npm via the 'NPM_CONFIG_STRICT_SSL' environment variable",
"check_result": {
"result": "PASSED",
"entity": {
"block_name_": "RUN",
"block_type_": "resource",
"file_path_": "/Dockerfile.production",
"config_": {
"content": "RUN corepack enable && corepack prepare npm@10.5.0 --activate\n",
"value": "corepack enable && corepack prepare npm@10.5.0 --activate",
"__startline__": 4,
"__endline__": 4
},
"label_": "resource: RUN",
"id_": "RUN",
"source_": "Dockerfile",
"content": "RUN corepack enable && corepack prepare npm@10.5.0 --activate\n",
"value": "corepack enable && corepack prepare npm@10.5.0 --activate",
"__startline__": 4,
"__endline__": 4,
"resource_type": "RUN",
"hash": "dbd32b6bad6b728919787011f82d60c50d7b2d1c079f814de2b1640696c98816"
},
"evaluated_keys": [
"value"
]
},
"code_block": [
[
5,
"RUN corepack enable && corepack prepare npm@10.5.0 --activate\n"
]
],
"file_path": "/Dockerfile.production",
"file_abs_path": "/scan/Dockerfile.production",
"repo_file_path": "/Dockerfile.production",
"file_line_range": [
5,
5
],
"resource": "/Dockerfile.production.RUN",
"evaluations": null,
"check_class": "checkov.common.graph.checks_infra.base_check",
"fixed_definition": null,
"entity_tags": null,
"caller_file_path": null,
"caller_file_line_range": null,
"resource_address": null,
"severity": null,
"bc_category": null,
"benchmarks": null,
"description": null,
"short_description": null,
"vulnerability_details": null,
"connected_node": null,
"guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-npm-strict-ssl",
"details": [],
"check_len": null,
"definition_context_file_path": null
},
{
"check_id": "CKV2_DOCKER_12",
"bc_check_id": null,
"check_name": "Ensure that certificate validation isn't disabled for npm via the 'NPM_CONFIG_STRICT_SSL' environment variable",
"check_result": {
"result": "PASSED",
"entity": {
"block_name_": "RUN",
"block_type_": "resource",
"file_path_": "/Dockerfile.production",
"config_": {
"content": "RUN npm install\n",
"value": "npm install",
"__startline__": 20,
"__endline__": 20
},
"label_": "resource: RUN",
"id_": "RUN",
"source_": "Dockerfile",
"content": "RUN npm install\n",
"value": "npm install",
"__startline__": 20,
"__endline__": 20,
"resource_type": "RUN",
"hash": "6979b14e6a853ac150ffef85c5e28fd49c956054ea2cb1d01440e13b17260c4a"
},
"evaluated_keys": [
"value"
]
},
"code_block": [
[
21,
"RUN npm install\n"
]
],
"file_path": "/Dockerfile.production",
"file_abs_path": "/scan/Dockerfile.production",
"repo_file_path": "/Dockerfile.production",
"file_line_range": [
21,
21
],
"resource": "/Dockerfile.production.RUN",
"evaluations": null,
"check_class": "checkov.common.graph.checks_infra.base_check",
"fixed_definition": null,
"entity_tags": null,
"caller_file_path": null,
"caller_file_line_range": null,
"resource_address": null,
"severity": null,
"bc_category": null,
"benchmarks": null,
"description": null,
"short_description": null,
"vulnerability_details": null,
"connected_node": null,
"guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-npm-strict-ssl",
"details": [],
"check_len": null,
"definition_context_file_path": null
},
{
"check_id": "CKV2_DOCKER_12",
"bc_check_id": null,
"check_name": "Ensure that certificate validation isn't disabled for npm via the 'NPM_CONFIG_STRICT_SSL' environment variable",
"check_result": {
"result": "PASSED",
"entity": {
"block_name_": "RUN",
"block_type_": "resource",
"file_path_": "/Dockerfile.production",
"config_": {
"content": "RUN npm run db:generate\n",
"value": "npm run db:generate",
"__startline__": 21,
"__endline__": 21
},
"label_": "resource: RUN",
"id_": "RUN",
"source_": "Dockerfile",
"content": "RUN npm run db:generate\n",
"value": "npm run db:generate",
"__startline__": 21,
"__endline__": 21,
"resource_type": "RUN",
"hash": "c1f9cc0c42260bb0183d7e7b9ec2edab99837111ad42dbbdd7fad09ff3e37ab0"
},
"evaluated_keys": [
"value"
]
},
"code_block": [
[
22,
"RUN npm run db:generate\n"
]
],
"file_path": "/Dockerfile.production",
"file_abs_path": "/scan/Dockerfile.production",
"repo_file_path": "/Dockerfile.production",
"file_line_range": [
22,
22
],
"resource": "/Dockerfile.production.RUN",
"evaluations": null,
"check_class": "checkov.common.graph.checks_infra.base_check",
"fixed_definition": null,
"entity_tags": null,
"caller_file_path": null,
"caller_file_line_range": null,
"resource_address": null,
"severity": null,
"bc_category": null,
"benchmarks": null,
"description": null,
"short_description": null,
"vulnerability_details": null,
"connected_node": null,
"guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-npm-strict-ssl",
"details": [],
"check_len": null,
"definition_context_file_path": null
},
{
"check_id": "CKV2_DOCKER_12",
"bc_check_id": null,
"check_name": "Ensure that certificate validation isn't disabled for npm via the 'NPM_CONFIG_STRICT_SSL' environment variable",
"check_result": {
"result": "PASSED",
"entity": {
"block_name_": "RUN",
"block_type_": "resource",
"file_path_": "/Dockerfile.production",
"config_": {
"content": "RUN npm run build\n",
"value": "npm run build",
"__startline__": 22,
"__endline__": 22
},
"label_": "resource: RUN",
"id_": "RUN",
"source_": "Dockerfile",
"content": "RUN npm run build\n",
"value": "npm run build",
"__startline__": 22,
"__endline__": 22,
"resource_type": "RUN",
"hash": "1bf185fb6038f1b491f2a2686de4dd9869ccdd9c3e34d2772cf43bd368377aa6"
},
"evaluated_keys": [
"value"
]
},
"code_block": [
[
23,
"RUN npm run build\n"
]
],
"file_path": "/Dockerfile.production",
"file_abs_path": "/scan/Dockerfile.production",
"repo_file_path": "/Dockerfile.production",
"file_line_range": [
23,
23
],
"resource": "/Dockerfile.production.RUN",
"evaluations": null,
"check_class": "checkov.common.graph.checks_infra.base_check",
"fixed_definition": null,
"entity_tags": null,
"caller_file_path": null,
"caller_file_line_range": null,
"resource_address": null,
"severity": null,
"bc_category": null,
"benchmarks": null,
"description": null,
"short_description": null,
"vulnerability_details": null,
"connected_node": null,
"guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-npm-strict-ssl",
"details": [],
"check_len": null,
"definition_context_file_path": null
},
{
"check_id": "CKV2_DOCKER_12",
"bc_check_id": null,
"check_name": "Ensure that certificate validation isn't disabled for npm via the 'NPM_CONFIG_STRICT_SSL' environment variable",
"check_result": {
"result": "PASSED",
"entity": {
"block_name_": "RUN",
"block_type_": "resource",
"file_path_": "/Dockerfile.production",
"config_": {
"content": "RUN corepack enable && corepack prepare npm@10.5.0 --activate\n",
"value": "corepack enable && corepack prepare npm@10.5.0 --activate",
"__startline__": 30,
"__endline__": 30
},
"label_": "resource: RUN",
"id_": "RUN",
"source_": "Dockerfile",
"content": "RUN corepack enable && corepack prepare npm@10.5.0 --activate\n",
"value": "corepack enable && corepack prepare npm@10.5.0 --activate",
"__startline__": 30,
"__endline__": 30,
"resource_type": "RUN",
"hash": "01c88e306f7db45ae7136e3bdb63c4b15978dd024f6ed18210961fc3db3df382"
},
"evaluated_keys": [
"value"
]
},
"code_block": [
[
31,
"RUN corepack enable && corepack prepare npm@10.5.0 --activate\n"
]
],
"file_path": "/Dockerfile.production",
"file_abs_path": "/scan/Dockerfile.production",
"repo_file_path": "/Dockerfile.production",
"file_line_range": [
31,
31
],
"resource": "/Dockerfile.production.RUN",
"evaluations": null,
"check_class": "checkov.common.graph.checks_infra.base_check",
"fixed_definition": null,
"entity_tags": null,
"caller_file_path": null,
"caller_file_line_range": null,
"resource_address": null,
"severity": null,
"bc_category": null,
"benchmarks": null,
"description": null,
"short_description": null,
"vulnerability_details": null,
"connected_node": null,
"guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-npm-strict-ssl",
"details": [],
"check_len": null,
"definition_context_file_path": null
},
{
"check_id": "CKV2_DOCKER_12",
"bc_check_id": null,
"check_name": "Ensure that certificate validation isn't disabled for npm via the 'NPM_CONFIG_STRICT_SSL' environment variable",
"check_result": {
"result": "PASSED",
"entity": {
"block_name_": "ARG",
"block_type_": "resource",
"file_path_": "/Dockerfile.production",
"config_": {
"content": "ARG NEXT_PUBLIC_API_URL\n",
"value": "NEXT_PUBLIC_API_URL",
"__startline__": 11,
"__endline__": 11
},
"label_": "resource: ARG",
"id_": "ARG",
"source_": "Dockerfile",
"content": "ARG NEXT_PUBLIC_API_URL\n",
"value": "NEXT_PUBLIC_API_URL",
"__startline__": 11,
"__endline__": 11,
"resource_type": "ARG",
"hash": "fded00a21c81cd45d8985324636a2acafc73bef594a45811ca0d68265da3f9dc"
},
"evaluated_keys": [
"value"
]
},
"code_block": [
[
12,
"ARG NEXT_PUBLIC_API_URL\n"
]
],
"file_path": "/Dockerfile.production",
"file_abs_path": "/scan/Dockerfile.production",
"repo_file_path": "/Dockerfile.production",
"file_line_range": [
12,
12
],
"resource": "/Dockerfile.production.ARG",
"evaluations": null,
"check_class": "checkov.common.graph.checks_infra.base_check",
"fixed_definition": null,
"entity_tags": null,
"caller_file_path": null,
"caller_file_line_range": null,
"resource_address": null,
"severity": null,
"bc_category": null,
"benchmarks": null,
"description": null,
"short_description": null,
"vulnerability_details": null,
"connected_node": null,
"guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-npm-strict-ssl",
"details": [],
"check_len": null,
"definition_context_file_path": null
},
{
"check_id": "CKV2_DOCKER_12",
"bc_check_id": null,
"check_name": "Ensure that certificate validation isn't disabled for npm via the 'NPM_CONFIG_STRICT_SSL' environment variable",
"check_result": {
"result": "PASSED",
"entity": {
"block_name_": "ARG",
"block_type_": "resource",
"file_path_": "/Dockerfile.production",
"config_": {
"content": "ARG NEXT_PUBLIC_MARKETPLACE_URL\n",
"value": "NEXT_PUBLIC_MARKETPLACE_URL",
"__startline__": 12,
"__endline__": 12
},
"label_": "resource: ARG",
"id_": "ARG",
"source_": "Dockerfile",
"content": "ARG NEXT_PUBLIC_MARKETPLACE_URL\n",
"value": "NEXT_PUBLIC_MARKETPLACE_URL",
"__startline__": 12,
"__endline__": 12,
"resource_type": "ARG",
"hash": "11d98758a432fc03021573afe4df769dc34ff0a4aec966f558b5e00c71c6cf3b"
},
"evaluated_keys": [
"value"
]
},
"code_block": [
[
13,
"ARG NEXT_PUBLIC_MARKETPLACE_URL\n"
]
],
"file_path": "/Dockerfile.production",
"file_abs_path": "/scan/Dockerfile.production",
"repo_file_path": "/Dockerfile.production",
"file_line_range": [
13,
13
],
"resource": "/Dockerfile.production.ARG",
"evaluations": null,
"check_class": "checkov.common.graph.checks_infra.base_check",
"fixed_definition": null,
"entity_tags": null,
"caller_file_path": null,
"caller_file_line_range": null,
"resource_address": null,
"severity": null,
"bc_category": null,
"benchmarks": null,
"description": null,
"short_description": null,
"vulnerability_details": null,
"connected_node": null,
"guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-npm-strict-ssl",
"details": [],
"check_len": null,
"definition_context_file_path": null
},
{
"check_id": "CKV2_DOCKER_12",
"bc_check_id": null,
"check_name": "Ensure that certificate validation isn't disabled for npm via the 'NPM_CONFIG_STRICT_SSL' environment variable",
"check_result": {
"result": "PASSED",
"entity": {
"block_name_": "ARG",
"block_type_": "resource",
"file_path_": "/Dockerfile.production",
"config_": {
"content": "ARG NEXT_PUBLIC_DASHBOARD_URL\n",
"value": "NEXT_PUBLIC_DASHBOARD_URL",
"__startline__": 13,
"__endline__": 13
},
"label_": "resource: ARG",
"id_": "ARG",
"source_": "Dockerfile",
"content": "ARG NEXT_PUBLIC_DASHBOARD_URL\n",
"value": "NEXT_PUBLIC_DASHBOARD_URL",
"__startline__": 13,
"__endline__": 13,
"resource_type": "ARG",
"hash": "4075db881e0d222faeb86e03db8a05d9a998deab344c05aee0e89d2426e01383"
},
"evaluated_keys": [
"value"
]
},
"code_block": [
[
14,
"ARG NEXT_PUBLIC_DASHBOARD_URL\n"
]
],
"file_path": "/Dockerfile.production",
"file_abs_path": "/scan/Dockerfile.production",
"repo_file_path": "/Dockerfile.production",
"file_line_range": [
14,
14
],
"resource": "/Dockerfile.production.ARG",
"evaluations": null,
"check_class": "checkov.common.graph.checks_infra.base_check",
"fixed_definition": null,
"entity_tags": null,
"caller_file_path": null,
"caller_file_line_range": null,
"resource_address": null,
"severity": null,
"bc_category": null,
"benchmarks": null,
"description": null,
"short_description": null,
"vulnerability_details": null,
"connected_node": null,
"guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-npm-strict-ssl",
"details": [],
"check_len": null,
"definition_context_file_path": null
},
{
"check_id": "CKV2_DOCKER_12",
"bc_check_id": null,
"check_name": "Ensure that certificate validation isn't disabled for npm via the 'NPM_CONFIG_STRICT_SSL' environment variable",
"check_result": {
"result": "PASSED",
"entity": {
"block_name_": "ARG",
"block_type_": "resource",
"file_path_": "/Dockerfile.production",
"config_": {
"content": "ARG NEXT_PUBLIC_ADMIN_URL\n",
"value": "NEXT_PUBLIC_ADMIN_URL",
"__startline__": 14,
"__endline__": 14
},
"label_": "resource: ARG",
"id_": "ARG",
"source_": "Dockerfile",
"content": "ARG NEXT_PUBLIC_ADMIN_URL\n",
"value": "NEXT_PUBLIC_ADMIN_URL",
"__startline__": 14,
"__endline__": 14,
"resource_type": "ARG",
"hash": "a4c9bf1c4e349946074fb4c606d0db63c06a809d125e58ddd09427e4d929fd6a"
},
"evaluated_keys": [
"value"
]
},
"code_block": [
[
15,
"ARG NEXT_PUBLIC_ADMIN_URL\n"
]
],
"file_path": "/Dockerfile.production",
"file_abs_path": "/scan/Dockerfile.production",
"repo_file_path": "/Dockerfile.production",
"file_line_range": [
15,
15
],
"resource": "/Dockerfile.production.ARG",
"evaluations": null,
"check_class": "checkov.common.graph.checks_infra.base_check",
"fixed_definition": null,
"entity_tags": null,
"caller_file_path": null,
"caller_file_line_range": null,
"resource_address": null,
"severity": null,
"bc_category": null,
"benchmarks": null,
"description": null,
"short_description": null,
"vulnerability_details": null,
"connected_node": null,
"guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-npm-strict-ssl",
"details": [],
"check_len": null,
"definition_context_file_path": null
},
{
"check_id": "CKV2_DOCKER_12",
"bc_check_id": null,
"check_name": "Ensure that certificate validation isn't disabled for npm via the 'NPM_CONFIG_STRICT_SSL' environment variable",
"check_result": {
"result": "PASSED",
"entity": {
"block_name_": "ENV",
"block_type_": "resource",
"file_path_": "/Dockerfile.production",
"config_": {
"content": "ENV NEXT_PUBLIC_API_URL=$NEXT_PUBLIC_API_URL \\\n NEXT_PUBLIC_MARKETPLACE_URL=$NEXT_PUBLIC_MARKETPLACE_URL \\\n NEXT_PUBLIC_DASHBOARD_URL=$NEXT_PUBLIC_DASHBOARD_URL \\\n NEXT_PUBLIC_ADMIN_URL=$NEXT_PUBLIC_ADMIN_URL\n",
"value": "NEXT_PUBLIC_API_URL=$NEXT_PUBLIC_API_URL NEXT_PUBLIC_MARKETPLACE_URL=$NEXT_PUBLIC_MARKETPLACE_URL NEXT_PUBLIC_DASHBOARD_URL=$NEXT_PUBLIC_DASHBOARD_URL NEXT_PUBLIC_ADMIN_URL=$NEXT_PUBLIC_ADMIN_URL",
"__startline__": 15,
"__endline__": 18
},
"label_": "resource: ENV",
"id_": "ENV",
"source_": "Dockerfile",
"content": "ENV NEXT_PUBLIC_API_URL=$NEXT_PUBLIC_API_URL \\\n NEXT_PUBLIC_MARKETPLACE_URL=$NEXT_PUBLIC_MARKETPLACE_URL \\\n NEXT_PUBLIC_DASHBOARD_URL=$NEXT_PUBLIC_DASHBOARD_URL \\\n NEXT_PUBLIC_ADMIN_URL=$NEXT_PUBLIC_ADMIN_URL\n",
"value": "NEXT_PUBLIC_API_URL=$NEXT_PUBLIC_API_URL NEXT_PUBLIC_MARKETPLACE_URL=$NEXT_PUBLIC_MARKETPLACE_URL NEXT_PUBLIC_DASHBOARD_URL=$NEXT_PUBLIC_DASHBOARD_URL NEXT_PUBLIC_ADMIN_URL=$NEXT_PUBLIC_ADMIN_URL",
"__startline__": 15,
"__endline__": 18,
"resource_type": "ENV",
"hash": "65abe3eb0aadfa3b1ed513b9e21f4f8c4524ec8c298e7123de46806870b90557"
},
"evaluated_keys": [
"value"
]
},
"code_block": [
[
16,
"ENV NEXT_PUBLIC_API_URL=$NEXT_PUBLIC_API_URL \\\n"
],
[
17,
" NEXT_PUBLIC_MARKETPLACE_URL=$NEXT_PUBLIC_MARKETPLACE_URL \\\n"
],
[
18,
" NEXT_PUBLIC_DASHBOARD_URL=$NEXT_PUBLIC_DASHBOARD_URL \\\n"
],
[
19,
" NEXT_PUBLIC_ADMIN_URL=$NEXT_PUBLIC_ADMIN_URL\n"
]
],
"file_path": "/Dockerfile.production",
"file_abs_path": "/scan/Dockerfile.production",
"repo_file_path": "/Dockerfile.production",
"file_line_range": [
16,
19
],
"resource": "/Dockerfile.production.ENV",
"evaluations": null,
"check_class": "checkov.common.graph.checks_infra.base_check",
"fixed_definition": null,
"entity_tags": null,
"caller_file_path": null,
"caller_file_line_range": null,
"resource_address": null,
"severity": null,
"bc_category": null,
"benchmarks": null,
"description": null,
"short_description": null,
"vulnerability_details": null,
"connected_node": null,
"guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-npm-strict-ssl",
"details": [],
"check_len": null,
"definition_context_file_path": null
},
{
"check_id": "CKV2_DOCKER_12",
"bc_check_id": null,
"check_name": "Ensure that certificate validation isn't disabled for npm via the 'NPM_CONFIG_STRICT_SSL' environment variable",
"check_result": {
"result": "PASSED",
"entity": {
"block_name_": "ENV",
"block_type_": "resource",
"file_path_": "/Dockerfile.production",
"config_": {
"content": "ENV NODE_ENV=production\n",
"value": "NODE_ENV=production",
"__startline__": 28,
"__endline__": 28
},
"label_": "resource: ENV",
"id_": "ENV",
"source_": "Dockerfile",
"content": "ENV NODE_ENV=production\n",
"value": "NODE_ENV=production",
"__startline__": 28,
"__endline__": 28,
"resource_type": "ENV",
"hash": "5a6afcff0e4c111b04ace6d372feb2943096034796456739be650482e87f3e0e"
},
"evaluated_keys": [
"value"
]
},
"code_block": [
[
29,
"ENV NODE_ENV=production\n"
]
],
"file_path": "/Dockerfile.production",
"file_abs_path": "/scan/Dockerfile.production",
"repo_file_path": "/Dockerfile.production",
"file_line_range": [
29,
29
],
"resource": "/Dockerfile.production.ENV",
"evaluations": null,
"check_class": "checkov.common.graph.checks_infra.base_check",
"fixed_definition": null,
"entity_tags": null,
"caller_file_path": null,
"caller_file_line_range": null,
"resource_address": null,
"severity": null,
"bc_category": null,
"benchmarks": null,
"description": null,
"short_description": null,
"vulnerability_details": null,
"connected_node": null,
"guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-npm-strict-ssl",
"details": [],
"check_len": null,
"definition_context_file_path": null
},
{
"check_id": "CKV2_DOCKER_12",
"bc_check_id": null,
"check_name": "Ensure that certificate validation isn't disabled for npm via the 'NPM_CONFIG_STRICT_SSL' environment variable",
"check_result": {
"result": "PASSED",
"entity": {
"block_name_": "RUN",
"block_type_": "resource",
"file_path_": "/Dockerfile.test",
"config_": {
"content": "RUN corepack enable && corepack prepare npm@10.5.0 --activate\n",
"value": "corepack enable && corepack prepare npm@10.5.0 --activate",
"__startline__": 4,
"__endline__": 4
},
"label_": "resource: RUN",
"id_": "RUN",
"source_": "Dockerfile",
"content": "RUN corepack enable && corepack prepare npm@10.5.0 --activate\n",
"value": "corepack enable && corepack prepare npm@10.5.0 --activate",
"__startline__": 4,
"__endline__": 4,
"resource_type": "RUN",
"hash": "1d5fb0a211498b8baf37e5744578ad03459da7798534298981f23fdefb7eb757"
},
"evaluated_keys": [
"value"
]
},
"code_block": [
[
5,
"RUN corepack enable && corepack prepare npm@10.5.0 --activate\n"
]
],
"file_path": "/Dockerfile.test",
"file_abs_path": "/scan/Dockerfile.test",
"repo_file_path": "/Dockerfile.test",
"file_line_range": [
5,
5
],
"resource": "/Dockerfile.test.RUN",
"evaluations": null,
"check_class": "checkov.common.graph.checks_infra.base_check",
"fixed_definition": null,
"entity_tags": null,
"caller_file_path": null,
"caller_file_line_range": null,
"resource_address": null,
"severity": null,
"bc_category": null,
"benchmarks": null,
"description": null,
"short_description": null,
"vulnerability_details": null,
"connected_node": null,
"guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-npm-strict-ssl",
"details": [],
"check_len": null,
"definition_context_file_path": null
},
{
"check_id": "CKV2_DOCKER_12",
"bc_check_id": null,
"check_name": "Ensure that certificate validation isn't disabled for npm via the 'NPM_CONFIG_STRICT_SSL' environment variable",
"check_result": {
"result": "PASSED",
"entity": {
"block_name_": "RUN",
"block_type_": "resource",
"file_path_": "/Dockerfile.test",
"config_": {
"content": "RUN npm install\n",
"value": "npm install",
"__startline__": 10,
"__endline__": 10
},
"label_": "resource: RUN",
"id_": "RUN",
"source_": "Dockerfile",
"content": "RUN npm install\n",
"value": "npm install",
"__startline__": 10,
"__endline__": 10,
"resource_type": "RUN",
"hash": "fb809e4860a3131df821aea9480445cc6e2f66dd52744dab5f3d2ef5b2848436"
},
"evaluated_keys": [
"value"
]
},
"code_block": [
[
11,
"RUN npm install\n"
]
],
"file_path": "/Dockerfile.test",
"file_abs_path": "/scan/Dockerfile.test",
"repo_file_path": "/Dockerfile.test",
"file_line_range": [
11,
11
],
"resource": "/Dockerfile.test.RUN",
"evaluations": null,
"check_class": "checkov.common.graph.checks_infra.base_check",
"fixed_definition": null,
"entity_tags": null,
"caller_file_path": null,
"caller_file_line_range": null,
"resource_address": null,
"severity": null,
"bc_category": null,
"benchmarks": null,
"description": null,
"short_description": null,
"vulnerability_details": null,
"connected_node": null,
"guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-npm-strict-ssl",
"details": [],
"check_len": null,
"definition_context_file_path": null
},
{
"check_id": "CKV2_DOCKER_12",
"bc_check_id": null,
"check_name": "Ensure that certificate validation isn't disabled for npm via the 'NPM_CONFIG_STRICT_SSL' environment variable",
"check_result": {
"result": "PASSED",
"entity": {
"block_name_": "ENV",
"block_type_": "resource",
"file_path_": "/Dockerfile.test",
"config_": {
"content": "ENV NODE_ENV=test\n",
"value": "NODE_ENV=test",
"__startline__": 12,
"__endline__": 12
},
"label_": "resource: ENV",
"id_": "ENV",
"source_": "Dockerfile",
"content": "ENV NODE_ENV=test\n",
"value": "NODE_ENV=test",
"__startline__": 12,
"__endline__": 12,
"resource_type": "ENV",
"hash": "14d83a642c69d4cf67fcdbeb6dace7ba464024fdcad52f8129d63c78042457cb"
},
"evaluated_keys": [
"value"
]
},
"code_block": [
[
13,
"ENV NODE_ENV=test\n"
]
],
"file_path": "/Dockerfile.test",
"file_abs_path": "/scan/Dockerfile.test",
"repo_file_path": "/Dockerfile.test",
"file_line_range": [
13,
13
],
"resource": "/Dockerfile.test.ENV",
"evaluations": null,
"check_class": "checkov.common.graph.checks_infra.base_check",
"fixed_definition": null,
"entity_tags": null,
"caller_file_path": null,
"caller_file_line_range": null,
"resource_address": null,
"severity": null,
"bc_category": null,
"benchmarks": null,
"description": null,
"short_description": null,
"vulnerability_details": null,
"connected_node": null,
"guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-npm-strict-ssl",
"details": [],
"check_len": null,
"definition_context_file_path": null
},
{
"check_id": "CKV2_DOCKER_12",
"bc_check_id": null,
"check_name": "Ensure that certificate validation isn't disabled for npm via the 'NPM_CONFIG_STRICT_SSL' environment variable",
"check_result": {
"result": "PASSED",
"entity": {
"block_name_": "RUN",
"block_type_": "resource",
"file_path_": "/Dockerfile.dev",
"config_": {
"content": "RUN npm install -g npm@10.5.0 --no-fund --no-audit\n",
"value": "npm install -g npm@10.5.0 --no-fund --no-audit",
"__startline__": 4,
"__endline__": 4
},
"label_": "resource: RUN",
"id_": "RUN",
"source_": "Dockerfile",
"content": "RUN npm install -g npm@10.5.0 --no-fund --no-audit\n",
"value": "npm install -g npm@10.5.0 --no-fund --no-audit",
"__startline__": 4,
"__endline__": 4,
"resource_type": "RUN",
"hash": "435bba968d1d0b4c410ea33851637829a16b2ad878f0b9531a737c7a444f91b9"
},
"evaluated_keys": [
"value"
]
},
"code_block": [
[
5,
"RUN npm install -g npm@10.5.0 --no-fund --no-audit\n"
]
],
"file_path": "/Dockerfile.dev",
"file_abs_path": "/scan/Dockerfile.dev",
"repo_file_path": "/Dockerfile.dev",
"file_line_range": [
5,
5
],
"resource": "/Dockerfile.dev.RUN",
"evaluations": null,
"check_class": "checkov.common.graph.checks_infra.base_check",
"fixed_definition": null,
"entity_tags": null,
"caller_file_path": null,
"caller_file_line_range": null,
"resource_address": null,
"severity": null,
"bc_category": null,
"benchmarks": null,
"description": null,
"short_description": null,
"vulnerability_details": null,
"connected_node": null,
"guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-npm-strict-ssl",
"details": [],
"check_len": null,
"definition_context_file_path": null
},
{
"check_id": "CKV2_DOCKER_12",
"bc_check_id": null,
"check_name": "Ensure that certificate validation isn't disabled for npm via the 'NPM_CONFIG_STRICT_SSL' environment variable",
"check_result": {
"result": "PASSED",
"entity": {
"block_name_": "RUN",
"block_type_": "resource",
"file_path_": "/Dockerfile.dev",
"config_": {
"content": "RUN npm ci --no-fund --no-audit\n",
"value": "npm ci --no-fund --no-audit",
"__startline__": 10,
"__endline__": 10
},
"label_": "resource: RUN",
"id_": "RUN",
"source_": "Dockerfile",
"content": "RUN npm ci --no-fund --no-audit\n",
"value": "npm ci --no-fund --no-audit",
"__startline__": 10,
"__endline__": 10,
"resource_type": "RUN",
"hash": "57abb1bbe03890ab19f47e5f96b9cbcee02aab65f6980d523df42faf41b709fa"
},
"evaluated_keys": [
"value"
]
},
"code_block": [
[
11,
"RUN npm ci --no-fund --no-audit\n"
]
],
"file_path": "/Dockerfile.dev",
"file_abs_path": "/scan/Dockerfile.dev",
"repo_file_path": "/Dockerfile.dev",
"file_line_range": [
11,
11
],
"resource": "/Dockerfile.dev.RUN",
"evaluations": null,
"check_class": "checkov.common.graph.checks_infra.base_check",
"fixed_definition": null,
"entity_tags": null,
"caller_file_path": null,
"caller_file_line_range": null,
"resource_address": null,
"severity": null,
"bc_category": null,
"benchmarks": null,
"description": null,
"short_description": null,
"vulnerability_details": null,
"connected_node": null,
"guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-npm-strict-ssl",
"details": [],
"check_len": null,
"definition_context_file_path": null
},
{
"check_id": "CKV2_DOCKER_14",
"bc_check_id": null,
"check_name": "Ensure that certificate validation isn't disabled for git by setting the environment variable 'GIT_SSL_NO_VERIFY' to any value",
"check_result": {
"result": "PASSED",
"entity": {
"block_name_": "RUN",
"block_type_": "resource",
"file_path_": "/Dockerfile.production",
"config_": {
"content": "RUN corepack enable && corepack prepare npm@10.5.0 --activate\n",
"value": "corepack enable && corepack prepare npm@10.5.0 --activate",
"__startline__": 4,
"__endline__": 4
},
"label_": "resource: RUN",
"id_": "RUN",
"source_": "Dockerfile",
"content": "RUN corepack enable && corepack prepare npm@10.5.0 --activate\n",
"value": "corepack enable && corepack prepare npm@10.5.0 --activate",
"__startline__": 4,
"__endline__": 4,
"resource_type": "RUN",
"hash": "dbd32b6bad6b728919787011f82d60c50d7b2d1c079f814de2b1640696c98816"
},
"evaluated_keys": [
"value"
]
},
"code_block": [
[
5,
"RUN corepack enable && corepack prepare npm@10.5.0 --activate\n"
]
],
"file_path": "/Dockerfile.production",
"file_abs_path": "/scan/Dockerfile.production",
"repo_file_path": "/Dockerfile.production",
"file_line_range": [
5,
5
],
"resource": "/Dockerfile.production.RUN",
"evaluations": null,
"check_class": "checkov.common.graph.checks_infra.base_check",
"fixed_definition": null,
"entity_tags": null,
"caller_file_path": null,
"caller_file_line_range": null,
"resource_address": null,
"severity": null,
"bc_category": null,
"benchmarks": null,
"description": null,
"short_description": null,
"vulnerability_details": null,
"connected_node": null,
"guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-git-ssl",
"details": [],
"check_len": null,
"definition_context_file_path": null
},
{
"check_id": "CKV2_DOCKER_14",
"bc_check_id": null,
"check_name": "Ensure that certificate validation isn't disabled for git by setting the environment variable 'GIT_SSL_NO_VERIFY' to any value",
"check_result": {
"result": "PASSED",
"entity": {
"block_name_": "RUN",
"block_type_": "resource",
"file_path_": "/Dockerfile.production",
"config_": {
"content": "RUN npm install\n",
"value": "npm install",
"__startline__": 20,
"__endline__": 20
},
"label_": "resource: RUN",
"id_": "RUN",
"source_": "Dockerfile",
"content": "RUN npm install\n",
"value": "npm install",
"__startline__": 20,
"__endline__": 20,
"resource_type": "RUN",
"hash": "6979b14e6a853ac150ffef85c5e28fd49c956054ea2cb1d01440e13b17260c4a"
},
"evaluated_keys": [
"value"
]
},
"code_block": [
[
21,
"RUN npm install\n"
]
],
"file_path": "/Dockerfile.production",
"file_abs_path": "/scan/Dockerfile.production",
"repo_file_path": "/Dockerfile.production",
"file_line_range": [
21,
21
],
"resource": "/Dockerfile.production.RUN",
"evaluations": null,
"check_class": "checkov.common.graph.checks_infra.base_check",
"fixed_definition": null,
"entity_tags": null,
"caller_file_path": null,
"caller_file_line_range": null,
"resource_address": null,
"severity": null,
"bc_category": null,
"benchmarks": null,
"description": null,
"short_description": null,
"vulnerability_details": null,
"connected_node": null,
"guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-git-ssl",
"details": [],
"check_len": null,
"definition_context_file_path": null
},
{
"check_id": "CKV2_DOCKER_14",
"bc_check_id": null,
"check_name": "Ensure that certificate validation isn't disabled for git by setting the environment variable 'GIT_SSL_NO_VERIFY' to any value",
"check_result": {
"result": "PASSED",
"entity": {
"block_name_": "RUN",
"block_type_": "resource",
"file_path_": "/Dockerfile.production",
"config_": {
"content": "RUN npm run db:generate\n",
"value": "npm run db:generate",
"__startline__": 21,
"__endline__": 21
},
"label_": "resource: RUN",
"id_": "RUN",
"source_": "Dockerfile",
"content": "RUN npm run db:generate\n",
"value": "npm run db:generate",
"__startline__": 21,
"__endline__": 21,
"resource_type": "RUN",
"hash": "c1f9cc0c42260bb0183d7e7b9ec2edab99837111ad42dbbdd7fad09ff3e37ab0"
},
"evaluated_keys": [
"value"
]
},
"code_block": [
[
22,
"RUN npm run db:generate\n"
]
],
"file_path": "/Dockerfile.production",
"file_abs_path": "/scan/Dockerfile.production",
"repo_file_path": "/Dockerfile.production",
"file_line_range": [
22,
22
],
"resource": "/Dockerfile.production.RUN",
"evaluations": null,
"check_class": "checkov.common.graph.checks_infra.base_check",
"fixed_definition": null,
"entity_tags": null,
"caller_file_path": null,
"caller_file_line_range": null,
"resource_address": null,
"severity": null,
"bc_category": null,
"benchmarks": null,
"description": null,
"short_description": null,
"vulnerability_details": null,
"connected_node": null,
"guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-git-ssl",
"details": [],
"check_len": null,
"definition_context_file_path": null
},
{
"check_id": "CKV2_DOCKER_14",
"bc_check_id": null,
"check_name": "Ensure that certificate validation isn't disabled for git by setting the environment variable 'GIT_SSL_NO_VERIFY' to any value",
"check_result": {
"result": "PASSED",
"entity": {
"block_name_": "RUN",
"block_type_": "resource",
"file_path_": "/Dockerfile.production",
"config_": {
"content": "RUN npm run build\n",
"value": "npm run build",
"__startline__": 22,
"__endline__": 22
},
"label_": "resource: RUN",
"id_": "RUN",
"source_": "Dockerfile",
"content": "RUN npm run build\n",
"value": "npm run build",
"__startline__": 22,
"__endline__": 22,
"resource_type": "RUN",
"hash": "1bf185fb6038f1b491f2a2686de4dd9869ccdd9c3e34d2772cf43bd368377aa6"
},
"evaluated_keys": [
"value"
]
},
"code_block": [
[
23,
"RUN npm run build\n"
]
],
"file_path": "/Dockerfile.production",
"file_abs_path": "/scan/Dockerfile.production",
"repo_file_path": "/Dockerfile.production",
"file_line_range": [
23,
23
],
"resource": "/Dockerfile.production.RUN",
"evaluations": null,
"check_class": "checkov.common.graph.checks_infra.base_check",
"fixed_definition": null,
"entity_tags": null,
"caller_file_path": null,
"caller_file_line_range": null,
"resource_address": null,
"severity": null,
"bc_category": null,
"benchmarks": null,
"description": null,
"short_description": null,
"vulnerability_details": null,
"connected_node": null,
"guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-git-ssl",
"details": [],
"check_len": null,
"definition_context_file_path": null
},
{
"check_id": "CKV2_DOCKER_14",
"bc_check_id": null,
"check_name": "Ensure that certificate validation isn't disabled for git by setting the environment variable 'GIT_SSL_NO_VERIFY' to any value",
"check_result": {
"result": "PASSED",
"entity": {
"block_name_": "RUN",
"block_type_": "resource",
"file_path_": "/Dockerfile.production",
"config_": {
"content": "RUN corepack enable && corepack prepare npm@10.5.0 --activate\n",
"value": "corepack enable && corepack prepare npm@10.5.0 --activate",
"__startline__": 30,
"__endline__": 30
},
"label_": "resource: RUN",
"id_": "RUN",
"source_": "Dockerfile",
"content": "RUN corepack enable && corepack prepare npm@10.5.0 --activate\n",
"value": "corepack enable && corepack prepare npm@10.5.0 --activate",
"__startline__": 30,
"__endline__": 30,
"resource_type": "RUN",
"hash": "01c88e306f7db45ae7136e3bdb63c4b15978dd024f6ed18210961fc3db3df382"
},
"evaluated_keys": [
"value"
]
},
"code_block": [
[
31,
"RUN corepack enable && corepack prepare npm@10.5.0 --activate\n"
]
],
"file_path": "/Dockerfile.production",
"file_abs_path": "/scan/Dockerfile.production",
"repo_file_path": "/Dockerfile.production",
"file_line_range": [
31,
31
],
"resource": "/Dockerfile.production.RUN",
"evaluations": null,
"check_class": "checkov.common.graph.checks_infra.base_check",
"fixed_definition": null,
"entity_tags": null,
"caller_file_path": null,
"caller_file_line_range": null,
"resource_address": null,
"severity": null,
"bc_category": null,
"benchmarks": null,
"description": null,
"short_description": null,
"vulnerability_details": null,
"connected_node": null,
"guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-git-ssl",
"details": [],
"check_len": null,
"definition_context_file_path": null
},
{
"check_id": "CKV2_DOCKER_14",
"bc_check_id": null,
"check_name": "Ensure that certificate validation isn't disabled for git by setting the environment variable 'GIT_SSL_NO_VERIFY' to any value",
"check_result": {
"result": "PASSED",
"entity": {
"block_name_": "ARG",
"block_type_": "resource",
"file_path_": "/Dockerfile.production",
"config_": {
"content": "ARG NEXT_PUBLIC_API_URL\n",
"value": "NEXT_PUBLIC_API_URL",
"__startline__": 11,
"__endline__": 11
},
"label_": "resource: ARG",
"id_": "ARG",
"source_": "Dockerfile",
"content": "ARG NEXT_PUBLIC_API_URL\n",
"value": "NEXT_PUBLIC_API_URL",
"__startline__": 11,
"__endline__": 11,
"resource_type": "ARG",
"hash": "fded00a21c81cd45d8985324636a2acafc73bef594a45811ca0d68265da3f9dc"
},
"evaluated_keys": [
"value"
]
},
"code_block": [
[
12,
"ARG NEXT_PUBLIC_API_URL\n"
]
],
"file_path": "/Dockerfile.production",
"file_abs_path": "/scan/Dockerfile.production",
"repo_file_path": "/Dockerfile.production",
"file_line_range": [
12,
12
],
"resource": "/Dockerfile.production.ARG",
"evaluations": null,
"check_class": "checkov.common.graph.checks_infra.base_check",
"fixed_definition": null,
"entity_tags": null,
"caller_file_path": null,
"caller_file_line_range": null,
"resource_address": null,
"severity": null,
"bc_category": null,
"benchmarks": null,
"description": null,
"short_description": null,
"vulnerability_details": null,
"connected_node": null,
"guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-git-ssl",
"details": [],
"check_len": null,
"definition_context_file_path": null
},
{
"check_id": "CKV2_DOCKER_14",
"bc_check_id": null,
"check_name": "Ensure that certificate validation isn't disabled for git by setting the environment variable 'GIT_SSL_NO_VERIFY' to any value",
"check_result": {
"result": "PASSED",
"entity": {
"block_name_": "ARG",
"block_type_": "resource",
"file_path_": "/Dockerfile.production",
"config_": {
"content": "ARG NEXT_PUBLIC_MARKETPLACE_URL\n",
"value": "NEXT_PUBLIC_MARKETPLACE_URL",
"__startline__": 12,
"__endline__": 12
},
"label_": "resource: ARG",
"id_": "ARG",
"source_": "Dockerfile",
"content": "ARG NEXT_PUBLIC_MARKETPLACE_URL\n",
"value": "NEXT_PUBLIC_MARKETPLACE_URL",
"__startline__": 12,
"__endline__": 12,
"resource_type": "ARG",
"hash": "11d98758a432fc03021573afe4df769dc34ff0a4aec966f558b5e00c71c6cf3b"
},
"evaluated_keys": [
"value"
]
},
"code_block": [
[
13,
"ARG NEXT_PUBLIC_MARKETPLACE_URL\n"
]
],
"file_path": "/Dockerfile.production",
"file_abs_path": "/scan/Dockerfile.production",
"repo_file_path": "/Dockerfile.production",
"file_line_range": [
13,
13
],
"resource": "/Dockerfile.production.ARG",
"evaluations": null,
"check_class": "checkov.common.graph.checks_infra.base_check",
"fixed_definition": null,
"entity_tags": null,
"caller_file_path": null,
"caller_file_line_range": null,
"resource_address": null,
"severity": null,
"bc_category": null,
"benchmarks": null,
"description": null,
"short_description": null,
"vulnerability_details": null,
"connected_node": null,
"guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-git-ssl",
"details": [],
"check_len": null,
"definition_context_file_path": null
},
{
"check_id": "CKV2_DOCKER_14",
"bc_check_id": null,
"check_name": "Ensure that certificate validation isn't disabled for git by setting the environment variable 'GIT_SSL_NO_VERIFY' to any value",
"check_result": {
"result": "PASSED",
"entity": {
"block_name_": "ARG",
"block_type_": "resource",
"file_path_": "/Dockerfile.production",
"config_": {
"content": "ARG NEXT_PUBLIC_DASHBOARD_URL\n",
"value": "NEXT_PUBLIC_DASHBOARD_URL",
"__startline__": 13,
"__endline__": 13
},
"label_": "resource: ARG",
"id_": "ARG",
"source_": "Dockerfile",
"content": "ARG NEXT_PUBLIC_DASHBOARD_URL\n",
"value": "NEXT_PUBLIC_DASHBOARD_URL",
"__startline__": 13,
"__endline__": 13,
"resource_type": "ARG",
"hash": "4075db881e0d222faeb86e03db8a05d9a998deab344c05aee0e89d2426e01383"
},
"evaluated_keys": [
"value"
]
},
"code_block": [
[
14,
"ARG NEXT_PUBLIC_DASHBOARD_URL\n"
]
],
"file_path": "/Dockerfile.production",
"file_abs_path": "/scan/Dockerfile.production",
"repo_file_path": "/Dockerfile.production",
"file_line_range": [
14,
14
],
"resource": "/Dockerfile.production.ARG",
"evaluations": null,
"check_class": "checkov.common.graph.checks_infra.base_check",
"fixed_definition": null,
"entity_tags": null,
"caller_file_path": null,
"caller_file_line_range": null,
"resource_address": null,
"severity": null,
"bc_category": null,
"benchmarks": null,
"description": null,
"short_description": null,
"vulnerability_details": null,
"connected_node": null,
"guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-git-ssl",
"details": [],
"check_len": null,
"definition_context_file_path": null
},
{
"check_id": "CKV2_DOCKER_14",
"bc_check_id": null,
"check_name": "Ensure that certificate validation isn't disabled for git by setting the environment variable 'GIT_SSL_NO_VERIFY' to any value",
"check_result": {
"result": "PASSED",
"entity": {
"block_name_": "ARG",
"block_type_": "resource",
"file_path_": "/Dockerfile.production",
"config_": {
"content": "ARG NEXT_PUBLIC_ADMIN_URL\n",
"value": "NEXT_PUBLIC_ADMIN_URL",
"__startline__": 14,
"__endline__": 14
},
"label_": "resource: ARG",
"id_": "ARG",
"source_": "Dockerfile",
"content": "ARG NEXT_PUBLIC_ADMIN_URL\n",
"value": "NEXT_PUBLIC_ADMIN_URL",
"__startline__": 14,
"__endline__": 14,
"resource_type": "ARG",
"hash": "a4c9bf1c4e349946074fb4c606d0db63c06a809d125e58ddd09427e4d929fd6a"
},
"evaluated_keys": [
"value"
]
},
"code_block": [
[
15,
"ARG NEXT_PUBLIC_ADMIN_URL\n"
]
],
"file_path": "/Dockerfile.production",
"file_abs_path": "/scan/Dockerfile.production",
"repo_file_path": "/Dockerfile.production",
"file_line_range": [
15,
15
],
"resource": "/Dockerfile.production.ARG",
"evaluations": null,
"check_class": "checkov.common.graph.checks_infra.base_check",
"fixed_definition": null,
"entity_tags": null,
"caller_file_path": null,
"caller_file_line_range": null,
"resource_address": null,
"severity": null,
"bc_category": null,
"benchmarks": null,
"description": null,
"short_description": null,
"vulnerability_details": null,
"connected_node": null,
"guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-git-ssl",
"details": [],
"check_len": null,
"definition_context_file_path": null
},
{
"check_id": "CKV2_DOCKER_14",
"bc_check_id": null,
"check_name": "Ensure that certificate validation isn't disabled for git by setting the environment variable 'GIT_SSL_NO_VERIFY' to any value",
"check_result": {
"result": "PASSED",
"entity": {
"block_name_": "ENV",
"block_type_": "resource",
"file_path_": "/Dockerfile.production",
"config_": {
"content": "ENV NEXT_PUBLIC_API_URL=$NEXT_PUBLIC_API_URL \\\n NEXT_PUBLIC_MARKETPLACE_URL=$NEXT_PUBLIC_MARKETPLACE_URL \\\n NEXT_PUBLIC_DASHBOARD_URL=$NEXT_PUBLIC_DASHBOARD_URL \\\n NEXT_PUBLIC_ADMIN_URL=$NEXT_PUBLIC_ADMIN_URL\n",
"value": "NEXT_PUBLIC_API_URL=$NEXT_PUBLIC_API_URL NEXT_PUBLIC_MARKETPLACE_URL=$NEXT_PUBLIC_MARKETPLACE_URL NEXT_PUBLIC_DASHBOARD_URL=$NEXT_PUBLIC_DASHBOARD_URL NEXT_PUBLIC_ADMIN_URL=$NEXT_PUBLIC_ADMIN_URL",
"__startline__": 15,
"__endline__": 18
},
"label_": "resource: ENV",
"id_": "ENV",
"source_": "Dockerfile",
"content": "ENV NEXT_PUBLIC_API_URL=$NEXT_PUBLIC_API_URL \\\n NEXT_PUBLIC_MARKETPLACE_URL=$NEXT_PUBLIC_MARKETPLACE_URL \\\n NEXT_PUBLIC_DASHBOARD_URL=$NEXT_PUBLIC_DASHBOARD_URL \\\n NEXT_PUBLIC_ADMIN_URL=$NEXT_PUBLIC_ADMIN_URL\n",
"value": "NEXT_PUBLIC_API_URL=$NEXT_PUBLIC_API_URL NEXT_PUBLIC_MARKETPLACE_URL=$NEXT_PUBLIC_MARKETPLACE_URL NEXT_PUBLIC_DASHBOARD_URL=$NEXT_PUBLIC_DASHBOARD_URL NEXT_PUBLIC_ADMIN_URL=$NEXT_PUBLIC_ADMIN_URL",
"__startline__": 15,
"__endline__": 18,
"resource_type": "ENV",
"hash": "65abe3eb0aadfa3b1ed513b9e21f4f8c4524ec8c298e7123de46806870b90557"
},
"evaluated_keys": [
"value"
]
},
"code_block": [
[
16,
"ENV NEXT_PUBLIC_API_URL=$NEXT_PUBLIC_API_URL \\\n"
],
[
17,
" NEXT_PUBLIC_MARKETPLACE_URL=$NEXT_PUBLIC_MARKETPLACE_URL \\\n"
],
[
18,
" NEXT_PUBLIC_DASHBOARD_URL=$NEXT_PUBLIC_DASHBOARD_URL \\\n"
],
[
19,
" NEXT_PUBLIC_ADMIN_URL=$NEXT_PUBLIC_ADMIN_URL\n"
]
],
"file_path": "/Dockerfile.production",
"file_abs_path": "/scan/Dockerfile.production",
"repo_file_path": "/Dockerfile.production",
"file_line_range": [
16,
19
],
"resource": "/Dockerfile.production.ENV",
"evaluations": null,
"check_class": "checkov.common.graph.checks_infra.base_check",
"fixed_definition": null,
"entity_tags": null,
"caller_file_path": null,
"caller_file_line_range": null,
"resource_address": null,
"severity": null,
"bc_category": null,
"benchmarks": null,
"description": null,
"short_description": null,
"vulnerability_details": null,
"connected_node": null,
"guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-git-ssl",
"details": [],
"check_len": null,
"definition_context_file_path": null
},
{
"check_id": "CKV2_DOCKER_14",
"bc_check_id": null,
"check_name": "Ensure that certificate validation isn't disabled for git by setting the environment variable 'GIT_SSL_NO_VERIFY' to any value",
"check_result": {
"result": "PASSED",
"entity": {
"block_name_": "ENV",
"block_type_": "resource",
"file_path_": "/Dockerfile.production",
"config_": {
"content": "ENV NODE_ENV=production\n",
"value": "NODE_ENV=production",
"__startline__": 28,
"__endline__": 28
},
"label_": "resource: ENV",
"id_": "ENV",
"source_": "Dockerfile",
"content": "ENV NODE_ENV=production\n",
"value": "NODE_ENV=production",
"__startline__": 28,
"__endline__": 28,
"resource_type": "ENV",
"hash": "5a6afcff0e4c111b04ace6d372feb2943096034796456739be650482e87f3e0e"
},
"evaluated_keys": [
"value"
]
},
"code_block": [
[
29,
"ENV NODE_ENV=production\n"
]
],
"file_path": "/Dockerfile.production",
"file_abs_path": "/scan/Dockerfile.production",
"repo_file_path": "/Dockerfile.production",
"file_line_range": [
29,
29
],
"resource": "/Dockerfile.production.ENV",
"evaluations": null,
"check_class": "checkov.common.graph.checks_infra.base_check",
"fixed_definition": null,
"entity_tags": null,
"caller_file_path": null,
"caller_file_line_range": null,
"resource_address": null,
"severity": null,
"bc_category": null,
"benchmarks": null,
"description": null,
"short_description": null,
"vulnerability_details": null,
"connected_node": null,
"guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-git-ssl",
"details": [],
"check_len": null,
"definition_context_file_path": null
},
{
"check_id": "CKV2_DOCKER_14",
"bc_check_id": null,
"check_name": "Ensure that certificate validation isn't disabled for git by setting the environment variable 'GIT_SSL_NO_VERIFY' to any value",
"check_result": {
"result": "PASSED",
"entity": {
"block_name_": "RUN",
"block_type_": "resource",
"file_path_": "/Dockerfile.test",
"config_": {
"content": "RUN corepack enable && corepack prepare npm@10.5.0 --activate\n",
"value": "corepack enable && corepack prepare npm@10.5.0 --activate",
"__startline__": 4,
"__endline__": 4
},
"label_": "resource: RUN",
"id_": "RUN",
"source_": "Dockerfile",
"content": "RUN corepack enable && corepack prepare npm@10.5.0 --activate\n",
"value": "corepack enable && corepack prepare npm@10.5.0 --activate",
"__startline__": 4,
"__endline__": 4,
"resource_type": "RUN",
"hash": "1d5fb0a211498b8baf37e5744578ad03459da7798534298981f23fdefb7eb757"
},
"evaluated_keys": [
"value"
]
},
"code_block": [
[
5,
"RUN corepack enable && corepack prepare npm@10.5.0 --activate\n"
]
],
"file_path": "/Dockerfile.test",
"file_abs_path": "/scan/Dockerfile.test",
"repo_file_path": "/Dockerfile.test",
"file_line_range": [
5,
5
],
"resource": "/Dockerfile.test.RUN",
"evaluations": null,
"check_class": "checkov.common.graph.checks_infra.base_check",
"fixed_definition": null,
"entity_tags": null,
"caller_file_path": null,
"caller_file_line_range": null,
"resource_address": null,
"severity": null,
"bc_category": null,
"benchmarks": null,
"description": null,
"short_description": null,
"vulnerability_details": null,
"connected_node": null,
"guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-git-ssl",
"details": [],
"check_len": null,
"definition_context_file_path": null
},
{
"check_id": "CKV2_DOCKER_14",
"bc_check_id": null,
"check_name": "Ensure that certificate validation isn't disabled for git by setting the environment variable 'GIT_SSL_NO_VERIFY' to any value",
"check_result": {
"result": "PASSED",
"entity": {
"block_name_": "RUN",
"block_type_": "resource",
"file_path_": "/Dockerfile.test",
"config_": {
"content": "RUN npm install\n",
"value": "npm install",
"__startline__": 10,
"__endline__": 10
},
"label_": "resource: RUN",
"id_": "RUN",
"source_": "Dockerfile",
"content": "RUN npm install\n",
"value": "npm install",
"__startline__": 10,
"__endline__": 10,
"resource_type": "RUN",
"hash": "fb809e4860a3131df821aea9480445cc6e2f66dd52744dab5f3d2ef5b2848436"
},
"evaluated_keys": [
"value"
]
},
"code_block": [
[
11,
"RUN npm install\n"
]
],
"file_path": "/Dockerfile.test",
"file_abs_path": "/scan/Dockerfile.test",
"repo_file_path": "/Dockerfile.test",
"file_line_range": [
11,
11
],
"resource": "/Dockerfile.test.RUN",
"evaluations": null,
"check_class": "checkov.common.graph.checks_infra.base_check",
"fixed_definition": null,
"entity_tags": null,
"caller_file_path": null,
"caller_file_line_range": null,
"resource_address": null,
"severity": null,
"bc_category": null,
"benchmarks": null,
"description": null,
"short_description": null,
"vulnerability_details": null,
"connected_node": null,
"guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-git-ssl",
"details": [],
"check_len": null,
"definition_context_file_path": null
},
{
"check_id": "CKV2_DOCKER_14",
"bc_check_id": null,
"check_name": "Ensure that certificate validation isn't disabled for git by setting the environment variable 'GIT_SSL_NO_VERIFY' to any value",
"check_result": {
"result": "PASSED",
"entity": {
"block_name_": "ENV",
"block_type_": "resource",
"file_path_": "/Dockerfile.test",
"config_": {
"content": "ENV NODE_ENV=test\n",
"value": "NODE_ENV=test",
"__startline__": 12,
"__endline__": 12
},
"label_": "resource: ENV",
"id_": "ENV",
"source_": "Dockerfile",
"content": "ENV NODE_ENV=test\n",
"value": "NODE_ENV=test",
"__startline__": 12,
"__endline__": 12,
"resource_type": "ENV",
"hash": "14d83a642c69d4cf67fcdbeb6dace7ba464024fdcad52f8129d63c78042457cb"
},
"evaluated_keys": [
"value"
]
},
"code_block": [
[
13,
"ENV NODE_ENV=test\n"
]
],
"file_path": "/Dockerfile.test",
"file_abs_path": "/scan/Dockerfile.test",
"repo_file_path": "/Dockerfile.test",
"file_line_range": [
13,
13
],
"resource": "/Dockerfile.test.ENV",
"evaluations": null,
"check_class": "checkov.common.graph.checks_infra.base_check",
"fixed_definition": null,
"entity_tags": null,
"caller_file_path": null,
"caller_file_line_range": null,
"resource_address": null,
"severity": null,
"bc_category": null,
"benchmarks": null,
"description": null,
"short_description": null,
"vulnerability_details": null,
"connected_node": null,
"guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-git-ssl",
"details": [],
"check_len": null,
"definition_context_file_path": null
},
{
"check_id": "CKV2_DOCKER_14",
"bc_check_id": null,
"check_name": "Ensure that certificate validation isn't disabled for git by setting the environment variable 'GIT_SSL_NO_VERIFY' to any value",
"check_result": {
"result": "PASSED",
"entity": {
"block_name_": "RUN",
"block_type_": "resource",
"file_path_": "/Dockerfile.dev",
"config_": {
"content": "RUN npm install -g npm@10.5.0 --no-fund --no-audit\n",
"value": "npm install -g npm@10.5.0 --no-fund --no-audit",
"__startline__": 4,
"__endline__": 4
},
"label_": "resource: RUN",
"id_": "RUN",
"source_": "Dockerfile",
"content": "RUN npm install -g npm@10.5.0 --no-fund --no-audit\n",
"value": "npm install -g npm@10.5.0 --no-fund --no-audit",
"__startline__": 4,
"__endline__": 4,
"resource_type": "RUN",
"hash": "435bba968d1d0b4c410ea33851637829a16b2ad878f0b9531a737c7a444f91b9"
},
"evaluated_keys": [
"value"
]
},
"code_block": [
[
5,
"RUN npm install -g npm@10.5.0 --no-fund --no-audit\n"
]
],
"file_path": "/Dockerfile.dev",
"file_abs_path": "/scan/Dockerfile.dev",
"repo_file_path": "/Dockerfile.dev",
"file_line_range": [
5,
5
],
"resource": "/Dockerfile.dev.RUN",
"evaluations": null,
"check_class": "checkov.common.graph.checks_infra.base_check",
"fixed_definition": null,
"entity_tags": null,
"caller_file_path": null,
"caller_file_line_range": null,
"resource_address": null,
"severity": null,
"bc_category": null,
"benchmarks": null,
"description": null,
"short_description": null,
"vulnerability_details": null,
"connected_node": null,
"guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-git-ssl",
"details": [],
"check_len": null,
"definition_context_file_path": null
},
{
"check_id": "CKV2_DOCKER_14",
"bc_check_id": null,
"check_name": "Ensure that certificate validation isn't disabled for git by setting the environment variable 'GIT_SSL_NO_VERIFY' to any value",
"check_result": {
"result": "PASSED",
"entity": {
"block_name_": "RUN",
"block_type_": "resource",
"file_path_": "/Dockerfile.dev",
"config_": {
"content": "RUN npm ci --no-fund --no-audit\n",
"value": "npm ci --no-fund --no-audit",
"__startline__": 10,
"__endline__": 10
},
"label_": "resource: RUN",
"id_": "RUN",
"source_": "Dockerfile",
"content": "RUN npm ci --no-fund --no-audit\n",
"value": "npm ci --no-fund --no-audit",
"__startline__": 10,
"__endline__": 10,
"resource_type": "RUN",
"hash": "57abb1bbe03890ab19f47e5f96b9cbcee02aab65f6980d523df42faf41b709fa"
},
"evaluated_keys": [
"value"
]
},
"code_block": [
[
11,
"RUN npm ci --no-fund --no-audit\n"
]
],
"file_path": "/Dockerfile.dev",
"file_abs_path": "/scan/Dockerfile.dev",
"repo_file_path": "/Dockerfile.dev",
"file_line_range": [
11,
11
],
"resource": "/Dockerfile.dev.RUN",
"evaluations": null,
"check_class": "checkov.common.graph.checks_infra.base_check",
"fixed_definition": null,
"entity_tags": null,
"caller_file_path": null,
"caller_file_line_range": null,
"resource_address": null,
"severity": null,
"bc_category": null,
"benchmarks": null,
"description": null,
"short_description": null,
"vulnerability_details": null,
"connected_node": null,
"guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-git-ssl",
"details": [],
"check_len": null,
"definition_context_file_path": null
},
{
"check_id": "CKV2_DOCKER_6",
"bc_check_id": null,
"check_name": "Ensure that certificate validation isn't disabled with the NODE_TLS_REJECT_UNAUTHORIZED environment variable",
"check_result": {
"result": "PASSED",
"entity": {
"block_name_": "RUN",
"block_type_": "resource",
"file_path_": "/Dockerfile.production",
"config_": {
"content": "RUN corepack enable && corepack prepare npm@10.5.0 --activate\n",
"value": "corepack enable && corepack prepare npm@10.5.0 --activate",
"__startline__": 4,
"__endline__": 4
},
"label_": "resource: RUN",
"id_": "RUN",
"source_": "Dockerfile",
"content": "RUN corepack enable && corepack prepare npm@10.5.0 --activate\n",
"value": "corepack enable && corepack prepare npm@10.5.0 --activate",
"__startline__": 4,
"__endline__": 4,
"resource_type": "RUN",
"hash": "dbd32b6bad6b728919787011f82d60c50d7b2d1c079f814de2b1640696c98816"
},
"evaluated_keys": [
"value"
]
},
"code_block": [
[
5,
"RUN corepack enable && corepack prepare npm@10.5.0 --activate\n"
]
],
"file_path": "/Dockerfile.production",
"file_abs_path": "/scan/Dockerfile.production",
"repo_file_path": "/Dockerfile.production",
"file_line_range": [
5,
5
],
"resource": "/Dockerfile.production.RUN",
"evaluations": null,
"check_class": "checkov.common.graph.checks_infra.base_check",
"fixed_definition": null,
"entity_tags": null,
"caller_file_path": null,
"caller_file_line_range": null,
"resource_address": null,
"severity": null,
"bc_category": null,
"benchmarks": null,
"description": null,
"short_description": null,
"vulnerability_details": null,
"connected_node": null,
"guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-node-tls-secure",
"details": [],
"check_len": null,
"definition_context_file_path": null
},
{
"check_id": "CKV2_DOCKER_6",
"bc_check_id": null,
"check_name": "Ensure that certificate validation isn't disabled with the NODE_TLS_REJECT_UNAUTHORIZED environment variable",
"check_result": {
"result": "PASSED",
"entity": {
"block_name_": "RUN",
"block_type_": "resource",
"file_path_": "/Dockerfile.production",
"config_": {
"content": "RUN npm install\n",
"value": "npm install",
"__startline__": 20,
"__endline__": 20
},
"label_": "resource: RUN",
"id_": "RUN",
"source_": "Dockerfile",
"content": "RUN npm install\n",
"value": "npm install",
"__startline__": 20,
"__endline__": 20,
"resource_type": "RUN",
"hash": "6979b14e6a853ac150ffef85c5e28fd49c956054ea2cb1d01440e13b17260c4a"
},
"evaluated_keys": [
"value"
]
},
"code_block": [
[
21,
"RUN npm install\n"
]
],
"file_path": "/Dockerfile.production",
"file_abs_path": "/scan/Dockerfile.production",
"repo_file_path": "/Dockerfile.production",
"file_line_range": [
21,
21
],
"resource": "/Dockerfile.production.RUN",
"evaluations": null,
"check_class": "checkov.common.graph.checks_infra.base_check",
"fixed_definition": null,
"entity_tags": null,
"caller_file_path": null,
"caller_file_line_range": null,
"resource_address": null,
"severity": null,
"bc_category": null,
"benchmarks": null,
"description": null,
"short_description": null,
"vulnerability_details": null,
"connected_node": null,
"guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-node-tls-secure",
"details": [],
"check_len": null,
"definition_context_file_path": null
},
{
"check_id": "CKV2_DOCKER_6",
"bc_check_id": null,
"check_name": "Ensure that certificate validation isn't disabled with the NODE_TLS_REJECT_UNAUTHORIZED environment variable",
"check_result": {
"result": "PASSED",
"entity": {
"block_name_": "RUN",
"block_type_": "resource",
"file_path_": "/Dockerfile.production",
"config_": {
"content": "RUN npm run db:generate\n",
"value": "npm run db:generate",
"__startline__": 21,
"__endline__": 21
},
"label_": "resource: RUN",
"id_": "RUN",
"source_": "Dockerfile",
"content": "RUN npm run db:generate\n",
"value": "npm run db:generate",
"__startline__": 21,
"__endline__": 21,
"resource_type": "RUN",
"hash": "c1f9cc0c42260bb0183d7e7b9ec2edab99837111ad42dbbdd7fad09ff3e37ab0"
},
"evaluated_keys": [
"value"
]
},
"code_block": [
[
22,
"RUN npm run db:generate\n"
]
],
"file_path": "/Dockerfile.production",
"file_abs_path": "/scan/Dockerfile.production",
"repo_file_path": "/Dockerfile.production",
"file_line_range": [
22,
22
],
"resource": "/Dockerfile.production.RUN",
"evaluations": null,
"check_class": "checkov.common.graph.checks_infra.base_check",
"fixed_definition": null,
"entity_tags": null,
"caller_file_path": null,
"caller_file_line_range": null,
"resource_address": null,
"severity": null,
"bc_category": null,
"benchmarks": null,
"description": null,
"short_description": null,
"vulnerability_details": null,
"connected_node": null,
"guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-node-tls-secure",
"details": [],
"check_len": null,
"definition_context_file_path": null
},
{
"check_id": "CKV2_DOCKER_6",
"bc_check_id": null,
"check_name": "Ensure that certificate validation isn't disabled with the NODE_TLS_REJECT_UNAUTHORIZED environment variable",
"check_result": {
"result": "PASSED",
"entity": {
"block_name_": "RUN",
"block_type_": "resource",
"file_path_": "/Dockerfile.production",
"config_": {
"content": "RUN npm run build\n",
"value": "npm run build",
"__startline__": 22,
"__endline__": 22
},
"label_": "resource: RUN",
"id_": "RUN",
"source_": "Dockerfile",
"content": "RUN npm run build\n",
"value": "npm run build",
"__startline__": 22,
"__endline__": 22,
"resource_type": "RUN",
"hash": "1bf185fb6038f1b491f2a2686de4dd9869ccdd9c3e34d2772cf43bd368377aa6"
},
"evaluated_keys": [
"value"
]
},
"code_block": [
[
23,
"RUN npm run build\n"
]
],
"file_path": "/Dockerfile.production",
"file_abs_path": "/scan/Dockerfile.production",
"repo_file_path": "/Dockerfile.production",
"file_line_range": [
23,
23
],
"resource": "/Dockerfile.production.RUN",
"evaluations": null,
"check_class": "checkov.common.graph.checks_infra.base_check",
"fixed_definition": null,
"entity_tags": null,
"caller_file_path": null,
"caller_file_line_range": null,
"resource_address": null,
"severity": null,
"bc_category": null,
"benchmarks": null,
"description": null,
"short_description": null,
"vulnerability_details": null,
"connected_node": null,
"guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-node-tls-secure",
"details": [],
"check_len": null,
"definition_context_file_path": null
},
{
"check_id": "CKV2_DOCKER_6",
"bc_check_id": null,
"check_name": "Ensure that certificate validation isn't disabled with the NODE_TLS_REJECT_UNAUTHORIZED environment variable",
"check_result": {
"result": "PASSED",
"entity": {
"block_name_": "RUN",
"block_type_": "resource",
"file_path_": "/Dockerfile.production",
"config_": {
"content": "RUN corepack enable && corepack prepare npm@10.5.0 --activate\n",
"value": "corepack enable && corepack prepare npm@10.5.0 --activate",
"__startline__": 30,
"__endline__": 30
},
"label_": "resource: RUN",
"id_": "RUN",
"source_": "Dockerfile",
"content": "RUN corepack enable && corepack prepare npm@10.5.0 --activate\n",
"value": "corepack enable && corepack prepare npm@10.5.0 --activate",
"__startline__": 30,
"__endline__": 30,
"resource_type": "RUN",
"hash": "01c88e306f7db45ae7136e3bdb63c4b15978dd024f6ed18210961fc3db3df382"
},
"evaluated_keys": [
"value"
]
},
"code_block": [
[
31,
"RUN corepack enable && corepack prepare npm@10.5.0 --activate\n"
]
],
"file_path": "/Dockerfile.production",
"file_abs_path": "/scan/Dockerfile.production",
"repo_file_path": "/Dockerfile.production",
"file_line_range": [
31,
31
],
"resource": "/Dockerfile.production.RUN",
"evaluations": null,
"check_class": "checkov.common.graph.checks_infra.base_check",
"fixed_definition": null,
"entity_tags": null,
"caller_file_path": null,
"caller_file_line_range": null,
"resource_address": null,
"severity": null,
"bc_category": null,
"benchmarks": null,
"description": null,
"short_description": null,
"vulnerability_details": null,
"connected_node": null,
"guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-node-tls-secure",
"details": [],
"check_len": null,
"definition_context_file_path": null
},
{
"check_id": "CKV2_DOCKER_6",
"bc_check_id": null,
"check_name": "Ensure that certificate validation isn't disabled with the NODE_TLS_REJECT_UNAUTHORIZED environment variable",
"check_result": {
"result": "PASSED",
"entity": {
"block_name_": "ARG",
"block_type_": "resource",
"file_path_": "/Dockerfile.production",
"config_": {
"content": "ARG NEXT_PUBLIC_API_URL\n",
"value": "NEXT_PUBLIC_API_URL",
"__startline__": 11,
"__endline__": 11
},
"label_": "resource: ARG",
"id_": "ARG",
"source_": "Dockerfile",
"content": "ARG NEXT_PUBLIC_API_URL\n",
"value": "NEXT_PUBLIC_API_URL",
"__startline__": 11,
"__endline__": 11,
"resource_type": "ARG",
"hash": "fded00a21c81cd45d8985324636a2acafc73bef594a45811ca0d68265da3f9dc"
},
"evaluated_keys": [
"value"
]
},
"code_block": [
[
12,
"ARG NEXT_PUBLIC_API_URL\n"
]
],
"file_path": "/Dockerfile.production",
"file_abs_path": "/scan/Dockerfile.production",
"repo_file_path": "/Dockerfile.production",
"file_line_range": [
12,
12
],
"resource": "/Dockerfile.production.ARG",
"evaluations": null,
"check_class": "checkov.common.graph.checks_infra.base_check",
"fixed_definition": null,
"entity_tags": null,
"caller_file_path": null,
"caller_file_line_range": null,
"resource_address": null,
"severity": null,
"bc_category": null,
"benchmarks": null,
"description": null,
"short_description": null,
"vulnerability_details": null,
"connected_node": null,
"guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-node-tls-secure",
"details": [],
"check_len": null,
"definition_context_file_path": null
},
{
"check_id": "CKV2_DOCKER_6",
"bc_check_id": null,
"check_name": "Ensure that certificate validation isn't disabled with the NODE_TLS_REJECT_UNAUTHORIZED environment variable",
"check_result": {
"result": "PASSED",
"entity": {
"block_name_": "ARG",
"block_type_": "resource",
"file_path_": "/Dockerfile.production",
"config_": {
"content": "ARG NEXT_PUBLIC_MARKETPLACE_URL\n",
"value": "NEXT_PUBLIC_MARKETPLACE_URL",
"__startline__": 12,
"__endline__": 12
},
"label_": "resource: ARG",
"id_": "ARG",
"source_": "Dockerfile",
"content": "ARG NEXT_PUBLIC_MARKETPLACE_URL\n",
"value": "NEXT_PUBLIC_MARKETPLACE_URL",
"__startline__": 12,
"__endline__": 12,
"resource_type": "ARG",
"hash": "11d98758a432fc03021573afe4df769dc34ff0a4aec966f558b5e00c71c6cf3b"
},
"evaluated_keys": [
"value"
]
},
"code_block": [
[
13,
"ARG NEXT_PUBLIC_MARKETPLACE_URL\n"
]
],
"file_path": "/Dockerfile.production",
"file_abs_path": "/scan/Dockerfile.production",
"repo_file_path": "/Dockerfile.production",
"file_line_range": [
13,
13
],
"resource": "/Dockerfile.production.ARG",
"evaluations": null,
"check_class": "checkov.common.graph.checks_infra.base_check",
"fixed_definition": null,
"entity_tags": null,
"caller_file_path": null,
"caller_file_line_range": null,
"resource_address": null,
"severity": null,
"bc_category": null,
"benchmarks": null,
"description": null,
"short_description": null,
"vulnerability_details": null,
"connected_node": null,
"guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-node-tls-secure",
"details": [],
"check_len": null,
"definition_context_file_path": null
},
{
"check_id": "CKV2_DOCKER_6",
"bc_check_id": null,
"check_name": "Ensure that certificate validation isn't disabled with the NODE_TLS_REJECT_UNAUTHORIZED environment variable",
"check_result": {
"result": "PASSED",
"entity": {
"block_name_": "ARG",
"block_type_": "resource",
"file_path_": "/Dockerfile.production",
"config_": {
"content": "ARG NEXT_PUBLIC_DASHBOARD_URL\n",
"value": "NEXT_PUBLIC_DASHBOARD_URL",
"__startline__": 13,
"__endline__": 13
},
"label_": "resource: ARG",
"id_": "ARG",
"source_": "Dockerfile",
"content": "ARG NEXT_PUBLIC_DASHBOARD_URL\n",
"value": "NEXT_PUBLIC_DASHBOARD_URL",
"__startline__": 13,
"__endline__": 13,
"resource_type": "ARG",
"hash": "4075db881e0d222faeb86e03db8a05d9a998deab344c05aee0e89d2426e01383"
},
"evaluated_keys": [
"value"
]
},
"code_block": [
[
14,
"ARG NEXT_PUBLIC_DASHBOARD_URL\n"
]
],
"file_path": "/Dockerfile.production",
"file_abs_path": "/scan/Dockerfile.production",
"repo_file_path": "/Dockerfile.production",
"file_line_range": [
14,
14
],
"resource": "/Dockerfile.production.ARG",
"evaluations": null,
"check_class": "checkov.common.graph.checks_infra.base_check",
"fixed_definition": null,
"entity_tags": null,
"caller_file_path": null,
"caller_file_line_range": null,
"resource_address": null,
"severity": null,
"bc_category": null,
"benchmarks": null,
"description": null,
"short_description": null,
"vulnerability_details": null,
"connected_node": null,
"guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-node-tls-secure",
"details": [],
"check_len": null,
"definition_context_file_path": null
},
{
"check_id": "CKV2_DOCKER_6",
"bc_check_id": null,
"check_name": "Ensure that certificate validation isn't disabled with the NODE_TLS_REJECT_UNAUTHORIZED environment variable",
"check_result": {
"result": "PASSED",
"entity": {
"block_name_": "ARG",
"block_type_": "resource",
"file_path_": "/Dockerfile.production",
"config_": {
"content": "ARG NEXT_PUBLIC_ADMIN_URL\n",
"value": "NEXT_PUBLIC_ADMIN_URL",
"__startline__": 14,
"__endline__": 14
},
"label_": "resource: ARG",
"id_": "ARG",
"source_": "Dockerfile",
"content": "ARG NEXT_PUBLIC_ADMIN_URL\n",
"value": "NEXT_PUBLIC_ADMIN_URL",
"__startline__": 14,
"__endline__": 14,
"resource_type": "ARG",
"hash": "a4c9bf1c4e349946074fb4c606d0db63c06a809d125e58ddd09427e4d929fd6a"
},
"evaluated_keys": [
"value"
]
},
"code_block": [
[
15,
"ARG NEXT_PUBLIC_ADMIN_URL\n"
]
],
"file_path": "/Dockerfile.production",
"file_abs_path": "/scan/Dockerfile.production",
"repo_file_path": "/Dockerfile.production",
"file_line_range": [
15,
15
],
"resource": "/Dockerfile.production.ARG",
"evaluations": null,
"check_class": "checkov.common.graph.checks_infra.base_check",
"fixed_definition": null,
"entity_tags": null,
"caller_file_path": null,
"caller_file_line_range": null,
"resource_address": null,
"severity": null,
"bc_category": null,
"benchmarks": null,
"description": null,
"short_description": null,
"vulnerability_details": null,
"connected_node": null,
"guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-node-tls-secure",
"details": [],
"check_len": null,
"definition_context_file_path": null
},
{
"check_id": "CKV2_DOCKER_6",
"bc_check_id": null,
"check_name": "Ensure that certificate validation isn't disabled with the NODE_TLS_REJECT_UNAUTHORIZED environment variable",
"check_result": {
"result": "PASSED",
"entity": {
"block_name_": "ENV",
"block_type_": "resource",
"file_path_": "/Dockerfile.production",
"config_": {
"content": "ENV NEXT_PUBLIC_API_URL=$NEXT_PUBLIC_API_URL \\\n NEXT_PUBLIC_MARKETPLACE_URL=$NEXT_PUBLIC_MARKETPLACE_URL \\\n NEXT_PUBLIC_DASHBOARD_URL=$NEXT_PUBLIC_DASHBOARD_URL \\\n NEXT_PUBLIC_ADMIN_URL=$NEXT_PUBLIC_ADMIN_URL\n",
"value": "NEXT_PUBLIC_API_URL=$NEXT_PUBLIC_API_URL NEXT_PUBLIC_MARKETPLACE_URL=$NEXT_PUBLIC_MARKETPLACE_URL NEXT_PUBLIC_DASHBOARD_URL=$NEXT_PUBLIC_DASHBOARD_URL NEXT_PUBLIC_ADMIN_URL=$NEXT_PUBLIC_ADMIN_URL",
"__startline__": 15,
"__endline__": 18
},
"label_": "resource: ENV",
"id_": "ENV",
"source_": "Dockerfile",
"content": "ENV NEXT_PUBLIC_API_URL=$NEXT_PUBLIC_API_URL \\\n NEXT_PUBLIC_MARKETPLACE_URL=$NEXT_PUBLIC_MARKETPLACE_URL \\\n NEXT_PUBLIC_DASHBOARD_URL=$NEXT_PUBLIC_DASHBOARD_URL \\\n NEXT_PUBLIC_ADMIN_URL=$NEXT_PUBLIC_ADMIN_URL\n",
"value": "NEXT_PUBLIC_API_URL=$NEXT_PUBLIC_API_URL NEXT_PUBLIC_MARKETPLACE_URL=$NEXT_PUBLIC_MARKETPLACE_URL NEXT_PUBLIC_DASHBOARD_URL=$NEXT_PUBLIC_DASHBOARD_URL NEXT_PUBLIC_ADMIN_URL=$NEXT_PUBLIC_ADMIN_URL",
"__startline__": 15,
"__endline__": 18,
"resource_type": "ENV",
"hash": "65abe3eb0aadfa3b1ed513b9e21f4f8c4524ec8c298e7123de46806870b90557"
},
"evaluated_keys": [
"value"
]
},
"code_block": [
[
16,
"ENV NEXT_PUBLIC_API_URL=$NEXT_PUBLIC_API_URL \\\n"
],
[
17,
" NEXT_PUBLIC_MARKETPLACE_URL=$NEXT_PUBLIC_MARKETPLACE_URL \\\n"
],
[
18,
" NEXT_PUBLIC_DASHBOARD_URL=$NEXT_PUBLIC_DASHBOARD_URL \\\n"
],
[
19,
" NEXT_PUBLIC_ADMIN_URL=$NEXT_PUBLIC_ADMIN_URL\n"
]
],
"file_path": "/Dockerfile.production",
"file_abs_path": "/scan/Dockerfile.production",
"repo_file_path": "/Dockerfile.production",
"file_line_range": [
16,
19
],
"resource": "/Dockerfile.production.ENV",
"evaluations": null,
"check_class": "checkov.common.graph.checks_infra.base_check",
"fixed_definition": null,
"entity_tags": null,
"caller_file_path": null,
"caller_file_line_range": null,
"resource_address": null,
"severity": null,
"bc_category": null,
"benchmarks": null,
"description": null,
"short_description": null,
"vulnerability_details": null,
"connected_node": null,
"guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-node-tls-secure",
"details": [],
"check_len": null,
"definition_context_file_path": null
},
{
"check_id": "CKV2_DOCKER_6",
"bc_check_id": null,
"check_name": "Ensure that certificate validation isn't disabled with the NODE_TLS_REJECT_UNAUTHORIZED environment variable",
"check_result": {
"result": "PASSED",
"entity": {
"block_name_": "ENV",
"block_type_": "resource",
"file_path_": "/Dockerfile.production",
"config_": {
"content": "ENV NODE_ENV=production\n",
"value": "NODE_ENV=production",
"__startline__": 28,
"__endline__": 28
},
"label_": "resource: ENV",
"id_": "ENV",
"source_": "Dockerfile",
"content": "ENV NODE_ENV=production\n",
"value": "NODE_ENV=production",
"__startline__": 28,
"__endline__": 28,
"resource_type": "ENV",
"hash": "5a6afcff0e4c111b04ace6d372feb2943096034796456739be650482e87f3e0e"
},
"evaluated_keys": [
"value"
]
},
"code_block": [
[
29,
"ENV NODE_ENV=production\n"
]
],
"file_path": "/Dockerfile.production",
"file_abs_path": "/scan/Dockerfile.production",
"repo_file_path": "/Dockerfile.production",
"file_line_range": [
29,
29
],
"resource": "/Dockerfile.production.ENV",
"evaluations": null,
"check_class": "checkov.common.graph.checks_infra.base_check",
"fixed_definition": null,
"entity_tags": null,
"caller_file_path": null,
"caller_file_line_range": null,
"resource_address": null,
"severity": null,
"bc_category": null,
"benchmarks": null,
"description": null,
"short_description": null,
"vulnerability_details": null,
"connected_node": null,
"guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-node-tls-secure",
"details": [],
"check_len": null,
"definition_context_file_path": null
},
{
"check_id": "CKV2_DOCKER_6",
"bc_check_id": null,
"check_name": "Ensure that certificate validation isn't disabled with the NODE_TLS_REJECT_UNAUTHORIZED environment variable",
"check_result": {
"result": "PASSED",
"entity": {
"block_name_": "RUN",
"block_type_": "resource",
"file_path_": "/Dockerfile.test",
"config_": {
"content": "RUN corepack enable && corepack prepare npm@10.5.0 --activate\n",
"value": "corepack enable && corepack prepare npm@10.5.0 --activate",
"__startline__": 4,
"__endline__": 4
},
"label_": "resource: RUN",
"id_": "RUN",
"source_": "Dockerfile",
"content": "RUN corepack enable && corepack prepare npm@10.5.0 --activate\n",
"value": "corepack enable && corepack prepare npm@10.5.0 --activate",
"__startline__": 4,
"__endline__": 4,
"resource_type": "RUN",
"hash": "1d5fb0a211498b8baf37e5744578ad03459da7798534298981f23fdefb7eb757"
},
"evaluated_keys": [
"value"
]
},
"code_block": [
[
5,
"RUN corepack enable && corepack prepare npm@10.5.0 --activate\n"
]
],
"file_path": "/Dockerfile.test",
"file_abs_path": "/scan/Dockerfile.test",
"repo_file_path": "/Dockerfile.test",
"file_line_range": [
5,
5
],
"resource": "/Dockerfile.test.RUN",
"evaluations": null,
"check_class": "checkov.common.graph.checks_infra.base_check",
"fixed_definition": null,
"entity_tags": null,
"caller_file_path": null,
"caller_file_line_range": null,
"resource_address": null,
"severity": null,
"bc_category": null,
"benchmarks": null,
"description": null,
"short_description": null,
"vulnerability_details": null,
"connected_node": null,
"guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-node-tls-secure",
"details": [],
"check_len": null,
"definition_context_file_path": null
},
{
"check_id": "CKV2_DOCKER_6",
"bc_check_id": null,
"check_name": "Ensure that certificate validation isn't disabled with the NODE_TLS_REJECT_UNAUTHORIZED environment variable",
"check_result": {
"result": "PASSED",
"entity": {
"block_name_": "RUN",
"block_type_": "resource",
"file_path_": "/Dockerfile.test",
"config_": {
"content": "RUN npm install\n",
"value": "npm install",
"__startline__": 10,
"__endline__": 10
},
"label_": "resource: RUN",
"id_": "RUN",
"source_": "Dockerfile",
"content": "RUN npm install\n",
"value": "npm install",
"__startline__": 10,
"__endline__": 10,
"resource_type": "RUN",
"hash": "fb809e4860a3131df821aea9480445cc6e2f66dd52744dab5f3d2ef5b2848436"
},
"evaluated_keys": [
"value"
]
},
"code_block": [
[
11,
"RUN npm install\n"
]
],
"file_path": "/Dockerfile.test",
"file_abs_path": "/scan/Dockerfile.test",
"repo_file_path": "/Dockerfile.test",
"file_line_range": [
11,
11
],
"resource": "/Dockerfile.test.RUN",
"evaluations": null,
"check_class": "checkov.common.graph.checks_infra.base_check",
"fixed_definition": null,
"entity_tags": null,
"caller_file_path": null,
"caller_file_line_range": null,
"resource_address": null,
"severity": null,
"bc_category": null,
"benchmarks": null,
"description": null,
"short_description": null,
"vulnerability_details": null,
"connected_node": null,
"guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-node-tls-secure",
"details": [],
"check_len": null,
"definition_context_file_path": null
},
{
"check_id": "CKV2_DOCKER_6",
"bc_check_id": null,
"check_name": "Ensure that certificate validation isn't disabled with the NODE_TLS_REJECT_UNAUTHORIZED environment variable",
"check_result": {
"result": "PASSED",
"entity": {
"block_name_": "ENV",
"block_type_": "resource",
"file_path_": "/Dockerfile.test",
"config_": {
"content": "ENV NODE_ENV=test\n",
"value": "NODE_ENV=test",
"__startline__": 12,
"__endline__": 12
},
"label_": "resource: ENV",
"id_": "ENV",
"source_": "Dockerfile",
"content": "ENV NODE_ENV=test\n",
"value": "NODE_ENV=test",
"__startline__": 12,
"__endline__": 12,
"resource_type": "ENV",
"hash": "14d83a642c69d4cf67fcdbeb6dace7ba464024fdcad52f8129d63c78042457cb"
},
"evaluated_keys": [
"value"
]
},
"code_block": [
[
13,
"ENV NODE_ENV=test\n"
]
],
"file_path": "/Dockerfile.test",
"file_abs_path": "/scan/Dockerfile.test",
"repo_file_path": "/Dockerfile.test",
"file_line_range": [
13,
13
],
"resource": "/Dockerfile.test.ENV",
"evaluations": null,
"check_class": "checkov.common.graph.checks_infra.base_check",
"fixed_definition": null,
"entity_tags": null,
"caller_file_path": null,
"caller_file_line_range": null,
"resource_address": null,
"severity": null,
"bc_category": null,
"benchmarks": null,
"description": null,
"short_description": null,
"vulnerability_details": null,
"connected_node": null,
"guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-node-tls-secure",
"details": [],
"check_len": null,
"definition_context_file_path": null
},
{
"check_id": "CKV2_DOCKER_6",
"bc_check_id": null,
"check_name": "Ensure that certificate validation isn't disabled with the NODE_TLS_REJECT_UNAUTHORIZED environment variable",
"check_result": {
"result": "PASSED",
"entity": {
"block_name_": "RUN",
"block_type_": "resource",
"file_path_": "/Dockerfile.dev",
"config_": {
"content": "RUN npm install -g npm@10.5.0 --no-fund --no-audit\n",
"value": "npm install -g npm@10.5.0 --no-fund --no-audit",
"__startline__": 4,
"__endline__": 4
},
"label_": "resource: RUN",
"id_": "RUN",
"source_": "Dockerfile",
"content": "RUN npm install -g npm@10.5.0 --no-fund --no-audit\n",
"value": "npm install -g npm@10.5.0 --no-fund --no-audit",
"__startline__": 4,
"__endline__": 4,
"resource_type": "RUN",
"hash": "435bba968d1d0b4c410ea33851637829a16b2ad878f0b9531a737c7a444f91b9"
},
"evaluated_keys": [
"value"
]
},
"code_block": [
[
5,
"RUN npm install -g npm@10.5.0 --no-fund --no-audit\n"
]
],
"file_path": "/Dockerfile.dev",
"file_abs_path": "/scan/Dockerfile.dev",
"repo_file_path": "/Dockerfile.dev",
"file_line_range": [
5,
5
],
"resource": "/Dockerfile.dev.RUN",
"evaluations": null,
"check_class": "checkov.common.graph.checks_infra.base_check",
"fixed_definition": null,
"entity_tags": null,
"caller_file_path": null,
"caller_file_line_range": null,
"resource_address": null,
"severity": null,
"bc_category": null,
"benchmarks": null,
"description": null,
"short_description": null,
"vulnerability_details": null,
"connected_node": null,
"guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-node-tls-secure",
"details": [],
"check_len": null,
"definition_context_file_path": null
},
{
"check_id": "CKV2_DOCKER_6",
"bc_check_id": null,
"check_name": "Ensure that certificate validation isn't disabled with the NODE_TLS_REJECT_UNAUTHORIZED environment variable",
"check_result": {
"result": "PASSED",
"entity": {
"block_name_": "RUN",
"block_type_": "resource",
"file_path_": "/Dockerfile.dev",
"config_": {
"content": "RUN npm ci --no-fund --no-audit\n",
"value": "npm ci --no-fund --no-audit",
"__startline__": 10,
"__endline__": 10
},
"label_": "resource: RUN",
"id_": "RUN",
"source_": "Dockerfile",
"content": "RUN npm ci --no-fund --no-audit\n",
"value": "npm ci --no-fund --no-audit",
"__startline__": 10,
"__endline__": 10,
"resource_type": "RUN",
"hash": "57abb1bbe03890ab19f47e5f96b9cbcee02aab65f6980d523df42faf41b709fa"
},
"evaluated_keys": [
"value"
]
},
"code_block": [
[
11,
"RUN npm ci --no-fund --no-audit\n"
]
],
"file_path": "/Dockerfile.dev",
"file_abs_path": "/scan/Dockerfile.dev",
"repo_file_path": "/Dockerfile.dev",
"file_line_range": [
11,
11
],
"resource": "/Dockerfile.dev.RUN",
"evaluations": null,
"check_class": "checkov.common.graph.checks_infra.base_check",
"fixed_definition": null,
"entity_tags": null,
"caller_file_path": null,
"caller_file_line_range": null,
"resource_address": null,
"severity": null,
"bc_category": null,
"benchmarks": null,
"description": null,
"short_description": null,
"vulnerability_details": null,
"connected_node": null,
"guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-node-tls-secure",
"details": [],
"check_len": null,
"definition_context_file_path": null
},
{
"check_id": "CKV2_DOCKER_11",
"bc_check_id": null,
"check_name": "Ensure that the '--force-yes' option is not used, as it disables signature validation and allows packages to be downgraded which can leave the system in a broken or inconsistent state",
"check_result": {
"result": "PASSED",
"entity": {
"block_name_": "RUN",
"block_type_": "resource",
"file_path_": "/Dockerfile.production",
"config_": {
"content": "RUN corepack enable && corepack prepare npm@10.5.0 --activate\n",
"value": "corepack enable && corepack prepare npm@10.5.0 --activate",
"__startline__": 4,
"__endline__": 4
},
"label_": "resource: RUN",
"id_": "RUN",
"source_": "Dockerfile",
"content": "RUN corepack enable && corepack prepare npm@10.5.0 --activate\n",
"value": "corepack enable && corepack prepare npm@10.5.0 --activate",
"__startline__": 4,
"__endline__": 4,
"resource_type": "RUN",
"hash": "dbd32b6bad6b728919787011f82d60c50d7b2d1c079f814de2b1640696c98816"
},
"evaluated_keys": [
"value"
]
},
"code_block": [
[
5,
"RUN corepack enable && corepack prepare npm@10.5.0 --activate\n"
]
],
"file_path": "/Dockerfile.production",
"file_abs_path": "/scan/Dockerfile.production",
"repo_file_path": "/Dockerfile.production",
"file_line_range": [
5,
5
],
"resource": "/Dockerfile.production.RUN",
"evaluations": null,
"check_class": "checkov.common.graph.checks_infra.base_check",
"fixed_definition": null,
"entity_tags": null,
"caller_file_path": null,
"caller_file_line_range": null,
"resource_address": null,
"severity": null,
"bc_category": null,
"benchmarks": null,
"description": null,
"short_description": null,
"vulnerability_details": null,
"connected_node": null,
"guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-apt-force",
"details": [],
"check_len": null,
"definition_context_file_path": null
},
{
"check_id": "CKV2_DOCKER_11",
"bc_check_id": null,
"check_name": "Ensure that the '--force-yes' option is not used, as it disables signature validation and allows packages to be downgraded which can leave the system in a broken or inconsistent state",
"check_result": {
"result": "PASSED",
"entity": {
"block_name_": "RUN",
"block_type_": "resource",
"file_path_": "/Dockerfile.production",
"config_": {
"content": "RUN npm install\n",
"value": "npm install",
"__startline__": 20,
"__endline__": 20
},
"label_": "resource: RUN",
"id_": "RUN",
"source_": "Dockerfile",
"content": "RUN npm install\n",
"value": "npm install",
"__startline__": 20,
"__endline__": 20,
"resource_type": "RUN",
"hash": "6979b14e6a853ac150ffef85c5e28fd49c956054ea2cb1d01440e13b17260c4a"
},
"evaluated_keys": [
"value"
]
},
"code_block": [
[
21,
"RUN npm install\n"
]
],
"file_path": "/Dockerfile.production",
"file_abs_path": "/scan/Dockerfile.production",
"repo_file_path": "/Dockerfile.production",
"file_line_range": [
21,
21
],
"resource": "/Dockerfile.production.RUN",
"evaluations": null,
"check_class": "checkov.common.graph.checks_infra.base_check",
"fixed_definition": null,
"entity_tags": null,
"caller_file_path": null,
"caller_file_line_range": null,
"resource_address": null,
"severity": null,
"bc_category": null,
"benchmarks": null,
"description": null,
"short_description": null,
"vulnerability_details": null,
"connected_node": null,
"guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-apt-force",
"details": [],
"check_len": null,
"definition_context_file_path": null
},
{
"check_id": "CKV2_DOCKER_11",
"bc_check_id": null,
"check_name": "Ensure that the '--force-yes' option is not used, as it disables signature validation and allows packages to be downgraded which can leave the system in a broken or inconsistent state",
"check_result": {
"result": "PASSED",
"entity": {
"block_name_": "RUN",
"block_type_": "resource",
"file_path_": "/Dockerfile.production",
"config_": {
"content": "RUN npm run db:generate\n",
"value": "npm run db:generate",
"__startline__": 21,
"__endline__": 21
},
"label_": "resource: RUN",
"id_": "RUN",
"source_": "Dockerfile",
"content": "RUN npm run db:generate\n",
"value": "npm run db:generate",
"__startline__": 21,
"__endline__": 21,
"resource_type": "RUN",
"hash": "c1f9cc0c42260bb0183d7e7b9ec2edab99837111ad42dbbdd7fad09ff3e37ab0"
},
"evaluated_keys": [
"value"
]
},
"code_block": [
[
22,
"RUN npm run db:generate\n"
]
],
"file_path": "/Dockerfile.production",
"file_abs_path": "/scan/Dockerfile.production",
"repo_file_path": "/Dockerfile.production",
"file_line_range": [
22,
22
],
"resource": "/Dockerfile.production.RUN",
"evaluations": null,
"check_class": "checkov.common.graph.checks_infra.base_check",
"fixed_definition": null,
"entity_tags": null,
"caller_file_path": null,
"caller_file_line_range": null,
"resource_address": null,
"severity": null,
"bc_category": null,
"benchmarks": null,
"description": null,
"short_description": null,
"vulnerability_details": null,
"connected_node": null,
"guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-apt-force",
"details": [],
"check_len": null,
"definition_context_file_path": null
},
{
"check_id": "CKV2_DOCKER_11",
"bc_check_id": null,
"check_name": "Ensure that the '--force-yes' option is not used, as it disables signature validation and allows packages to be downgraded which can leave the system in a broken or inconsistent state",
"check_result": {
"result": "PASSED",
"entity": {
"block_name_": "RUN",
"block_type_": "resource",
"file_path_": "/Dockerfile.production",
"config_": {
"content": "RUN npm run build\n",
"value": "npm run build",
"__startline__": 22,
"__endline__": 22
},
"label_": "resource: RUN",
"id_": "RUN",
"source_": "Dockerfile",
"content": "RUN npm run build\n",
"value": "npm run build",
"__startline__": 22,
"__endline__": 22,
"resource_type": "RUN",
"hash": "1bf185fb6038f1b491f2a2686de4dd9869ccdd9c3e34d2772cf43bd368377aa6"
},
"evaluated_keys": [
"value"
]
},
"code_block": [
[
23,
"RUN npm run build\n"
]
],
"file_path": "/Dockerfile.production",
"file_abs_path": "/scan/Dockerfile.production",
"repo_file_path": "/Dockerfile.production",
"file_line_range": [
23,
23
],
"resource": "/Dockerfile.production.RUN",
"evaluations": null,
"check_class": "checkov.common.graph.checks_infra.base_check",
"fixed_definition": null,
"entity_tags": null,
"caller_file_path": null,
"caller_file_line_range": null,
"resource_address": null,
"severity": null,
"bc_category": null,
"benchmarks": null,
"description": null,
"short_description": null,
"vulnerability_details": null,
"connected_node": null,
"guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-apt-force",
"details": [],
"check_len": null,
"definition_context_file_path": null
},
{
"check_id": "CKV2_DOCKER_11",
"bc_check_id": null,
"check_name": "Ensure that the '--force-yes' option is not used, as it disables signature validation and allows packages to be downgraded which can leave the system in a broken or inconsistent state",
"check_result": {
"result": "PASSED",
"entity": {
"block_name_": "RUN",
"block_type_": "resource",
"file_path_": "/Dockerfile.production",
"config_": {
"content": "RUN corepack enable && corepack prepare npm@10.5.0 --activate\n",
"value": "corepack enable && corepack prepare npm@10.5.0 --activate",
"__startline__": 30,
"__endline__": 30
},
"label_": "resource: RUN",
"id_": "RUN",
"source_": "Dockerfile",
"content": "RUN corepack enable && corepack prepare npm@10.5.0 --activate\n",
"value": "corepack enable && corepack prepare npm@10.5.0 --activate",
"__startline__": 30,
"__endline__": 30,
"resource_type": "RUN",
"hash": "01c88e306f7db45ae7136e3bdb63c4b15978dd024f6ed18210961fc3db3df382"
},
"evaluated_keys": [
"value"
]
},
"code_block": [
[
31,
"RUN corepack enable && corepack prepare npm@10.5.0 --activate\n"
]
],
"file_path": "/Dockerfile.production",
"file_abs_path": "/scan/Dockerfile.production",
"repo_file_path": "/Dockerfile.production",
"file_line_range": [
31,
31
],
"resource": "/Dockerfile.production.RUN",
"evaluations": null,
"check_class": "checkov.common.graph.checks_infra.base_check",
"fixed_definition": null,
"entity_tags": null,
"caller_file_path": null,
"caller_file_line_range": null,
"resource_address": null,
"severity": null,
"bc_category": null,
"benchmarks": null,
"description": null,
"short_description": null,
"vulnerability_details": null,
"connected_node": null,
"guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-apt-force",
"details": [],
"check_len": null,
"definition_context_file_path": null
},
{
"check_id": "CKV2_DOCKER_11",
"bc_check_id": null,
"check_name": "Ensure that the '--force-yes' option is not used, as it disables signature validation and allows packages to be downgraded which can leave the system in a broken or inconsistent state",
"check_result": {
"result": "PASSED",
"entity": {
"block_name_": "RUN",
"block_type_": "resource",
"file_path_": "/Dockerfile.test",
"config_": {
"content": "RUN corepack enable && corepack prepare npm@10.5.0 --activate\n",
"value": "corepack enable && corepack prepare npm@10.5.0 --activate",
"__startline__": 4,
"__endline__": 4
},
"label_": "resource: RUN",
"id_": "RUN",
"source_": "Dockerfile",
"content": "RUN corepack enable && corepack prepare npm@10.5.0 --activate\n",
"value": "corepack enable && corepack prepare npm@10.5.0 --activate",
"__startline__": 4,
"__endline__": 4,
"resource_type": "RUN",
"hash": "1d5fb0a211498b8baf37e5744578ad03459da7798534298981f23fdefb7eb757"
},
"evaluated_keys": [
"value"
]
},
"code_block": [
[
5,
"RUN corepack enable && corepack prepare npm@10.5.0 --activate\n"
]
],
"file_path": "/Dockerfile.test",
"file_abs_path": "/scan/Dockerfile.test",
"repo_file_path": "/Dockerfile.test",
"file_line_range": [
5,
5
],
"resource": "/Dockerfile.test.RUN",
"evaluations": null,
"check_class": "checkov.common.graph.checks_infra.base_check",
"fixed_definition": null,
"entity_tags": null,
"caller_file_path": null,
"caller_file_line_range": null,
"resource_address": null,
"severity": null,
"bc_category": null,
"benchmarks": null,
"description": null,
"short_description": null,
"vulnerability_details": null,
"connected_node": null,
"guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-apt-force",
"details": [],
"check_len": null,
"definition_context_file_path": null
},
{
"check_id": "CKV2_DOCKER_11",
"bc_check_id": null,
"check_name": "Ensure that the '--force-yes' option is not used, as it disables signature validation and allows packages to be downgraded which can leave the system in a broken or inconsistent state",
"check_result": {
"result": "PASSED",
"entity": {
"block_name_": "RUN",
"block_type_": "resource",
"file_path_": "/Dockerfile.test",
"config_": {
"content": "RUN npm install\n",
"value": "npm install",
"__startline__": 10,
"__endline__": 10
},
"label_": "resource: RUN",
"id_": "RUN",
"source_": "Dockerfile",
"content": "RUN npm install\n",
"value": "npm install",
"__startline__": 10,
"__endline__": 10,
"resource_type": "RUN",
"hash": "fb809e4860a3131df821aea9480445cc6e2f66dd52744dab5f3d2ef5b2848436"
},
"evaluated_keys": [
"value"
]
},
"code_block": [
[
11,
"RUN npm install\n"
]
],
"file_path": "/Dockerfile.test",
"file_abs_path": "/scan/Dockerfile.test",
"repo_file_path": "/Dockerfile.test",
"file_line_range": [
11,
11
],
"resource": "/Dockerfile.test.RUN",
"evaluations": null,
"check_class": "checkov.common.graph.checks_infra.base_check",
"fixed_definition": null,
"entity_tags": null,
"caller_file_path": null,
"caller_file_line_range": null,
"resource_address": null,
"severity": null,
"bc_category": null,
"benchmarks": null,
"description": null,
"short_description": null,
"vulnerability_details": null,
"connected_node": null,
"guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-apt-force",
"details": [],
"check_len": null,
"definition_context_file_path": null
},
{
"check_id": "CKV2_DOCKER_11",
"bc_check_id": null,
"check_name": "Ensure that the '--force-yes' option is not used, as it disables signature validation and allows packages to be downgraded which can leave the system in a broken or inconsistent state",
"check_result": {
"result": "PASSED",
"entity": {
"block_name_": "RUN",
"block_type_": "resource",
"file_path_": "/Dockerfile.dev",
"config_": {
"content": "RUN npm install -g npm@10.5.0 --no-fund --no-audit\n",
"value": "npm install -g npm@10.5.0 --no-fund --no-audit",
"__startline__": 4,
"__endline__": 4
},
"label_": "resource: RUN",
"id_": "RUN",
"source_": "Dockerfile",
"content": "RUN npm install -g npm@10.5.0 --no-fund --no-audit\n",
"value": "npm install -g npm@10.5.0 --no-fund --no-audit",
"__startline__": 4,
"__endline__": 4,
"resource_type": "RUN",
"hash": "435bba968d1d0b4c410ea33851637829a16b2ad878f0b9531a737c7a444f91b9"
},
"evaluated_keys": [
"value"
]
},
"code_block": [
[
5,
"RUN npm install -g npm@10.5.0 --no-fund --no-audit\n"
]
],
"file_path": "/Dockerfile.dev",
"file_abs_path": "/scan/Dockerfile.dev",
"repo_file_path": "/Dockerfile.dev",
"file_line_range": [
5,
5
],
"resource": "/Dockerfile.dev.RUN",
"evaluations": null,
"check_class": "checkov.common.graph.checks_infra.base_check",
"fixed_definition": null,
"entity_tags": null,
"caller_file_path": null,
"caller_file_line_range": null,
"resource_address": null,
"severity": null,
"bc_category": null,
"benchmarks": null,
"description": null,
"short_description": null,
"vulnerability_details": null,
"connected_node": null,
"guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-apt-force",
"details": [],
"check_len": null,
"definition_context_file_path": null
},
{
"check_id": "CKV2_DOCKER_11",
"bc_check_id": null,
"check_name": "Ensure that the '--force-yes' option is not used, as it disables signature validation and allows packages to be downgraded which can leave the system in a broken or inconsistent state",
"check_result": {
"result": "PASSED",
"entity": {
"block_name_": "RUN",
"block_type_": "resource",
"file_path_": "/Dockerfile.dev",
"config_": {
"content": "RUN npm ci --no-fund --no-audit\n",
"value": "npm ci --no-fund --no-audit",
"__startline__": 10,
"__endline__": 10
},
"label_": "resource: RUN",
"id_": "RUN",
"source_": "Dockerfile",
"content": "RUN npm ci --no-fund --no-audit\n",
"value": "npm ci --no-fund --no-audit",
"__startline__": 10,
"__endline__": 10,
"resource_type": "RUN",
"hash": "57abb1bbe03890ab19f47e5f96b9cbcee02aab65f6980d523df42faf41b709fa"
},
"evaluated_keys": [
"value"
]
},
"code_block": [
[
11,
"RUN npm ci --no-fund --no-audit\n"
]
],
"file_path": "/Dockerfile.dev",
"file_abs_path": "/scan/Dockerfile.dev",
"repo_file_path": "/Dockerfile.dev",
"file_line_range": [
11,
11
],
"resource": "/Dockerfile.dev.RUN",
"evaluations": null,
"check_class": "checkov.common.graph.checks_infra.base_check",
"fixed_definition": null,
"entity_tags": null,
"caller_file_path": null,
"caller_file_line_range": null,
"resource_address": null,
"severity": null,
"bc_category": null,
"benchmarks": null,
"description": null,
"short_description": null,
"vulnerability_details": null,
"connected_node": null,
"guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-apt-force",
"details": [],
"check_len": null,
"definition_context_file_path": null
},
{
"check_id": "CKV2_DOCKER_3",
"bc_check_id": null,
"check_name": "Ensure that certificate validation isn't disabled with wget",
"check_result": {
"result": "PASSED",
"entity": {
"block_name_": "RUN",
"block_type_": "resource",
"file_path_": "/Dockerfile.production",
"config_": {
"content": "RUN corepack enable && corepack prepare npm@10.5.0 --activate\n",
"value": "corepack enable && corepack prepare npm@10.5.0 --activate",
"__startline__": 4,
"__endline__": 4
},
"label_": "resource: RUN",
"id_": "RUN",
"source_": "Dockerfile",
"content": "RUN corepack enable && corepack prepare npm@10.5.0 --activate\n",
"value": "corepack enable && corepack prepare npm@10.5.0 --activate",
"__startline__": 4,
"__endline__": 4,
"resource_type": "RUN",
"hash": "dbd32b6bad6b728919787011f82d60c50d7b2d1c079f814de2b1640696c98816"
},
"evaluated_keys": [
"value"
]
},
"code_block": [
[
5,
"RUN corepack enable && corepack prepare npm@10.5.0 --activate\n"
]
],
"file_path": "/Dockerfile.production",
"file_abs_path": "/scan/Dockerfile.production",
"repo_file_path": "/Dockerfile.production",
"file_line_range": [
5,
5
],
"resource": "/Dockerfile.production.RUN",
"evaluations": null,
"check_class": "checkov.common.graph.checks_infra.base_check",
"fixed_definition": null,
"entity_tags": null,
"caller_file_path": null,
"caller_file_line_range": null,
"resource_address": null,
"severity": null,
"bc_category": null,
"benchmarks": null,
"description": null,
"short_description": null,
"vulnerability_details": null,
"connected_node": null,
"guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-wget-secure",
"details": [],
"check_len": null,
"definition_context_file_path": null
},
{
"check_id": "CKV2_DOCKER_3",
"bc_check_id": null,
"check_name": "Ensure that certificate validation isn't disabled with wget",
"check_result": {
"result": "PASSED",
"entity": {
"block_name_": "RUN",
"block_type_": "resource",
"file_path_": "/Dockerfile.production",
"config_": {
"content": "RUN npm install\n",
"value": "npm install",
"__startline__": 20,
"__endline__": 20
},
"label_": "resource: RUN",
"id_": "RUN",
"source_": "Dockerfile",
"content": "RUN npm install\n",
"value": "npm install",
"__startline__": 20,
"__endline__": 20,
"resource_type": "RUN",
"hash": "6979b14e6a853ac150ffef85c5e28fd49c956054ea2cb1d01440e13b17260c4a"
},
"evaluated_keys": [
"value"
]
},
"code_block": [
[
21,
"RUN npm install\n"
]
],
"file_path": "/Dockerfile.production",
"file_abs_path": "/scan/Dockerfile.production",
"repo_file_path": "/Dockerfile.production",
"file_line_range": [
21,
21
],
"resource": "/Dockerfile.production.RUN",
"evaluations": null,
"check_class": "checkov.common.graph.checks_infra.base_check",
"fixed_definition": null,
"entity_tags": null,
"caller_file_path": null,
"caller_file_line_range": null,
"resource_address": null,
"severity": null,
"bc_category": null,
"benchmarks": null,
"description": null,
"short_description": null,
"vulnerability_details": null,
"connected_node": null,
"guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-wget-secure",
"details": [],
"check_len": null,
"definition_context_file_path": null
},
{
"check_id": "CKV2_DOCKER_3",
"bc_check_id": null,
"check_name": "Ensure that certificate validation isn't disabled with wget",
"check_result": {
"result": "PASSED",
"entity": {
"block_name_": "RUN",
"block_type_": "resource",
"file_path_": "/Dockerfile.production",
"config_": {
"content": "RUN npm run db:generate\n",
"value": "npm run db:generate",
"__startline__": 21,
"__endline__": 21
},
"label_": "resource: RUN",
"id_": "RUN",
"source_": "Dockerfile",
"content": "RUN npm run db:generate\n",
"value": "npm run db:generate",
"__startline__": 21,
"__endline__": 21,
"resource_type": "RUN",
"hash": "c1f9cc0c42260bb0183d7e7b9ec2edab99837111ad42dbbdd7fad09ff3e37ab0"
},
"evaluated_keys": [
"value"
]
},
"code_block": [
[
22,
"RUN npm run db:generate\n"
]
],
"file_path": "/Dockerfile.production",
"file_abs_path": "/scan/Dockerfile.production",
"repo_file_path": "/Dockerfile.production",
"file_line_range": [
22,
22
],
"resource": "/Dockerfile.production.RUN",
"evaluations": null,
"check_class": "checkov.common.graph.checks_infra.base_check",
"fixed_definition": null,
"entity_tags": null,
"caller_file_path": null,
"caller_file_line_range": null,
"resource_address": null,
"severity": null,
"bc_category": null,
"benchmarks": null,
"description": null,
"short_description": null,
"vulnerability_details": null,
"connected_node": null,
"guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-wget-secure",
"details": [],
"check_len": null,
"definition_context_file_path": null
},
{
"check_id": "CKV2_DOCKER_3",
"bc_check_id": null,
"check_name": "Ensure that certificate validation isn't disabled with wget",
"check_result": {
"result": "PASSED",
"entity": {
"block_name_": "RUN",
"block_type_": "resource",
"file_path_": "/Dockerfile.production",
"config_": {
"content": "RUN npm run build\n",
"value": "npm run build",
"__startline__": 22,
"__endline__": 22
},
"label_": "resource: RUN",
"id_": "RUN",
"source_": "Dockerfile",
"content": "RUN npm run build\n",
"value": "npm run build",
"__startline__": 22,
"__endline__": 22,
"resource_type": "RUN",
"hash": "1bf185fb6038f1b491f2a2686de4dd9869ccdd9c3e34d2772cf43bd368377aa6"
},
"evaluated_keys": [
"value"
]
},
"code_block": [
[
23,
"RUN npm run build\n"
]
],
"file_path": "/Dockerfile.production",
"file_abs_path": "/scan/Dockerfile.production",
"repo_file_path": "/Dockerfile.production",
"file_line_range": [
23,
23
],
"resource": "/Dockerfile.production.RUN",
"evaluations": null,
"check_class": "checkov.common.graph.checks_infra.base_check",
"fixed_definition": null,
"entity_tags": null,
"caller_file_path": null,
"caller_file_line_range": null,
"resource_address": null,
"severity": null,
"bc_category": null,
"benchmarks": null,
"description": null,
"short_description": null,
"vulnerability_details": null,
"connected_node": null,
"guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-wget-secure",
"details": [],
"check_len": null,
"definition_context_file_path": null
},
{
"check_id": "CKV2_DOCKER_3",
"bc_check_id": null,
"check_name": "Ensure that certificate validation isn't disabled with wget",
"check_result": {
"result": "PASSED",
"entity": {
"block_name_": "RUN",
"block_type_": "resource",
"file_path_": "/Dockerfile.production",
"config_": {
"content": "RUN corepack enable && corepack prepare npm@10.5.0 --activate\n",
"value": "corepack enable && corepack prepare npm@10.5.0 --activate",
"__startline__": 30,
"__endline__": 30
},
"label_": "resource: RUN",
"id_": "RUN",
"source_": "Dockerfile",
"content": "RUN corepack enable && corepack prepare npm@10.5.0 --activate\n",
"value": "corepack enable && corepack prepare npm@10.5.0 --activate",
"__startline__": 30,
"__endline__": 30,
"resource_type": "RUN",
"hash": "01c88e306f7db45ae7136e3bdb63c4b15978dd024f6ed18210961fc3db3df382"
},
"evaluated_keys": [
"value"
]
},
"code_block": [
[
31,
"RUN corepack enable && corepack prepare npm@10.5.0 --activate\n"
]
],
"file_path": "/Dockerfile.production",
"file_abs_path": "/scan/Dockerfile.production",
"repo_file_path": "/Dockerfile.production",
"file_line_range": [
31,
31
],
"resource": "/Dockerfile.production.RUN",
"evaluations": null,
"check_class": "checkov.common.graph.checks_infra.base_check",
"fixed_definition": null,
"entity_tags": null,
"caller_file_path": null,
"caller_file_line_range": null,
"resource_address": null,
"severity": null,
"bc_category": null,
"benchmarks": null,
"description": null,
"short_description": null,
"vulnerability_details": null,
"connected_node": null,
"guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-wget-secure",
"details": [],
"check_len": null,
"definition_context_file_path": null
},
{
"check_id": "CKV2_DOCKER_3",
"bc_check_id": null,
"check_name": "Ensure that certificate validation isn't disabled with wget",
"check_result": {
"result": "PASSED",
"entity": {
"block_name_": "RUN",
"block_type_": "resource",
"file_path_": "/Dockerfile.test",
"config_": {
"content": "RUN corepack enable && corepack prepare npm@10.5.0 --activate\n",
"value": "corepack enable && corepack prepare npm@10.5.0 --activate",
"__startline__": 4,
"__endline__": 4
},
"label_": "resource: RUN",
"id_": "RUN",
"source_": "Dockerfile",
"content": "RUN corepack enable && corepack prepare npm@10.5.0 --activate\n",
"value": "corepack enable && corepack prepare npm@10.5.0 --activate",
"__startline__": 4,
"__endline__": 4,
"resource_type": "RUN",
"hash": "1d5fb0a211498b8baf37e5744578ad03459da7798534298981f23fdefb7eb757"
},
"evaluated_keys": [
"value"
]
},
"code_block": [
[
5,
"RUN corepack enable && corepack prepare npm@10.5.0 --activate\n"
]
],
"file_path": "/Dockerfile.test",
"file_abs_path": "/scan/Dockerfile.test",
"repo_file_path": "/Dockerfile.test",
"file_line_range": [
5,
5
],
"resource": "/Dockerfile.test.RUN",
"evaluations": null,
"check_class": "checkov.common.graph.checks_infra.base_check",
"fixed_definition": null,
"entity_tags": null,
"caller_file_path": null,
"caller_file_line_range": null,
"resource_address": null,
"severity": null,
"bc_category": null,
"benchmarks": null,
"description": null,
"short_description": null,
"vulnerability_details": null,
"connected_node": null,
"guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-wget-secure",
"details": [],
"check_len": null,
"definition_context_file_path": null
},
{
"check_id": "CKV2_DOCKER_3",
"bc_check_id": null,
"check_name": "Ensure that certificate validation isn't disabled with wget",
"check_result": {
"result": "PASSED",
"entity": {
"block_name_": "RUN",
"block_type_": "resource",
"file_path_": "/Dockerfile.test",
"config_": {
"content": "RUN npm install\n",
"value": "npm install",
"__startline__": 10,
"__endline__": 10
},
"label_": "resource: RUN",
"id_": "RUN",
"source_": "Dockerfile",
"content": "RUN npm install\n",
"value": "npm install",
"__startline__": 10,
"__endline__": 10,
"resource_type": "RUN",
"hash": "fb809e4860a3131df821aea9480445cc6e2f66dd52744dab5f3d2ef5b2848436"
},
"evaluated_keys": [
"value"
]
},
"code_block": [
[
11,
"RUN npm install\n"
]
],
"file_path": "/Dockerfile.test",
"file_abs_path": "/scan/Dockerfile.test",
"repo_file_path": "/Dockerfile.test",
"file_line_range": [
11,
11
],
"resource": "/Dockerfile.test.RUN",
"evaluations": null,
"check_class": "checkov.common.graph.checks_infra.base_check",
"fixed_definition": null,
"entity_tags": null,
"caller_file_path": null,
"caller_file_line_range": null,
"resource_address": null,
"severity": null,
"bc_category": null,
"benchmarks": null,
"description": null,
"short_description": null,
"vulnerability_details": null,
"connected_node": null,
"guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-wget-secure",
"details": [],
"check_len": null,
"definition_context_file_path": null
},
{
"check_id": "CKV2_DOCKER_3",
"bc_check_id": null,
"check_name": "Ensure that certificate validation isn't disabled with wget",
"check_result": {
"result": "PASSED",
"entity": {
"block_name_": "RUN",
"block_type_": "resource",
"file_path_": "/Dockerfile.dev",
"config_": {
"content": "RUN npm install -g npm@10.5.0 --no-fund --no-audit\n",
"value": "npm install -g npm@10.5.0 --no-fund --no-audit",
"__startline__": 4,
"__endline__": 4
},
"label_": "resource: RUN",
"id_": "RUN",
"source_": "Dockerfile",
"content": "RUN npm install -g npm@10.5.0 --no-fund --no-audit\n",
"value": "npm install -g npm@10.5.0 --no-fund --no-audit",
"__startline__": 4,
"__endline__": 4,
"resource_type": "RUN",
"hash": "435bba968d1d0b4c410ea33851637829a16b2ad878f0b9531a737c7a444f91b9"
},
"evaluated_keys": [
"value"
]
},
"code_block": [
[
5,
"RUN npm install -g npm@10.5.0 --no-fund --no-audit\n"
]
],
"file_path": "/Dockerfile.dev",
"file_abs_path": "/scan/Dockerfile.dev",
"repo_file_path": "/Dockerfile.dev",
"file_line_range": [
5,
5
],
"resource": "/Dockerfile.dev.RUN",
"evaluations": null,
"check_class": "checkov.common.graph.checks_infra.base_check",
"fixed_definition": null,
"entity_tags": null,
"caller_file_path": null,
"caller_file_line_range": null,
"resource_address": null,
"severity": null,
"bc_category": null,
"benchmarks": null,
"description": null,
"short_description": null,
"vulnerability_details": null,
"connected_node": null,
"guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-wget-secure",
"details": [],
"check_len": null,
"definition_context_file_path": null
},
{
"check_id": "CKV2_DOCKER_3",
"bc_check_id": null,
"check_name": "Ensure that certificate validation isn't disabled with wget",
"check_result": {
"result": "PASSED",
"entity": {
"block_name_": "RUN",
"block_type_": "resource",
"file_path_": "/Dockerfile.dev",
"config_": {
"content": "RUN npm ci --no-fund --no-audit\n",
"value": "npm ci --no-fund --no-audit",
"__startline__": 10,
"__endline__": 10
},
"label_": "resource: RUN",
"id_": "RUN",
"source_": "Dockerfile",
"content": "RUN npm ci --no-fund --no-audit\n",
"value": "npm ci --no-fund --no-audit",
"__startline__": 10,
"__endline__": 10,
"resource_type": "RUN",
"hash": "57abb1bbe03890ab19f47e5f96b9cbcee02aab65f6980d523df42faf41b709fa"
},
"evaluated_keys": [
"value"
]
},
"code_block": [
[
11,
"RUN npm ci --no-fund --no-audit\n"
]
],
"file_path": "/Dockerfile.dev",
"file_abs_path": "/scan/Dockerfile.dev",
"repo_file_path": "/Dockerfile.dev",
"file_line_range": [
11,
11
],
"resource": "/Dockerfile.dev.RUN",
"evaluations": null,
"check_class": "checkov.common.graph.checks_infra.base_check",
"fixed_definition": null,
"entity_tags": null,
"caller_file_path": null,
"caller_file_line_range": null,
"resource_address": null,
"severity": null,
"bc_category": null,
"benchmarks": null,
"description": null,
"short_description": null,
"vulnerability_details": null,
"connected_node": null,
"guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-wget-secure",
"details": [],
"check_len": null,
"definition_context_file_path": null
},
{
"check_id": "CKV2_DOCKER_15",
"bc_check_id": null,
"check_name": "Ensure that the yum and dnf package managers are not configured to disable SSL certificate validation via the 'sslverify' configuration option",
"check_result": {
"result": "PASSED",
"entity": {
"block_name_": "RUN",
"block_type_": "resource",
"file_path_": "/Dockerfile.production",
"config_": {
"content": "RUN corepack enable && corepack prepare npm@10.5.0 --activate\n",
"value": "corepack enable && corepack prepare npm@10.5.0 --activate",
"__startline__": 4,
"__endline__": 4
},
"label_": "resource: RUN",
"id_": "RUN",
"source_": "Dockerfile",
"content": "RUN corepack enable && corepack prepare npm@10.5.0 --activate\n",
"value": "corepack enable && corepack prepare npm@10.5.0 --activate",
"__startline__": 4,
"__endline__": 4,
"resource_type": "RUN",
"hash": "dbd32b6bad6b728919787011f82d60c50d7b2d1c079f814de2b1640696c98816"
},
"evaluated_keys": [
"value"
]
},
"code_block": [
[
5,
"RUN corepack enable && corepack prepare npm@10.5.0 --activate\n"
]
],
"file_path": "/Dockerfile.production",
"file_abs_path": "/scan/Dockerfile.production",
"repo_file_path": "/Dockerfile.production",
"file_line_range": [
5,
5
],
"resource": "/Dockerfile.production.RUN",
"evaluations": null,
"check_class": "checkov.common.graph.checks_infra.base_check",
"fixed_definition": null,
"entity_tags": null,
"caller_file_path": null,
"caller_file_line_range": null,
"resource_address": null,
"severity": null,
"bc_category": null,
"benchmarks": null,
"description": null,
"short_description": null,
"vulnerability_details": null,
"connected_node": null,
"guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-yum-ssl",
"details": [],
"check_len": null,
"definition_context_file_path": null
},
{
"check_id": "CKV2_DOCKER_15",
"bc_check_id": null,
"check_name": "Ensure that the yum and dnf package managers are not configured to disable SSL certificate validation via the 'sslverify' configuration option",
"check_result": {
"result": "PASSED",
"entity": {
"block_name_": "RUN",
"block_type_": "resource",
"file_path_": "/Dockerfile.production",
"config_": {
"content": "RUN npm install\n",
"value": "npm install",
"__startline__": 20,
"__endline__": 20
},
"label_": "resource: RUN",
"id_": "RUN",
"source_": "Dockerfile",
"content": "RUN npm install\n",
"value": "npm install",
"__startline__": 20,
"__endline__": 20,
"resource_type": "RUN",
"hash": "6979b14e6a853ac150ffef85c5e28fd49c956054ea2cb1d01440e13b17260c4a"
},
"evaluated_keys": [
"value"
]
},
"code_block": [
[
21,
"RUN npm install\n"
]
],
"file_path": "/Dockerfile.production",
"file_abs_path": "/scan/Dockerfile.production",
"repo_file_path": "/Dockerfile.production",
"file_line_range": [
21,
21
],
"resource": "/Dockerfile.production.RUN",
"evaluations": null,
"check_class": "checkov.common.graph.checks_infra.base_check",
"fixed_definition": null,
"entity_tags": null,
"caller_file_path": null,
"caller_file_line_range": null,
"resource_address": null,
"severity": null,
"bc_category": null,
"benchmarks": null,
"description": null,
"short_description": null,
"vulnerability_details": null,
"connected_node": null,
"guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-yum-ssl",
"details": [],
"check_len": null,
"definition_context_file_path": null
},
{
"check_id": "CKV2_DOCKER_15",
"bc_check_id": null,
"check_name": "Ensure that the yum and dnf package managers are not configured to disable SSL certificate validation via the 'sslverify' configuration option",
"check_result": {
"result": "PASSED",
"entity": {
"block_name_": "RUN",
"block_type_": "resource",
"file_path_": "/Dockerfile.production",
"config_": {
"content": "RUN npm run db:generate\n",
"value": "npm run db:generate",
"__startline__": 21,
"__endline__": 21
},
"label_": "resource: RUN",
"id_": "RUN",
"source_": "Dockerfile",
"content": "RUN npm run db:generate\n",
"value": "npm run db:generate",
"__startline__": 21,
"__endline__": 21,
"resource_type": "RUN",
"hash": "c1f9cc0c42260bb0183d7e7b9ec2edab99837111ad42dbbdd7fad09ff3e37ab0"
},
"evaluated_keys": [
"value"
]
},
"code_block": [
[
22,
"RUN npm run db:generate\n"
]
],
"file_path": "/Dockerfile.production",
"file_abs_path": "/scan/Dockerfile.production",
"repo_file_path": "/Dockerfile.production",
"file_line_range": [
22,
22
],
"resource": "/Dockerfile.production.RUN",
"evaluations": null,
"check_class": "checkov.common.graph.checks_infra.base_check",
"fixed_definition": null,
"entity_tags": null,
"caller_file_path": null,
"caller_file_line_range": null,
"resource_address": null,
"severity": null,
"bc_category": null,
"benchmarks": null,
"description": null,
"short_description": null,
"vulnerability_details": null,
"connected_node": null,
"guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-yum-ssl",
"details": [],
"check_len": null,
"definition_context_file_path": null
},
{
"check_id": "CKV2_DOCKER_15",
"bc_check_id": null,
"check_name": "Ensure that the yum and dnf package managers are not configured to disable SSL certificate validation via the 'sslverify' configuration option",
"check_result": {
"result": "PASSED",
"entity": {
"block_name_": "RUN",
"block_type_": "resource",
"file_path_": "/Dockerfile.production",
"config_": {
"content": "RUN npm run build\n",
"value": "npm run build",
"__startline__": 22,
"__endline__": 22
},
"label_": "resource: RUN",
"id_": "RUN",
"source_": "Dockerfile",
"content": "RUN npm run build\n",
"value": "npm run build",
"__startline__": 22,
"__endline__": 22,
"resource_type": "RUN",
"hash": "1bf185fb6038f1b491f2a2686de4dd9869ccdd9c3e34d2772cf43bd368377aa6"
},
"evaluated_keys": [
"value"
]
},
"code_block": [
[
23,
"RUN npm run build\n"
]
],
"file_path": "/Dockerfile.production",
"file_abs_path": "/scan/Dockerfile.production",
"repo_file_path": "/Dockerfile.production",
"file_line_range": [
23,
23
],
"resource": "/Dockerfile.production.RUN",
"evaluations": null,
"check_class": "checkov.common.graph.checks_infra.base_check",
"fixed_definition": null,
"entity_tags": null,
"caller_file_path": null,
"caller_file_line_range": null,
"resource_address": null,
"severity": null,
"bc_category": null,
"benchmarks": null,
"description": null,
"short_description": null,
"vulnerability_details": null,
"connected_node": null,
"guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-yum-ssl",
"details": [],
"check_len": null,
"definition_context_file_path": null
},
{
"check_id": "CKV2_DOCKER_15",
"bc_check_id": null,
"check_name": "Ensure that the yum and dnf package managers are not configured to disable SSL certificate validation via the 'sslverify' configuration option",
"check_result": {
"result": "PASSED",
"entity": {
"block_name_": "RUN",
"block_type_": "resource",
"file_path_": "/Dockerfile.production",
"config_": {
"content": "RUN corepack enable && corepack prepare npm@10.5.0 --activate\n",
"value": "corepack enable && corepack prepare npm@10.5.0 --activate",
"__startline__": 30,
"__endline__": 30
},
"label_": "resource: RUN",
"id_": "RUN",
"source_": "Dockerfile",
"content": "RUN corepack enable && corepack prepare npm@10.5.0 --activate\n",
"value": "corepack enable && corepack prepare npm@10.5.0 --activate",
"__startline__": 30,
"__endline__": 30,
"resource_type": "RUN",
"hash": "01c88e306f7db45ae7136e3bdb63c4b15978dd024f6ed18210961fc3db3df382"
},
"evaluated_keys": [
"value"
]
},
"code_block": [
[
31,
"RUN corepack enable && corepack prepare npm@10.5.0 --activate\n"
]
],
"file_path": "/Dockerfile.production",
"file_abs_path": "/scan/Dockerfile.production",
"repo_file_path": "/Dockerfile.production",
"file_line_range": [
31,
31
],
"resource": "/Dockerfile.production.RUN",
"evaluations": null,
"check_class": "checkov.common.graph.checks_infra.base_check",
"fixed_definition": null,
"entity_tags": null,
"caller_file_path": null,
"caller_file_line_range": null,
"resource_address": null,
"severity": null,
"bc_category": null,
"benchmarks": null,
"description": null,
"short_description": null,
"vulnerability_details": null,
"connected_node": null,
"guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-yum-ssl",
"details": [],
"check_len": null,
"definition_context_file_path": null
},
{
"check_id": "CKV2_DOCKER_15",
"bc_check_id": null,
"check_name": "Ensure that the yum and dnf package managers are not configured to disable SSL certificate validation via the 'sslverify' configuration option",
"check_result": {
"result": "PASSED",
"entity": {
"block_name_": "RUN",
"block_type_": "resource",
"file_path_": "/Dockerfile.test",
"config_": {
"content": "RUN corepack enable && corepack prepare npm@10.5.0 --activate\n",
"value": "corepack enable && corepack prepare npm@10.5.0 --activate",
"__startline__": 4,
"__endline__": 4
},
"label_": "resource: RUN",
"id_": "RUN",
"source_": "Dockerfile",
"content": "RUN corepack enable && corepack prepare npm@10.5.0 --activate\n",
"value": "corepack enable && corepack prepare npm@10.5.0 --activate",
"__startline__": 4,
"__endline__": 4,
"resource_type": "RUN",
"hash": "1d5fb0a211498b8baf37e5744578ad03459da7798534298981f23fdefb7eb757"
},
"evaluated_keys": [
"value"
]
},
"code_block": [
[
5,
"RUN corepack enable && corepack prepare npm@10.5.0 --activate\n"
]
],
"file_path": "/Dockerfile.test",
"file_abs_path": "/scan/Dockerfile.test",
"repo_file_path": "/Dockerfile.test",
"file_line_range": [
5,
5
],
"resource": "/Dockerfile.test.RUN",
"evaluations": null,
"check_class": "checkov.common.graph.checks_infra.base_check",
"fixed_definition": null,
"entity_tags": null,
"caller_file_path": null,
"caller_file_line_range": null,
"resource_address": null,
"severity": null,
"bc_category": null,
"benchmarks": null,
"description": null,
"short_description": null,
"vulnerability_details": null,
"connected_node": null,
"guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-yum-ssl",
"details": [],
"check_len": null,
"definition_context_file_path": null
},
{
"check_id": "CKV2_DOCKER_15",
"bc_check_id": null,
"check_name": "Ensure that the yum and dnf package managers are not configured to disable SSL certificate validation via the 'sslverify' configuration option",
"check_result": {
"result": "PASSED",
"entity": {
"block_name_": "RUN",
"block_type_": "resource",
"file_path_": "/Dockerfile.test",
"config_": {
"content": "RUN npm install\n",
"value": "npm install",
"__startline__": 10,
"__endline__": 10
},
"label_": "resource: RUN",
"id_": "RUN",
"source_": "Dockerfile",
"content": "RUN npm install\n",
"value": "npm install",
"__startline__": 10,
"__endline__": 10,
"resource_type": "RUN",
"hash": "fb809e4860a3131df821aea9480445cc6e2f66dd52744dab5f3d2ef5b2848436"
},
"evaluated_keys": [
"value"
]
},
"code_block": [
[
11,
"RUN npm install\n"
]
],
"file_path": "/Dockerfile.test",
"file_abs_path": "/scan/Dockerfile.test",
"repo_file_path": "/Dockerfile.test",
"file_line_range": [
11,
11
],
"resource": "/Dockerfile.test.RUN",
"evaluations": null,
"check_class": "checkov.common.graph.checks_infra.base_check",
"fixed_definition": null,
"entity_tags": null,
"caller_file_path": null,
"caller_file_line_range": null,
"resource_address": null,
"severity": null,
"bc_category": null,
"benchmarks": null,
"description": null,
"short_description": null,
"vulnerability_details": null,
"connected_node": null,
"guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-yum-ssl",
"details": [],
"check_len": null,
"definition_context_file_path": null
},
{
"check_id": "CKV2_DOCKER_15",
"bc_check_id": null,
"check_name": "Ensure that the yum and dnf package managers are not configured to disable SSL certificate validation via the 'sslverify' configuration option",
"check_result": {
"result": "PASSED",
"entity": {
"block_name_": "RUN",
"block_type_": "resource",
"file_path_": "/Dockerfile.dev",
"config_": {
"content": "RUN npm install -g npm@10.5.0 --no-fund --no-audit\n",
"value": "npm install -g npm@10.5.0 --no-fund --no-audit",
"__startline__": 4,
"__endline__": 4
},
"label_": "resource: RUN",
"id_": "RUN",
"source_": "Dockerfile",
"content": "RUN npm install -g npm@10.5.0 --no-fund --no-audit\n",
"value": "npm install -g npm@10.5.0 --no-fund --no-audit",
"__startline__": 4,
"__endline__": 4,
"resource_type": "RUN",
"hash": "435bba968d1d0b4c410ea33851637829a16b2ad878f0b9531a737c7a444f91b9"
},
"evaluated_keys": [
"value"
]
},
"code_block": [
[
5,
"RUN npm install -g npm@10.5.0 --no-fund --no-audit\n"
]
],
"file_path": "/Dockerfile.dev",
"file_abs_path": "/scan/Dockerfile.dev",
"repo_file_path": "/Dockerfile.dev",
"file_line_range": [
5,
5
],
"resource": "/Dockerfile.dev.RUN",
"evaluations": null,
"check_class": "checkov.common.graph.checks_infra.base_check",
"fixed_definition": null,
"entity_tags": null,
"caller_file_path": null,
"caller_file_line_range": null,
"resource_address": null,
"severity": null,
"bc_category": null,
"benchmarks": null,
"description": null,
"short_description": null,
"vulnerability_details": null,
"connected_node": null,
"guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-yum-ssl",
"details": [],
"check_len": null,
"definition_context_file_path": null
},
{
"check_id": "CKV2_DOCKER_15",
"bc_check_id": null,
"check_name": "Ensure that the yum and dnf package managers are not configured to disable SSL certificate validation via the 'sslverify' configuration option",
"check_result": {
"result": "PASSED",
"entity": {
"block_name_": "RUN",
"block_type_": "resource",
"file_path_": "/Dockerfile.dev",
"config_": {
"content": "RUN npm ci --no-fund --no-audit\n",
"value": "npm ci --no-fund --no-audit",
"__startline__": 10,
"__endline__": 10
},
"label_": "resource: RUN",
"id_": "RUN",
"source_": "Dockerfile",
"content": "RUN npm ci --no-fund --no-audit\n",
"value": "npm ci --no-fund --no-audit",
"__startline__": 10,
"__endline__": 10,
"resource_type": "RUN",
"hash": "57abb1bbe03890ab19f47e5f96b9cbcee02aab65f6980d523df42faf41b709fa"
},
"evaluated_keys": [
"value"
]
},
"code_block": [
[
11,
"RUN npm ci --no-fund --no-audit\n"
]
],
"file_path": "/Dockerfile.dev",
"file_abs_path": "/scan/Dockerfile.dev",
"repo_file_path": "/Dockerfile.dev",
"file_line_range": [
11,
11
],
"resource": "/Dockerfile.dev.RUN",
"evaluations": null,
"check_class": "checkov.common.graph.checks_infra.base_check",
"fixed_definition": null,
"entity_tags": null,
"caller_file_path": null,
"caller_file_line_range": null,
"resource_address": null,
"severity": null,
"bc_category": null,
"benchmarks": null,
"description": null,
"short_description": null,
"vulnerability_details": null,
"connected_node": null,
"guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-yum-ssl",
"details": [],
"check_len": null,
"definition_context_file_path": null
},
{
"check_id": "CKV2_DOCKER_8",
"bc_check_id": null,
"check_name": "Ensure that packages with untrusted or missing signatures are not used by apt-get via the '--allow-unauthenticated' option",
"check_result": {
"result": "PASSED",
"entity": {
"block_name_": "RUN",
"block_type_": "resource",
"file_path_": "/Dockerfile.production",
"config_": {
"content": "RUN corepack enable && corepack prepare npm@10.5.0 --activate\n",
"value": "corepack enable && corepack prepare npm@10.5.0 --activate",
"__startline__": 4,
"__endline__": 4
},
"label_": "resource: RUN",
"id_": "RUN",
"source_": "Dockerfile",
"content": "RUN corepack enable && corepack prepare npm@10.5.0 --activate\n",
"value": "corepack enable && corepack prepare npm@10.5.0 --activate",
"__startline__": 4,
"__endline__": 4,
"resource_type": "RUN",
"hash": "dbd32b6bad6b728919787011f82d60c50d7b2d1c079f814de2b1640696c98816"
},
"evaluated_keys": [
"value"
]
},
"code_block": [
[
5,
"RUN corepack enable && corepack prepare npm@10.5.0 --activate\n"
]
],
"file_path": "/Dockerfile.production",
"file_abs_path": "/scan/Dockerfile.production",
"repo_file_path": "/Dockerfile.production",
"file_line_range": [
5,
5
],
"resource": "/Dockerfile.production.RUN",
"evaluations": null,
"check_class": "checkov.common.graph.checks_infra.base_check",
"fixed_definition": null,
"entity_tags": null,
"caller_file_path": null,
"caller_file_line_range": null,
"resource_address": null,
"severity": null,
"bc_category": null,
"benchmarks": null,
"description": null,
"short_description": null,
"vulnerability_details": null,
"connected_node": null,
"guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-apt-authenticated",
"details": [],
"check_len": null,
"definition_context_file_path": null
},
{
"check_id": "CKV2_DOCKER_8",
"bc_check_id": null,
"check_name": "Ensure that packages with untrusted or missing signatures are not used by apt-get via the '--allow-unauthenticated' option",
"check_result": {
"result": "PASSED",
"entity": {
"block_name_": "RUN",
"block_type_": "resource",
"file_path_": "/Dockerfile.production",
"config_": {
"content": "RUN npm install\n",
"value": "npm install",
"__startline__": 20,
"__endline__": 20
},
"label_": "resource: RUN",
"id_": "RUN",
"source_": "Dockerfile",
"content": "RUN npm install\n",
"value": "npm install",
"__startline__": 20,
"__endline__": 20,
"resource_type": "RUN",
"hash": "6979b14e6a853ac150ffef85c5e28fd49c956054ea2cb1d01440e13b17260c4a"
},
"evaluated_keys": [
"value"
]
},
"code_block": [
[
21,
"RUN npm install\n"
]
],
"file_path": "/Dockerfile.production",
"file_abs_path": "/scan/Dockerfile.production",
"repo_file_path": "/Dockerfile.production",
"file_line_range": [
21,
21
],
"resource": "/Dockerfile.production.RUN",
"evaluations": null,
"check_class": "checkov.common.graph.checks_infra.base_check",
"fixed_definition": null,
"entity_tags": null,
"caller_file_path": null,
"caller_file_line_range": null,
"resource_address": null,
"severity": null,
"bc_category": null,
"benchmarks": null,
"description": null,
"short_description": null,
"vulnerability_details": null,
"connected_node": null,
"guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-apt-authenticated",
"details": [],
"check_len": null,
"definition_context_file_path": null
},
{
"check_id": "CKV2_DOCKER_8",
"bc_check_id": null,
"check_name": "Ensure that packages with untrusted or missing signatures are not used by apt-get via the '--allow-unauthenticated' option",
"check_result": {
"result": "PASSED",
"entity": {
"block_name_": "RUN",
"block_type_": "resource",
"file_path_": "/Dockerfile.production",
"config_": {
"content": "RUN npm run db:generate\n",
"value": "npm run db:generate",
"__startline__": 21,
"__endline__": 21
},
"label_": "resource: RUN",
"id_": "RUN",
"source_": "Dockerfile",
"content": "RUN npm run db:generate\n",
"value": "npm run db:generate",
"__startline__": 21,
"__endline__": 21,
"resource_type": "RUN",
"hash": "c1f9cc0c42260bb0183d7e7b9ec2edab99837111ad42dbbdd7fad09ff3e37ab0"
},
"evaluated_keys": [
"value"
]
},
"code_block": [
[
22,
"RUN npm run db:generate\n"
]
],
"file_path": "/Dockerfile.production",
"file_abs_path": "/scan/Dockerfile.production",
"repo_file_path": "/Dockerfile.production",
"file_line_range": [
22,
22
],
"resource": "/Dockerfile.production.RUN",
"evaluations": null,
"check_class": "checkov.common.graph.checks_infra.base_check",
"fixed_definition": null,
"entity_tags": null,
"caller_file_path": null,
"caller_file_line_range": null,
"resource_address": null,
"severity": null,
"bc_category": null,
"benchmarks": null,
"description": null,
"short_description": null,
"vulnerability_details": null,
"connected_node": null,
"guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-apt-authenticated",
"details": [],
"check_len": null,
"definition_context_file_path": null
},
{
"check_id": "CKV2_DOCKER_8",
"bc_check_id": null,
"check_name": "Ensure that packages with untrusted or missing signatures are not used by apt-get via the '--allow-unauthenticated' option",
"check_result": {
"result": "PASSED",
"entity": {
"block_name_": "RUN",
"block_type_": "resource",
"file_path_": "/Dockerfile.production",
"config_": {
"content": "RUN npm run build\n",
"value": "npm run build",
"__startline__": 22,
"__endline__": 22
},
"label_": "resource: RUN",
"id_": "RUN",
"source_": "Dockerfile",
"content": "RUN npm run build\n",
"value": "npm run build",
"__startline__": 22,
"__endline__": 22,
"resource_type": "RUN",
"hash": "1bf185fb6038f1b491f2a2686de4dd9869ccdd9c3e34d2772cf43bd368377aa6"
},
"evaluated_keys": [
"value"
]
},
"code_block": [
[
23,
"RUN npm run build\n"
]
],
"file_path": "/Dockerfile.production",
"file_abs_path": "/scan/Dockerfile.production",
"repo_file_path": "/Dockerfile.production",
"file_line_range": [
23,
23
],
"resource": "/Dockerfile.production.RUN",
"evaluations": null,
"check_class": "checkov.common.graph.checks_infra.base_check",
"fixed_definition": null,
"entity_tags": null,
"caller_file_path": null,
"caller_file_line_range": null,
"resource_address": null,
"severity": null,
"bc_category": null,
"benchmarks": null,
"description": null,
"short_description": null,
"vulnerability_details": null,
"connected_node": null,
"guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-apt-authenticated",
"details": [],
"check_len": null,
"definition_context_file_path": null
},
{
"check_id": "CKV2_DOCKER_8",
"bc_check_id": null,
"check_name": "Ensure that packages with untrusted or missing signatures are not used by apt-get via the '--allow-unauthenticated' option",
"check_result": {
"result": "PASSED",
"entity": {
"block_name_": "RUN",
"block_type_": "resource",
"file_path_": "/Dockerfile.production",
"config_": {
"content": "RUN corepack enable && corepack prepare npm@10.5.0 --activate\n",
"value": "corepack enable && corepack prepare npm@10.5.0 --activate",
"__startline__": 30,
"__endline__": 30
},
"label_": "resource: RUN",
"id_": "RUN",
"source_": "Dockerfile",
"content": "RUN corepack enable && corepack prepare npm@10.5.0 --activate\n",
"value": "corepack enable && corepack prepare npm@10.5.0 --activate",
"__startline__": 30,
"__endline__": 30,
"resource_type": "RUN",
"hash": "01c88e306f7db45ae7136e3bdb63c4b15978dd024f6ed18210961fc3db3df382"
},
"evaluated_keys": [
"value"
]
},
"code_block": [
[
31,
"RUN corepack enable && corepack prepare npm@10.5.0 --activate\n"
]
],
"file_path": "/Dockerfile.production",
"file_abs_path": "/scan/Dockerfile.production",
"repo_file_path": "/Dockerfile.production",
"file_line_range": [
31,
31
],
"resource": "/Dockerfile.production.RUN",
"evaluations": null,
"check_class": "checkov.common.graph.checks_infra.base_check",
"fixed_definition": null,
"entity_tags": null,
"caller_file_path": null,
"caller_file_line_range": null,
"resource_address": null,
"severity": null,
"bc_category": null,
"benchmarks": null,
"description": null,
"short_description": null,
"vulnerability_details": null,
"connected_node": null,
"guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-apt-authenticated",
"details": [],
"check_len": null,
"definition_context_file_path": null
},
{
"check_id": "CKV2_DOCKER_8",
"bc_check_id": null,
"check_name": "Ensure that packages with untrusted or missing signatures are not used by apt-get via the '--allow-unauthenticated' option",
"check_result": {
"result": "PASSED",
"entity": {
"block_name_": "RUN",
"block_type_": "resource",
"file_path_": "/Dockerfile.test",
"config_": {
"content": "RUN corepack enable && corepack prepare npm@10.5.0 --activate\n",
"value": "corepack enable && corepack prepare npm@10.5.0 --activate",
"__startline__": 4,
"__endline__": 4
},
"label_": "resource: RUN",
"id_": "RUN",
"source_": "Dockerfile",
"content": "RUN corepack enable && corepack prepare npm@10.5.0 --activate\n",
"value": "corepack enable && corepack prepare npm@10.5.0 --activate",
"__startline__": 4,
"__endline__": 4,
"resource_type": "RUN",
"hash": "1d5fb0a211498b8baf37e5744578ad03459da7798534298981f23fdefb7eb757"
},
"evaluated_keys": [
"value"
]
},
"code_block": [
[
5,
"RUN corepack enable && corepack prepare npm@10.5.0 --activate\n"
]
],
"file_path": "/Dockerfile.test",
"file_abs_path": "/scan/Dockerfile.test",
"repo_file_path": "/Dockerfile.test",
"file_line_range": [
5,
5
],
"resource": "/Dockerfile.test.RUN",
"evaluations": null,
"check_class": "checkov.common.graph.checks_infra.base_check",
"fixed_definition": null,
"entity_tags": null,
"caller_file_path": null,
"caller_file_line_range": null,
"resource_address": null,
"severity": null,
"bc_category": null,
"benchmarks": null,
"description": null,
"short_description": null,
"vulnerability_details": null,
"connected_node": null,
"guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-apt-authenticated",
"details": [],
"check_len": null,
"definition_context_file_path": null
},
{
"check_id": "CKV2_DOCKER_8",
"bc_check_id": null,
"check_name": "Ensure that packages with untrusted or missing signatures are not used by apt-get via the '--allow-unauthenticated' option",
"check_result": {
"result": "PASSED",
"entity": {
"block_name_": "RUN",
"block_type_": "resource",
"file_path_": "/Dockerfile.test",
"config_": {
"content": "RUN npm install\n",
"value": "npm install",
"__startline__": 10,
"__endline__": 10
},
"label_": "resource: RUN",
"id_": "RUN",
"source_": "Dockerfile",
"content": "RUN npm install\n",
"value": "npm install",
"__startline__": 10,
"__endline__": 10,
"resource_type": "RUN",
"hash": "fb809e4860a3131df821aea9480445cc6e2f66dd52744dab5f3d2ef5b2848436"
},
"evaluated_keys": [
"value"
]
},
"code_block": [
[
11,
"RUN npm install\n"
]
],
"file_path": "/Dockerfile.test",
"file_abs_path": "/scan/Dockerfile.test",
"repo_file_path": "/Dockerfile.test",
"file_line_range": [
11,
11
],
"resource": "/Dockerfile.test.RUN",
"evaluations": null,
"check_class": "checkov.common.graph.checks_infra.base_check",
"fixed_definition": null,
"entity_tags": null,
"caller_file_path": null,
"caller_file_line_range": null,
"resource_address": null,
"severity": null,
"bc_category": null,
"benchmarks": null,
"description": null,
"short_description": null,
"vulnerability_details": null,
"connected_node": null,
"guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-apt-authenticated",
"details": [],
"check_len": null,
"definition_context_file_path": null
},
{
"check_id": "CKV2_DOCKER_8",
"bc_check_id": null,
"check_name": "Ensure that packages with untrusted or missing signatures are not used by apt-get via the '--allow-unauthenticated' option",
"check_result": {
"result": "PASSED",
"entity": {
"block_name_": "RUN",
"block_type_": "resource",
"file_path_": "/Dockerfile.dev",
"config_": {
"content": "RUN npm install -g npm@10.5.0 --no-fund --no-audit\n",
"value": "npm install -g npm@10.5.0 --no-fund --no-audit",
"__startline__": 4,
"__endline__": 4
},
"label_": "resource: RUN",
"id_": "RUN",
"source_": "Dockerfile",
"content": "RUN npm install -g npm@10.5.0 --no-fund --no-audit\n",
"value": "npm install -g npm@10.5.0 --no-fund --no-audit",
"__startline__": 4,
"__endline__": 4,
"resource_type": "RUN",
"hash": "435bba968d1d0b4c410ea33851637829a16b2ad878f0b9531a737c7a444f91b9"
},
"evaluated_keys": [
"value"
]
},
"code_block": [
[
5,
"RUN npm install -g npm@10.5.0 --no-fund --no-audit\n"
]
],
"file_path": "/Dockerfile.dev",
"file_abs_path": "/scan/Dockerfile.dev",
"repo_file_path": "/Dockerfile.dev",
"file_line_range": [
5,
5
],
"resource": "/Dockerfile.dev.RUN",
"evaluations": null,
"check_class": "checkov.common.graph.checks_infra.base_check",
"fixed_definition": null,
"entity_tags": null,
"caller_file_path": null,
"caller_file_line_range": null,
"resource_address": null,
"severity": null,
"bc_category": null,
"benchmarks": null,
"description": null,
"short_description": null,
"vulnerability_details": null,
"connected_node": null,
"guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-apt-authenticated",
"details": [],
"check_len": null,
"definition_context_file_path": null
},
{
"check_id": "CKV2_DOCKER_8",
"bc_check_id": null,
"check_name": "Ensure that packages with untrusted or missing signatures are not used by apt-get via the '--allow-unauthenticated' option",
"check_result": {
"result": "PASSED",
"entity": {
"block_name_": "RUN",
"block_type_": "resource",
"file_path_": "/Dockerfile.dev",
"config_": {
"content": "RUN npm ci --no-fund --no-audit\n",
"value": "npm ci --no-fund --no-audit",
"__startline__": 10,
"__endline__": 10
},
"label_": "resource: RUN",
"id_": "RUN",
"source_": "Dockerfile",
"content": "RUN npm ci --no-fund --no-audit\n",
"value": "npm ci --no-fund --no-audit",
"__startline__": 10,
"__endline__": 10,
"resource_type": "RUN",
"hash": "57abb1bbe03890ab19f47e5f96b9cbcee02aab65f6980d523df42faf41b709fa"
},
"evaluated_keys": [
"value"
]
},
"code_block": [
[
11,
"RUN npm ci --no-fund --no-audit\n"
]
],
"file_path": "/Dockerfile.dev",
"file_abs_path": "/scan/Dockerfile.dev",
"repo_file_path": "/Dockerfile.dev",
"file_line_range": [
11,
11
],
"resource": "/Dockerfile.dev.RUN",
"evaluations": null,
"check_class": "checkov.common.graph.checks_infra.base_check",
"fixed_definition": null,
"entity_tags": null,
"caller_file_path": null,
"caller_file_line_range": null,
"resource_address": null,
"severity": null,
"bc_category": null,
"benchmarks": null,
"description": null,
"short_description": null,
"vulnerability_details": null,
"connected_node": null,
"guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-apt-authenticated",
"details": [],
"check_len": null,
"definition_context_file_path": null
},
{
"check_id": "CKV2_DOCKER_13",
"bc_check_id": null,
"check_name": "Ensure that certificate validation isn't disabled for npm or yarn by setting the option strict-ssl to false",
"check_result": {
"result": "PASSED",
"entity": {
"block_name_": "RUN",
"block_type_": "resource",
"file_path_": "/Dockerfile.production",
"config_": {
"content": "RUN corepack enable && corepack prepare npm@10.5.0 --activate\n",
"value": "corepack enable && corepack prepare npm@10.5.0 --activate",
"__startline__": 4,
"__endline__": 4
},
"label_": "resource: RUN",
"id_": "RUN",
"source_": "Dockerfile",
"content": "RUN corepack enable && corepack prepare npm@10.5.0 --activate\n",
"value": "corepack enable && corepack prepare npm@10.5.0 --activate",
"__startline__": 4,
"__endline__": 4,
"resource_type": "RUN",
"hash": "dbd32b6bad6b728919787011f82d60c50d7b2d1c079f814de2b1640696c98816"
},
"evaluated_keys": [
"value"
]
},
"code_block": [
[
5,
"RUN corepack enable && corepack prepare npm@10.5.0 --activate\n"
]
],
"file_path": "/Dockerfile.production",
"file_abs_path": "/scan/Dockerfile.production",
"repo_file_path": "/Dockerfile.production",
"file_line_range": [
5,
5
],
"resource": "/Dockerfile.production.RUN",
"evaluations": null,
"check_class": "checkov.common.graph.checks_infra.base_check",
"fixed_definition": null,
"entity_tags": null,
"caller_file_path": null,
"caller_file_line_range": null,
"resource_address": null,
"severity": null,
"bc_category": null,
"benchmarks": null,
"description": null,
"short_description": null,
"vulnerability_details": null,
"connected_node": null,
"guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-npm-strict-ssl2",
"details": [],
"check_len": null,
"definition_context_file_path": null
},
{
"check_id": "CKV2_DOCKER_13",
"bc_check_id": null,
"check_name": "Ensure that certificate validation isn't disabled for npm or yarn by setting the option strict-ssl to false",
"check_result": {
"result": "PASSED",
"entity": {
"block_name_": "RUN",
"block_type_": "resource",
"file_path_": "/Dockerfile.production",
"config_": {
"content": "RUN npm install\n",
"value": "npm install",
"__startline__": 20,
"__endline__": 20
},
"label_": "resource: RUN",
"id_": "RUN",
"source_": "Dockerfile",
"content": "RUN npm install\n",
"value": "npm install",
"__startline__": 20,
"__endline__": 20,
"resource_type": "RUN",
"hash": "6979b14e6a853ac150ffef85c5e28fd49c956054ea2cb1d01440e13b17260c4a"
},
"evaluated_keys": [
"value"
]
},
"code_block": [
[
21,
"RUN npm install\n"
]
],
"file_path": "/Dockerfile.production",
"file_abs_path": "/scan/Dockerfile.production",
"repo_file_path": "/Dockerfile.production",
"file_line_range": [
21,
21
],
"resource": "/Dockerfile.production.RUN",
"evaluations": null,
"check_class": "checkov.common.graph.checks_infra.base_check",
"fixed_definition": null,
"entity_tags": null,
"caller_file_path": null,
"caller_file_line_range": null,
"resource_address": null,
"severity": null,
"bc_category": null,
"benchmarks": null,
"description": null,
"short_description": null,
"vulnerability_details": null,
"connected_node": null,
"guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-npm-strict-ssl2",
"details": [],
"check_len": null,
"definition_context_file_path": null
},
{
"check_id": "CKV2_DOCKER_13",
"bc_check_id": null,
"check_name": "Ensure that certificate validation isn't disabled for npm or yarn by setting the option strict-ssl to false",
"check_result": {
"result": "PASSED",
"entity": {
"block_name_": "RUN",
"block_type_": "resource",
"file_path_": "/Dockerfile.production",
"config_": {
"content": "RUN npm run db:generate\n",
"value": "npm run db:generate",
"__startline__": 21,
"__endline__": 21
},
"label_": "resource: RUN",
"id_": "RUN",
"source_": "Dockerfile",
"content": "RUN npm run db:generate\n",
"value": "npm run db:generate",
"__startline__": 21,
"__endline__": 21,
"resource_type": "RUN",
"hash": "c1f9cc0c42260bb0183d7e7b9ec2edab99837111ad42dbbdd7fad09ff3e37ab0"
},
"evaluated_keys": [
"value"
]
},
"code_block": [
[
22,
"RUN npm run db:generate\n"
]
],
"file_path": "/Dockerfile.production",
"file_abs_path": "/scan/Dockerfile.production",
"repo_file_path": "/Dockerfile.production",
"file_line_range": [
22,
22
],
"resource": "/Dockerfile.production.RUN",
"evaluations": null,
"check_class": "checkov.common.graph.checks_infra.base_check",
"fixed_definition": null,
"entity_tags": null,
"caller_file_path": null,
"caller_file_line_range": null,
"resource_address": null,
"severity": null,
"bc_category": null,
"benchmarks": null,
"description": null,
"short_description": null,
"vulnerability_details": null,
"connected_node": null,
"guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-npm-strict-ssl2",
"details": [],
"check_len": null,
"definition_context_file_path": null
},
{
"check_id": "CKV2_DOCKER_13",
"bc_check_id": null,
"check_name": "Ensure that certificate validation isn't disabled for npm or yarn by setting the option strict-ssl to false",
"check_result": {
"result": "PASSED",
"entity": {
"block_name_": "RUN",
"block_type_": "resource",
"file_path_": "/Dockerfile.production",
"config_": {
"content": "RUN npm run build\n",
"value": "npm run build",
"__startline__": 22,
"__endline__": 22
},
"label_": "resource: RUN",
"id_": "RUN",
"source_": "Dockerfile",
"content": "RUN npm run build\n",
"value": "npm run build",
"__startline__": 22,
"__endline__": 22,
"resource_type": "RUN",
"hash": "1bf185fb6038f1b491f2a2686de4dd9869ccdd9c3e34d2772cf43bd368377aa6"
},
"evaluated_keys": [
"value"
]
},
"code_block": [
[
23,
"RUN npm run build\n"
]
],
"file_path": "/Dockerfile.production",
"file_abs_path": "/scan/Dockerfile.production",
"repo_file_path": "/Dockerfile.production",
"file_line_range": [
23,
23
],
"resource": "/Dockerfile.production.RUN",
"evaluations": null,
"check_class": "checkov.common.graph.checks_infra.base_check",
"fixed_definition": null,
"entity_tags": null,
"caller_file_path": null,
"caller_file_line_range": null,
"resource_address": null,
"severity": null,
"bc_category": null,
"benchmarks": null,
"description": null,
"short_description": null,
"vulnerability_details": null,
"connected_node": null,
"guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-npm-strict-ssl2",
"details": [],
"check_len": null,
"definition_context_file_path": null
},
{
"check_id": "CKV2_DOCKER_13",
"bc_check_id": null,
"check_name": "Ensure that certificate validation isn't disabled for npm or yarn by setting the option strict-ssl to false",
"check_result": {
"result": "PASSED",
"entity": {
"block_name_": "RUN",
"block_type_": "resource",
"file_path_": "/Dockerfile.production",
"config_": {
"content": "RUN corepack enable && corepack prepare npm@10.5.0 --activate\n",
"value": "corepack enable && corepack prepare npm@10.5.0 --activate",
"__startline__": 30,
"__endline__": 30
},
"label_": "resource: RUN",
"id_": "RUN",
"source_": "Dockerfile",
"content": "RUN corepack enable && corepack prepare npm@10.5.0 --activate\n",
"value": "corepack enable && corepack prepare npm@10.5.0 --activate",
"__startline__": 30,
"__endline__": 30,
"resource_type": "RUN",
"hash": "01c88e306f7db45ae7136e3bdb63c4b15978dd024f6ed18210961fc3db3df382"
},
"evaluated_keys": [
"value"
]
},
"code_block": [
[
31,
"RUN corepack enable && corepack prepare npm@10.5.0 --activate\n"
]
],
"file_path": "/Dockerfile.production",
"file_abs_path": "/scan/Dockerfile.production",
"repo_file_path": "/Dockerfile.production",
"file_line_range": [
31,
31
],
"resource": "/Dockerfile.production.RUN",
"evaluations": null,
"check_class": "checkov.common.graph.checks_infra.base_check",
"fixed_definition": null,
"entity_tags": null,
"caller_file_path": null,
"caller_file_line_range": null,
"resource_address": null,
"severity": null,
"bc_category": null,
"benchmarks": null,
"description": null,
"short_description": null,
"vulnerability_details": null,
"connected_node": null,
"guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-npm-strict-ssl2",
"details": [],
"check_len": null,
"definition_context_file_path": null
},
{
"check_id": "CKV2_DOCKER_13",
"bc_check_id": null,
"check_name": "Ensure that certificate validation isn't disabled for npm or yarn by setting the option strict-ssl to false",
"check_result": {
"result": "PASSED",
"entity": {
"block_name_": "RUN",
"block_type_": "resource",
"file_path_": "/Dockerfile.test",
"config_": {
"content": "RUN corepack enable && corepack prepare npm@10.5.0 --activate\n",
"value": "corepack enable && corepack prepare npm@10.5.0 --activate",
"__startline__": 4,
"__endline__": 4
},
"label_": "resource: RUN",
"id_": "RUN",
"source_": "Dockerfile",
"content": "RUN corepack enable && corepack prepare npm@10.5.0 --activate\n",
"value": "corepack enable && corepack prepare npm@10.5.0 --activate",
"__startline__": 4,
"__endline__": 4,
"resource_type": "RUN",
"hash": "1d5fb0a211498b8baf37e5744578ad03459da7798534298981f23fdefb7eb757"
},
"evaluated_keys": [
"value"
]
},
"code_block": [
[
5,
"RUN corepack enable && corepack prepare npm@10.5.0 --activate\n"
]
],
"file_path": "/Dockerfile.test",
"file_abs_path": "/scan/Dockerfile.test",
"repo_file_path": "/Dockerfile.test",
"file_line_range": [
5,
5
],
"resource": "/Dockerfile.test.RUN",
"evaluations": null,
"check_class": "checkov.common.graph.checks_infra.base_check",
"fixed_definition": null,
"entity_tags": null,
"caller_file_path": null,
"caller_file_line_range": null,
"resource_address": null,
"severity": null,
"bc_category": null,
"benchmarks": null,
"description": null,
"short_description": null,
"vulnerability_details": null,
"connected_node": null,
"guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-npm-strict-ssl2",
"details": [],
"check_len": null,
"definition_context_file_path": null
},
{
"check_id": "CKV2_DOCKER_13",
"bc_check_id": null,
"check_name": "Ensure that certificate validation isn't disabled for npm or yarn by setting the option strict-ssl to false",
"check_result": {
"result": "PASSED",
"entity": {
"block_name_": "RUN",
"block_type_": "resource",
"file_path_": "/Dockerfile.test",
"config_": {
"content": "RUN npm install\n",
"value": "npm install",
"__startline__": 10,
"__endline__": 10
},
"label_": "resource: RUN",
"id_": "RUN",
"source_": "Dockerfile",
"content": "RUN npm install\n",
"value": "npm install",
"__startline__": 10,
"__endline__": 10,
"resource_type": "RUN",
"hash": "fb809e4860a3131df821aea9480445cc6e2f66dd52744dab5f3d2ef5b2848436"
},
"evaluated_keys": [
"value"
]
},
"code_block": [
[
11,
"RUN npm install\n"
]
],
"file_path": "/Dockerfile.test",
"file_abs_path": "/scan/Dockerfile.test",
"repo_file_path": "/Dockerfile.test",
"file_line_range": [
11,
11
],
"resource": "/Dockerfile.test.RUN",
"evaluations": null,
"check_class": "checkov.common.graph.checks_infra.base_check",
"fixed_definition": null,
"entity_tags": null,
"caller_file_path": null,
"caller_file_line_range": null,
"resource_address": null,
"severity": null,
"bc_category": null,
"benchmarks": null,
"description": null,
"short_description": null,
"vulnerability_details": null,
"connected_node": null,
"guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-npm-strict-ssl2",
"details": [],
"check_len": null,
"definition_context_file_path": null
},
{
"check_id": "CKV2_DOCKER_13",
"bc_check_id": null,
"check_name": "Ensure that certificate validation isn't disabled for npm or yarn by setting the option strict-ssl to false",
"check_result": {
"result": "PASSED",
"entity": {
"block_name_": "RUN",
"block_type_": "resource",
"file_path_": "/Dockerfile.dev",
"config_": {
"content": "RUN npm install -g npm@10.5.0 --no-fund --no-audit\n",
"value": "npm install -g npm@10.5.0 --no-fund --no-audit",
"__startline__": 4,
"__endline__": 4
},
"label_": "resource: RUN",
"id_": "RUN",
"source_": "Dockerfile",
"content": "RUN npm install -g npm@10.5.0 --no-fund --no-audit\n",
"value": "npm install -g npm@10.5.0 --no-fund --no-audit",
"__startline__": 4,
"__endline__": 4,
"resource_type": "RUN",
"hash": "435bba968d1d0b4c410ea33851637829a16b2ad878f0b9531a737c7a444f91b9"
},
"evaluated_keys": [
"value"
]
},
"code_block": [
[
5,
"RUN npm install -g npm@10.5.0 --no-fund --no-audit\n"
]
],
"file_path": "/Dockerfile.dev",
"file_abs_path": "/scan/Dockerfile.dev",
"repo_file_path": "/Dockerfile.dev",
"file_line_range": [
5,
5
],
"resource": "/Dockerfile.dev.RUN",
"evaluations": null,
"check_class": "checkov.common.graph.checks_infra.base_check",
"fixed_definition": null,
"entity_tags": null,
"caller_file_path": null,
"caller_file_line_range": null,
"resource_address": null,
"severity": null,
"bc_category": null,
"benchmarks": null,
"description": null,
"short_description": null,
"vulnerability_details": null,
"connected_node": null,
"guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-npm-strict-ssl2",
"details": [],
"check_len": null,
"definition_context_file_path": null
},
{
"check_id": "CKV2_DOCKER_13",
"bc_check_id": null,
"check_name": "Ensure that certificate validation isn't disabled for npm or yarn by setting the option strict-ssl to false",
"check_result": {
"result": "PASSED",
"entity": {
"block_name_": "RUN",
"block_type_": "resource",
"file_path_": "/Dockerfile.dev",
"config_": {
"content": "RUN npm ci --no-fund --no-audit\n",
"value": "npm ci --no-fund --no-audit",
"__startline__": 10,
"__endline__": 10
},
"label_": "resource: RUN",
"id_": "RUN",
"source_": "Dockerfile",
"content": "RUN npm ci --no-fund --no-audit\n",
"value": "npm ci --no-fund --no-audit",
"__startline__": 10,
"__endline__": 10,
"resource_type": "RUN",
"hash": "57abb1bbe03890ab19f47e5f96b9cbcee02aab65f6980d523df42faf41b709fa"
},
"evaluated_keys": [
"value"
]
},
"code_block": [
[
11,
"RUN npm ci --no-fund --no-audit\n"
]
],
"file_path": "/Dockerfile.dev",
"file_abs_path": "/scan/Dockerfile.dev",
"repo_file_path": "/Dockerfile.dev",
"file_line_range": [
11,
11
],
"resource": "/Dockerfile.dev.RUN",
"evaluations": null,
"check_class": "checkov.common.graph.checks_infra.base_check",
"fixed_definition": null,
"entity_tags": null,
"caller_file_path": null,
"caller_file_line_range": null,
"resource_address": null,
"severity": null,
"bc_category": null,
"benchmarks": null,
"description": null,
"short_description": null,
"vulnerability_details": null,
"connected_node": null,
"guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-npm-strict-ssl2",
"details": [],
"check_len": null,
"definition_context_file_path": null
},
{
"check_id": "CKV2_DOCKER_10",
"bc_check_id": null,
"check_name": "Ensure that packages with untrusted or missing signatures are not used by rpm via the '--nodigest', '--nosignature', '--noverify', or '--nofiledigest' options",
"check_result": {
"result": "PASSED",
"entity": {
"block_name_": "RUN",
"block_type_": "resource",
"file_path_": "/Dockerfile.production",
"config_": {
"content": "RUN corepack enable && corepack prepare npm@10.5.0 --activate\n",
"value": "corepack enable && corepack prepare npm@10.5.0 --activate",
"__startline__": 4,
"__endline__": 4
},
"label_": "resource: RUN",
"id_": "RUN",
"source_": "Dockerfile",
"content": "RUN corepack enable && corepack prepare npm@10.5.0 --activate\n",
"value": "corepack enable && corepack prepare npm@10.5.0 --activate",
"__startline__": 4,
"__endline__": 4,
"resource_type": "RUN",
"hash": "dbd32b6bad6b728919787011f82d60c50d7b2d1c079f814de2b1640696c98816"
},
"evaluated_keys": [
"value"
]
},
"code_block": [
[
5,
"RUN corepack enable && corepack prepare npm@10.5.0 --activate\n"
]
],
"file_path": "/Dockerfile.production",
"file_abs_path": "/scan/Dockerfile.production",
"repo_file_path": "/Dockerfile.production",
"file_line_range": [
5,
5
],
"resource": "/Dockerfile.production.RUN",
"evaluations": null,
"check_class": "checkov.common.graph.checks_infra.base_check",
"fixed_definition": null,
"entity_tags": null,
"caller_file_path": null,
"caller_file_line_range": null,
"resource_address": null,
"severity": null,
"bc_category": null,
"benchmarks": null,
"description": null,
"short_description": null,
"vulnerability_details": null,
"connected_node": null,
"guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-rpm-signed",
"details": [],
"check_len": null,
"definition_context_file_path": null
},
{
"check_id": "CKV2_DOCKER_10",
"bc_check_id": null,
"check_name": "Ensure that packages with untrusted or missing signatures are not used by rpm via the '--nodigest', '--nosignature', '--noverify', or '--nofiledigest' options",
"check_result": {
"result": "PASSED",
"entity": {
"block_name_": "RUN",
"block_type_": "resource",
"file_path_": "/Dockerfile.production",
"config_": {
"content": "RUN npm install\n",
"value": "npm install",
"__startline__": 20,
"__endline__": 20
},
"label_": "resource: RUN",
"id_": "RUN",
"source_": "Dockerfile",
"content": "RUN npm install\n",
"value": "npm install",
"__startline__": 20,
"__endline__": 20,
"resource_type": "RUN",
"hash": "6979b14e6a853ac150ffef85c5e28fd49c956054ea2cb1d01440e13b17260c4a"
},
"evaluated_keys": [
"value"
]
},
"code_block": [
[
21,
"RUN npm install\n"
]
],
"file_path": "/Dockerfile.production",
"file_abs_path": "/scan/Dockerfile.production",
"repo_file_path": "/Dockerfile.production",
"file_line_range": [
21,
21
],
"resource": "/Dockerfile.production.RUN",
"evaluations": null,
"check_class": "checkov.common.graph.checks_infra.base_check",
"fixed_definition": null,
"entity_tags": null,
"caller_file_path": null,
"caller_file_line_range": null,
"resource_address": null,
"severity": null,
"bc_category": null,
"benchmarks": null,
"description": null,
"short_description": null,
"vulnerability_details": null,
"connected_node": null,
"guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-rpm-signed",
"details": [],
"check_len": null,
"definition_context_file_path": null
},
{
"check_id": "CKV2_DOCKER_10",
"bc_check_id": null,
"check_name": "Ensure that packages with untrusted or missing signatures are not used by rpm via the '--nodigest', '--nosignature', '--noverify', or '--nofiledigest' options",
"check_result": {
"result": "PASSED",
"entity": {
"block_name_": "RUN",
"block_type_": "resource",
"file_path_": "/Dockerfile.production",
"config_": {
"content": "RUN npm run db:generate\n",
"value": "npm run db:generate",
"__startline__": 21,
"__endline__": 21
},
"label_": "resource: RUN",
"id_": "RUN",
"source_": "Dockerfile",
"content": "RUN npm run db:generate\n",
"value": "npm run db:generate",
"__startline__": 21,
"__endline__": 21,
"resource_type": "RUN",
"hash": "c1f9cc0c42260bb0183d7e7b9ec2edab99837111ad42dbbdd7fad09ff3e37ab0"
},
"evaluated_keys": [
"value"
]
},
"code_block": [
[
22,
"RUN npm run db:generate\n"
]
],
"file_path": "/Dockerfile.production",
"file_abs_path": "/scan/Dockerfile.production",
"repo_file_path": "/Dockerfile.production",
"file_line_range": [
22,
22
],
"resource": "/Dockerfile.production.RUN",
"evaluations": null,
"check_class": "checkov.common.graph.checks_infra.base_check",
"fixed_definition": null,
"entity_tags": null,
"caller_file_path": null,
"caller_file_line_range": null,
"resource_address": null,
"severity": null,
"bc_category": null,
"benchmarks": null,
"description": null,
"short_description": null,
"vulnerability_details": null,
"connected_node": null,
"guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-rpm-signed",
"details": [],
"check_len": null,
"definition_context_file_path": null
},
{
"check_id": "CKV2_DOCKER_10",
"bc_check_id": null,
"check_name": "Ensure that packages with untrusted or missing signatures are not used by rpm via the '--nodigest', '--nosignature', '--noverify', or '--nofiledigest' options",
"check_result": {
"result": "PASSED",
"entity": {
"block_name_": "RUN",
"block_type_": "resource",
"file_path_": "/Dockerfile.production",
"config_": {
"content": "RUN npm run build\n",
"value": "npm run build",
"__startline__": 22,
"__endline__": 22
},
"label_": "resource: RUN",
"id_": "RUN",
"source_": "Dockerfile",
"content": "RUN npm run build\n",
"value": "npm run build",
"__startline__": 22,
"__endline__": 22,
"resource_type": "RUN",
"hash": "1bf185fb6038f1b491f2a2686de4dd9869ccdd9c3e34d2772cf43bd368377aa6"
},
"evaluated_keys": [
"value"
]
},
"code_block": [
[
23,
"RUN npm run build\n"
]
],
"file_path": "/Dockerfile.production",
"file_abs_path": "/scan/Dockerfile.production",
"repo_file_path": "/Dockerfile.production",
"file_line_range": [
23,
23
],
"resource": "/Dockerfile.production.RUN",
"evaluations": null,
"check_class": "checkov.common.graph.checks_infra.base_check",
"fixed_definition": null,
"entity_tags": null,
"caller_file_path": null,
"caller_file_line_range": null,
"resource_address": null,
"severity": null,
"bc_category": null,
"benchmarks": null,
"description": null,
"short_description": null,
"vulnerability_details": null,
"connected_node": null,
"guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-rpm-signed",
"details": [],
"check_len": null,
"definition_context_file_path": null
},
{
"check_id": "CKV2_DOCKER_10",
"bc_check_id": null,
"check_name": "Ensure that packages with untrusted or missing signatures are not used by rpm via the '--nodigest', '--nosignature', '--noverify', or '--nofiledigest' options",
"check_result": {
"result": "PASSED",
"entity": {
"block_name_": "RUN",
"block_type_": "resource",
"file_path_": "/Dockerfile.production",
"config_": {
"content": "RUN corepack enable && corepack prepare npm@10.5.0 --activate\n",
"value": "corepack enable && corepack prepare npm@10.5.0 --activate",
"__startline__": 30,
"__endline__": 30
},
"label_": "resource: RUN",
"id_": "RUN",
"source_": "Dockerfile",
"content": "RUN corepack enable && corepack prepare npm@10.5.0 --activate\n",
"value": "corepack enable && corepack prepare npm@10.5.0 --activate",
"__startline__": 30,
"__endline__": 30,
"resource_type": "RUN",
"hash": "01c88e306f7db45ae7136e3bdb63c4b15978dd024f6ed18210961fc3db3df382"
},
"evaluated_keys": [
"value"
]
},
"code_block": [
[
31,
"RUN corepack enable && corepack prepare npm@10.5.0 --activate\n"
]
],
"file_path": "/Dockerfile.production",
"file_abs_path": "/scan/Dockerfile.production",
"repo_file_path": "/Dockerfile.production",
"file_line_range": [
31,
31
],
"resource": "/Dockerfile.production.RUN",
"evaluations": null,
"check_class": "checkov.common.graph.checks_infra.base_check",
"fixed_definition": null,
"entity_tags": null,
"caller_file_path": null,
"caller_file_line_range": null,
"resource_address": null,
"severity": null,
"bc_category": null,
"benchmarks": null,
"description": null,
"short_description": null,
"vulnerability_details": null,
"connected_node": null,
"guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-rpm-signed",
"details": [],
"check_len": null,
"definition_context_file_path": null
},
{
"check_id": "CKV2_DOCKER_10",
"bc_check_id": null,
"check_name": "Ensure that packages with untrusted or missing signatures are not used by rpm via the '--nodigest', '--nosignature', '--noverify', or '--nofiledigest' options",
"check_result": {
"result": "PASSED",
"entity": {
"block_name_": "RUN",
"block_type_": "resource",
"file_path_": "/Dockerfile.test",
"config_": {
"content": "RUN corepack enable && corepack prepare npm@10.5.0 --activate\n",
"value": "corepack enable && corepack prepare npm@10.5.0 --activate",
"__startline__": 4,
"__endline__": 4
},
"label_": "resource: RUN",
"id_": "RUN",
"source_": "Dockerfile",
"content": "RUN corepack enable && corepack prepare npm@10.5.0 --activate\n",
"value": "corepack enable && corepack prepare npm@10.5.0 --activate",
"__startline__": 4,
"__endline__": 4,
"resource_type": "RUN",
"hash": "1d5fb0a211498b8baf37e5744578ad03459da7798534298981f23fdefb7eb757"
},
"evaluated_keys": [
"value"
]
},
"code_block": [
[
5,
"RUN corepack enable && corepack prepare npm@10.5.0 --activate\n"
]
],
"file_path": "/Dockerfile.test",
"file_abs_path": "/scan/Dockerfile.test",
"repo_file_path": "/Dockerfile.test",
"file_line_range": [
5,
5
],
"resource": "/Dockerfile.test.RUN",
"evaluations": null,
"check_class": "checkov.common.graph.checks_infra.base_check",
"fixed_definition": null,
"entity_tags": null,
"caller_file_path": null,
"caller_file_line_range": null,
"resource_address": null,
"severity": null,
"bc_category": null,
"benchmarks": null,
"description": null,
"short_description": null,
"vulnerability_details": null,
"connected_node": null,
"guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-rpm-signed",
"details": [],
"check_len": null,
"definition_context_file_path": null
},
{
"check_id": "CKV2_DOCKER_10",
"bc_check_id": null,
"check_name": "Ensure that packages with untrusted or missing signatures are not used by rpm via the '--nodigest', '--nosignature', '--noverify', or '--nofiledigest' options",
"check_result": {
"result": "PASSED",
"entity": {
"block_name_": "RUN",
"block_type_": "resource",
"file_path_": "/Dockerfile.test",
"config_": {
"content": "RUN npm install\n",
"value": "npm install",
"__startline__": 10,
"__endline__": 10
},
"label_": "resource: RUN",
"id_": "RUN",
"source_": "Dockerfile",
"content": "RUN npm install\n",
"value": "npm install",
"__startline__": 10,
"__endline__": 10,
"resource_type": "RUN",
"hash": "fb809e4860a3131df821aea9480445cc6e2f66dd52744dab5f3d2ef5b2848436"
},
"evaluated_keys": [
"value"
]
},
"code_block": [
[
11,
"RUN npm install\n"
]
],
"file_path": "/Dockerfile.test",
"file_abs_path": "/scan/Dockerfile.test",
"repo_file_path": "/Dockerfile.test",
"file_line_range": [
11,
11
],
"resource": "/Dockerfile.test.RUN",
"evaluations": null,
"check_class": "checkov.common.graph.checks_infra.base_check",
"fixed_definition": null,
"entity_tags": null,
"caller_file_path": null,
"caller_file_line_range": null,
"resource_address": null,
"severity": null,
"bc_category": null,
"benchmarks": null,
"description": null,
"short_description": null,
"vulnerability_details": null,
"connected_node": null,
"guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-rpm-signed",
"details": [],
"check_len": null,
"definition_context_file_path": null
},
{
"check_id": "CKV2_DOCKER_10",
"bc_check_id": null,
"check_name": "Ensure that packages with untrusted or missing signatures are not used by rpm via the '--nodigest', '--nosignature', '--noverify', or '--nofiledigest' options",
"check_result": {
"result": "PASSED",
"entity": {
"block_name_": "RUN",
"block_type_": "resource",
"file_path_": "/Dockerfile.dev",
"config_": {
"content": "RUN npm install -g npm@10.5.0 --no-fund --no-audit\n",
"value": "npm install -g npm@10.5.0 --no-fund --no-audit",
"__startline__": 4,
"__endline__": 4
},
"label_": "resource: RUN",
"id_": "RUN",
"source_": "Dockerfile",
"content": "RUN npm install -g npm@10.5.0 --no-fund --no-audit\n",
"value": "npm install -g npm@10.5.0 --no-fund --no-audit",
"__startline__": 4,
"__endline__": 4,
"resource_type": "RUN",
"hash": "435bba968d1d0b4c410ea33851637829a16b2ad878f0b9531a737c7a444f91b9"
},
"evaluated_keys": [
"value"
]
},
"code_block": [
[
5,
"RUN npm install -g npm@10.5.0 --no-fund --no-audit\n"
]
],
"file_path": "/Dockerfile.dev",
"file_abs_path": "/scan/Dockerfile.dev",
"repo_file_path": "/Dockerfile.dev",
"file_line_range": [
5,
5
],
"resource": "/Dockerfile.dev.RUN",
"evaluations": null,
"check_class": "checkov.common.graph.checks_infra.base_check",
"fixed_definition": null,
"entity_tags": null,
"caller_file_path": null,
"caller_file_line_range": null,
"resource_address": null,
"severity": null,
"bc_category": null,
"benchmarks": null,
"description": null,
"short_description": null,
"vulnerability_details": null,
"connected_node": null,
"guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-rpm-signed",
"details": [],
"check_len": null,
"definition_context_file_path": null
},
{
"check_id": "CKV2_DOCKER_10",
"bc_check_id": null,
"check_name": "Ensure that packages with untrusted or missing signatures are not used by rpm via the '--nodigest', '--nosignature', '--noverify', or '--nofiledigest' options",
"check_result": {
"result": "PASSED",
"entity": {
"block_name_": "RUN",
"block_type_": "resource",
"file_path_": "/Dockerfile.dev",
"config_": {
"content": "RUN npm ci --no-fund --no-audit\n",
"value": "npm ci --no-fund --no-audit",
"__startline__": 10,
"__endline__": 10
},
"label_": "resource: RUN",
"id_": "RUN",
"source_": "Dockerfile",
"content": "RUN npm ci --no-fund --no-audit\n",
"value": "npm ci --no-fund --no-audit",
"__startline__": 10,
"__endline__": 10,
"resource_type": "RUN",
"hash": "57abb1bbe03890ab19f47e5f96b9cbcee02aab65f6980d523df42faf41b709fa"
},
"evaluated_keys": [
"value"
]
},
"code_block": [
[
11,
"RUN npm ci --no-fund --no-audit\n"
]
],
"file_path": "/Dockerfile.dev",
"file_abs_path": "/scan/Dockerfile.dev",
"repo_file_path": "/Dockerfile.dev",
"file_line_range": [
11,
11
],
"resource": "/Dockerfile.dev.RUN",
"evaluations": null,
"check_class": "checkov.common.graph.checks_infra.base_check",
"fixed_definition": null,
"entity_tags": null,
"caller_file_path": null,
"caller_file_line_range": null,
"resource_address": null,
"severity": null,
"bc_category": null,
"benchmarks": null,
"description": null,
"short_description": null,
"vulnerability_details": null,
"connected_node": null,
"guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-rpm-signed",
"details": [],
"check_len": null,
"definition_context_file_path": null
},
{
"check_id": "CKV2_DOCKER_7",
"bc_check_id": null,
"check_name": "Ensure that packages with untrusted or missing signatures are not used by apk via the '--allow-untrusted' option",
"check_result": {
"result": "PASSED",
"entity": {
"block_name_": "RUN",
"block_type_": "resource",
"file_path_": "/Dockerfile.production",
"config_": {
"content": "RUN corepack enable && corepack prepare npm@10.5.0 --activate\n",
"value": "corepack enable && corepack prepare npm@10.5.0 --activate",
"__startline__": 4,
"__endline__": 4
},
"label_": "resource: RUN",
"id_": "RUN",
"source_": "Dockerfile",
"content": "RUN corepack enable && corepack prepare npm@10.5.0 --activate\n",
"value": "corepack enable && corepack prepare npm@10.5.0 --activate",
"__startline__": 4,
"__endline__": 4,
"resource_type": "RUN",
"hash": "dbd32b6bad6b728919787011f82d60c50d7b2d1c079f814de2b1640696c98816"
},
"evaluated_keys": [
"value"
]
},
"code_block": [
[
5,
"RUN corepack enable && corepack prepare npm@10.5.0 --activate\n"
]
],
"file_path": "/Dockerfile.production",
"file_abs_path": "/scan/Dockerfile.production",
"repo_file_path": "/Dockerfile.production",
"file_line_range": [
5,
5
],
"resource": "/Dockerfile.production.RUN",
"evaluations": null,
"check_class": "checkov.common.graph.checks_infra.base_check",
"fixed_definition": null,
"entity_tags": null,
"caller_file_path": null,
"caller_file_line_range": null,
"resource_address": null,
"severity": null,
"bc_category": null,
"benchmarks": null,
"description": null,
"short_description": null,
"vulnerability_details": null,
"connected_node": null,
"guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-apk-trusted",
"details": [],
"check_len": null,
"definition_context_file_path": null
},
{
"check_id": "CKV2_DOCKER_7",
"bc_check_id": null,
"check_name": "Ensure that packages with untrusted or missing signatures are not used by apk via the '--allow-untrusted' option",
"check_result": {
"result": "PASSED",
"entity": {
"block_name_": "RUN",
"block_type_": "resource",
"file_path_": "/Dockerfile.production",
"config_": {
"content": "RUN npm install\n",
"value": "npm install",
"__startline__": 20,
"__endline__": 20
},
"label_": "resource: RUN",
"id_": "RUN",
"source_": "Dockerfile",
"content": "RUN npm install\n",
"value": "npm install",
"__startline__": 20,
"__endline__": 20,
"resource_type": "RUN",
"hash": "6979b14e6a853ac150ffef85c5e28fd49c956054ea2cb1d01440e13b17260c4a"
},
"evaluated_keys": [
"value"
]
},
"code_block": [
[
21,
"RUN npm install\n"
]
],
"file_path": "/Dockerfile.production",
"file_abs_path": "/scan/Dockerfile.production",
"repo_file_path": "/Dockerfile.production",
"file_line_range": [
21,
21
],
"resource": "/Dockerfile.production.RUN",
"evaluations": null,
"check_class": "checkov.common.graph.checks_infra.base_check",
"fixed_definition": null,
"entity_tags": null,
"caller_file_path": null,
"caller_file_line_range": null,
"resource_address": null,
"severity": null,
"bc_category": null,
"benchmarks": null,
"description": null,
"short_description": null,
"vulnerability_details": null,
"connected_node": null,
"guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-apk-trusted",
"details": [],
"check_len": null,
"definition_context_file_path": null
},
{
"check_id": "CKV2_DOCKER_7",
"bc_check_id": null,
"check_name": "Ensure that packages with untrusted or missing signatures are not used by apk via the '--allow-untrusted' option",
"check_result": {
"result": "PASSED",
"entity": {
"block_name_": "RUN",
"block_type_": "resource",
"file_path_": "/Dockerfile.production",
"config_": {
"content": "RUN npm run db:generate\n",
"value": "npm run db:generate",
"__startline__": 21,
"__endline__": 21
},
"label_": "resource: RUN",
"id_": "RUN",
"source_": "Dockerfile",
"content": "RUN npm run db:generate\n",
"value": "npm run db:generate",
"__startline__": 21,
"__endline__": 21,
"resource_type": "RUN",
"hash": "c1f9cc0c42260bb0183d7e7b9ec2edab99837111ad42dbbdd7fad09ff3e37ab0"
},
"evaluated_keys": [
"value"
]
},
"code_block": [
[
22,
"RUN npm run db:generate\n"
]
],
"file_path": "/Dockerfile.production",
"file_abs_path": "/scan/Dockerfile.production",
"repo_file_path": "/Dockerfile.production",
"file_line_range": [
22,
22
],
"resource": "/Dockerfile.production.RUN",
"evaluations": null,
"check_class": "checkov.common.graph.checks_infra.base_check",
"fixed_definition": null,
"entity_tags": null,
"caller_file_path": null,
"caller_file_line_range": null,
"resource_address": null,
"severity": null,
"bc_category": null,
"benchmarks": null,
"description": null,
"short_description": null,
"vulnerability_details": null,
"connected_node": null,
"guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-apk-trusted",
"details": [],
"check_len": null,
"definition_context_file_path": null
},
{
"check_id": "CKV2_DOCKER_7",
"bc_check_id": null,
"check_name": "Ensure that packages with untrusted or missing signatures are not used by apk via the '--allow-untrusted' option",
"check_result": {
"result": "PASSED",
"entity": {
"block_name_": "RUN",
"block_type_": "resource",
"file_path_": "/Dockerfile.production",
"config_": {
"content": "RUN npm run build\n",
"value": "npm run build",
"__startline__": 22,
"__endline__": 22
},
"label_": "resource: RUN",
"id_": "RUN",
"source_": "Dockerfile",
"content": "RUN npm run build\n",
"value": "npm run build",
"__startline__": 22,
"__endline__": 22,
"resource_type": "RUN",
"hash": "1bf185fb6038f1b491f2a2686de4dd9869ccdd9c3e34d2772cf43bd368377aa6"
},
"evaluated_keys": [
"value"
]
},
"code_block": [
[
23,
"RUN npm run build\n"
]
],
"file_path": "/Dockerfile.production",
"file_abs_path": "/scan/Dockerfile.production",
"repo_file_path": "/Dockerfile.production",
"file_line_range": [
23,
23
],
"resource": "/Dockerfile.production.RUN",
"evaluations": null,
"check_class": "checkov.common.graph.checks_infra.base_check",
"fixed_definition": null,
"entity_tags": null,
"caller_file_path": null,
"caller_file_line_range": null,
"resource_address": null,
"severity": null,
"bc_category": null,
"benchmarks": null,
"description": null,
"short_description": null,
"vulnerability_details": null,
"connected_node": null,
"guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-apk-trusted",
"details": [],
"check_len": null,
"definition_context_file_path": null
},
{
"check_id": "CKV2_DOCKER_7",
"bc_check_id": null,
"check_name": "Ensure that packages with untrusted or missing signatures are not used by apk via the '--allow-untrusted' option",
"check_result": {
"result": "PASSED",
"entity": {
"block_name_": "RUN",
"block_type_": "resource",
"file_path_": "/Dockerfile.production",
"config_": {
"content": "RUN corepack enable && corepack prepare npm@10.5.0 --activate\n",
"value": "corepack enable && corepack prepare npm@10.5.0 --activate",
"__startline__": 30,
"__endline__": 30
},
"label_": "resource: RUN",
"id_": "RUN",
"source_": "Dockerfile",
"content": "RUN corepack enable && corepack prepare npm@10.5.0 --activate\n",
"value": "corepack enable && corepack prepare npm@10.5.0 --activate",
"__startline__": 30,
"__endline__": 30,
"resource_type": "RUN",
"hash": "01c88e306f7db45ae7136e3bdb63c4b15978dd024f6ed18210961fc3db3df382"
},
"evaluated_keys": [
"value"
]
},
"code_block": [
[
31,
"RUN corepack enable && corepack prepare npm@10.5.0 --activate\n"
]
],
"file_path": "/Dockerfile.production",
"file_abs_path": "/scan/Dockerfile.production",
"repo_file_path": "/Dockerfile.production",
"file_line_range": [
31,
31
],
"resource": "/Dockerfile.production.RUN",
"evaluations": null,
"check_class": "checkov.common.graph.checks_infra.base_check",
"fixed_definition": null,
"entity_tags": null,
"caller_file_path": null,
"caller_file_line_range": null,
"resource_address": null,
"severity": null,
"bc_category": null,
"benchmarks": null,
"description": null,
"short_description": null,
"vulnerability_details": null,
"connected_node": null,
"guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-apk-trusted",
"details": [],
"check_len": null,
"definition_context_file_path": null
},
{
"check_id": "CKV2_DOCKER_7",
"bc_check_id": null,
"check_name": "Ensure that packages with untrusted or missing signatures are not used by apk via the '--allow-untrusted' option",
"check_result": {
"result": "PASSED",
"entity": {
"block_name_": "RUN",
"block_type_": "resource",
"file_path_": "/Dockerfile.test",
"config_": {
"content": "RUN corepack enable && corepack prepare npm@10.5.0 --activate\n",
"value": "corepack enable && corepack prepare npm@10.5.0 --activate",
"__startline__": 4,
"__endline__": 4
},
"label_": "resource: RUN",
"id_": "RUN",
"source_": "Dockerfile",
"content": "RUN corepack enable && corepack prepare npm@10.5.0 --activate\n",
"value": "corepack enable && corepack prepare npm@10.5.0 --activate",
"__startline__": 4,
"__endline__": 4,
"resource_type": "RUN",
"hash": "1d5fb0a211498b8baf37e5744578ad03459da7798534298981f23fdefb7eb757"
},
"evaluated_keys": [
"value"
]
},
"code_block": [
[
5,
"RUN corepack enable && corepack prepare npm@10.5.0 --activate\n"
]
],
"file_path": "/Dockerfile.test",
"file_abs_path": "/scan/Dockerfile.test",
"repo_file_path": "/Dockerfile.test",
"file_line_range": [
5,
5
],
"resource": "/Dockerfile.test.RUN",
"evaluations": null,
"check_class": "checkov.common.graph.checks_infra.base_check",
"fixed_definition": null,
"entity_tags": null,
"caller_file_path": null,
"caller_file_line_range": null,
"resource_address": null,
"severity": null,
"bc_category": null,
"benchmarks": null,
"description": null,
"short_description": null,
"vulnerability_details": null,
"connected_node": null,
"guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-apk-trusted",
"details": [],
"check_len": null,
"definition_context_file_path": null
},
{
"check_id": "CKV2_DOCKER_7",
"bc_check_id": null,
"check_name": "Ensure that packages with untrusted or missing signatures are not used by apk via the '--allow-untrusted' option",
"check_result": {
"result": "PASSED",
"entity": {
"block_name_": "RUN",
"block_type_": "resource",
"file_path_": "/Dockerfile.test",
"config_": {
"content": "RUN npm install\n",
"value": "npm install",
"__startline__": 10,
"__endline__": 10
},
"label_": "resource: RUN",
"id_": "RUN",
"source_": "Dockerfile",
"content": "RUN npm install\n",
"value": "npm install",
"__startline__": 10,
"__endline__": 10,
"resource_type": "RUN",
"hash": "fb809e4860a3131df821aea9480445cc6e2f66dd52744dab5f3d2ef5b2848436"
},
"evaluated_keys": [
"value"
]
},
"code_block": [
[
11,
"RUN npm install\n"
]
],
"file_path": "/Dockerfile.test",
"file_abs_path": "/scan/Dockerfile.test",
"repo_file_path": "/Dockerfile.test",
"file_line_range": [
11,
11
],
"resource": "/Dockerfile.test.RUN",
"evaluations": null,
"check_class": "checkov.common.graph.checks_infra.base_check",
"fixed_definition": null,
"entity_tags": null,
"caller_file_path": null,
"caller_file_line_range": null,
"resource_address": null,
"severity": null,
"bc_category": null,
"benchmarks": null,
"description": null,
"short_description": null,
"vulnerability_details": null,
"connected_node": null,
"guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-apk-trusted",
"details": [],
"check_len": null,
"definition_context_file_path": null
},
{
"check_id": "CKV2_DOCKER_7",
"bc_check_id": null,
"check_name": "Ensure that packages with untrusted or missing signatures are not used by apk via the '--allow-untrusted' option",
"check_result": {
"result": "PASSED",
"entity": {
"block_name_": "RUN",
"block_type_": "resource",
"file_path_": "/Dockerfile.dev",
"config_": {
"content": "RUN npm install -g npm@10.5.0 --no-fund --no-audit\n",
"value": "npm install -g npm@10.5.0 --no-fund --no-audit",
"__startline__": 4,
"__endline__": 4
},
"label_": "resource: RUN",
"id_": "RUN",
"source_": "Dockerfile",
"content": "RUN npm install -g npm@10.5.0 --no-fund --no-audit\n",
"value": "npm install -g npm@10.5.0 --no-fund --no-audit",
"__startline__": 4,
"__endline__": 4,
"resource_type": "RUN",
"hash": "435bba968d1d0b4c410ea33851637829a16b2ad878f0b9531a737c7a444f91b9"
},
"evaluated_keys": [
"value"
]
},
"code_block": [
[
5,
"RUN npm install -g npm@10.5.0 --no-fund --no-audit\n"
]
],
"file_path": "/Dockerfile.dev",
"file_abs_path": "/scan/Dockerfile.dev",
"repo_file_path": "/Dockerfile.dev",
"file_line_range": [
5,
5
],
"resource": "/Dockerfile.dev.RUN",
"evaluations": null,
"check_class": "checkov.common.graph.checks_infra.base_check",
"fixed_definition": null,
"entity_tags": null,
"caller_file_path": null,
"caller_file_line_range": null,
"resource_address": null,
"severity": null,
"bc_category": null,
"benchmarks": null,
"description": null,
"short_description": null,
"vulnerability_details": null,
"connected_node": null,
"guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-apk-trusted",
"details": [],
"check_len": null,
"definition_context_file_path": null
},
{
"check_id": "CKV2_DOCKER_7",
"bc_check_id": null,
"check_name": "Ensure that packages with untrusted or missing signatures are not used by apk via the '--allow-untrusted' option",
"check_result": {
"result": "PASSED",
"entity": {
"block_name_": "RUN",
"block_type_": "resource",
"file_path_": "/Dockerfile.dev",
"config_": {
"content": "RUN npm ci --no-fund --no-audit\n",
"value": "npm ci --no-fund --no-audit",
"__startline__": 10,
"__endline__": 10
},
"label_": "resource: RUN",
"id_": "RUN",
"source_": "Dockerfile",
"content": "RUN npm ci --no-fund --no-audit\n",
"value": "npm ci --no-fund --no-audit",
"__startline__": 10,
"__endline__": 10,
"resource_type": "RUN",
"hash": "57abb1bbe03890ab19f47e5f96b9cbcee02aab65f6980d523df42faf41b709fa"
},
"evaluated_keys": [
"value"
]
},
"code_block": [
[
11,
"RUN npm ci --no-fund --no-audit\n"
]
],
"file_path": "/Dockerfile.dev",
"file_abs_path": "/scan/Dockerfile.dev",
"repo_file_path": "/Dockerfile.dev",
"file_line_range": [
11,
11
],
"resource": "/Dockerfile.dev.RUN",
"evaluations": null,
"check_class": "checkov.common.graph.checks_infra.base_check",
"fixed_definition": null,
"entity_tags": null,
"caller_file_path": null,
"caller_file_line_range": null,
"resource_address": null,
"severity": null,
"bc_category": null,
"benchmarks": null,
"description": null,
"short_description": null,
"vulnerability_details": null,
"connected_node": null,
"guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-apk-trusted",
"details": [],
"check_len": null,
"definition_context_file_path": null
},
{
"check_id": "CKV2_DOCKER_4",
"bc_check_id": null,
"check_name": "Ensure that certificate validation isn't disabled with the pip '--trusted-host' option",
"check_result": {
"result": "PASSED",
"entity": {
"block_name_": "RUN",
"block_type_": "resource",
"file_path_": "/Dockerfile.production",
"config_": {
"content": "RUN corepack enable && corepack prepare npm@10.5.0 --activate\n",
"value": "corepack enable && corepack prepare npm@10.5.0 --activate",
"__startline__": 4,
"__endline__": 4
},
"label_": "resource: RUN",
"id_": "RUN",
"source_": "Dockerfile",
"content": "RUN corepack enable && corepack prepare npm@10.5.0 --activate\n",
"value": "corepack enable && corepack prepare npm@10.5.0 --activate",
"__startline__": 4,
"__endline__": 4,
"resource_type": "RUN",
"hash": "dbd32b6bad6b728919787011f82d60c50d7b2d1c079f814de2b1640696c98816"
},
"evaluated_keys": [
"value"
]
},
"code_block": [
[
5,
"RUN corepack enable && corepack prepare npm@10.5.0 --activate\n"
]
],
"file_path": "/Dockerfile.production",
"file_abs_path": "/scan/Dockerfile.production",
"repo_file_path": "/Dockerfile.production",
"file_line_range": [
5,
5
],
"resource": "/Dockerfile.production.RUN",
"evaluations": null,
"check_class": "checkov.common.graph.checks_infra.base_check",
"fixed_definition": null,
"entity_tags": null,
"caller_file_path": null,
"caller_file_line_range": null,
"resource_address": null,
"severity": null,
"bc_category": null,
"benchmarks": null,
"description": null,
"short_description": null,
"vulnerability_details": null,
"connected_node": null,
"guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-pip-secure",
"details": [],
"check_len": null,
"definition_context_file_path": null
},
{
"check_id": "CKV2_DOCKER_4",
"bc_check_id": null,
"check_name": "Ensure that certificate validation isn't disabled with the pip '--trusted-host' option",
"check_result": {
"result": "PASSED",
"entity": {
"block_name_": "RUN",
"block_type_": "resource",
"file_path_": "/Dockerfile.production",
"config_": {
"content": "RUN npm install\n",
"value": "npm install",
"__startline__": 20,
"__endline__": 20
},
"label_": "resource: RUN",
"id_": "RUN",
"source_": "Dockerfile",
"content": "RUN npm install\n",
"value": "npm install",
"__startline__": 20,
"__endline__": 20,
"resource_type": "RUN",
"hash": "6979b14e6a853ac150ffef85c5e28fd49c956054ea2cb1d01440e13b17260c4a"
},
"evaluated_keys": [
"value"
]
},
"code_block": [
[
21,
"RUN npm install\n"
]
],
"file_path": "/Dockerfile.production",
"file_abs_path": "/scan/Dockerfile.production",
"repo_file_path": "/Dockerfile.production",
"file_line_range": [
21,
21
],
"resource": "/Dockerfile.production.RUN",
"evaluations": null,
"check_class": "checkov.common.graph.checks_infra.base_check",
"fixed_definition": null,
"entity_tags": null,
"caller_file_path": null,
"caller_file_line_range": null,
"resource_address": null,
"severity": null,
"bc_category": null,
"benchmarks": null,
"description": null,
"short_description": null,
"vulnerability_details": null,
"connected_node": null,
"guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-pip-secure",
"details": [],
"check_len": null,
"definition_context_file_path": null
},
{
"check_id": "CKV2_DOCKER_4",
"bc_check_id": null,
"check_name": "Ensure that certificate validation isn't disabled with the pip '--trusted-host' option",
"check_result": {
"result": "PASSED",
"entity": {
"block_name_": "RUN",
"block_type_": "resource",
"file_path_": "/Dockerfile.production",
"config_": {
"content": "RUN npm run db:generate\n",
"value": "npm run db:generate",
"__startline__": 21,
"__endline__": 21
},
"label_": "resource: RUN",
"id_": "RUN",
"source_": "Dockerfile",
"content": "RUN npm run db:generate\n",
"value": "npm run db:generate",
"__startline__": 21,
"__endline__": 21,
"resource_type": "RUN",
"hash": "c1f9cc0c42260bb0183d7e7b9ec2edab99837111ad42dbbdd7fad09ff3e37ab0"
},
"evaluated_keys": [
"value"
]
},
"code_block": [
[
22,
"RUN npm run db:generate\n"
]
],
"file_path": "/Dockerfile.production",
"file_abs_path": "/scan/Dockerfile.production",
"repo_file_path": "/Dockerfile.production",
"file_line_range": [
22,
22
],
"resource": "/Dockerfile.production.RUN",
"evaluations": null,
"check_class": "checkov.common.graph.checks_infra.base_check",
"fixed_definition": null,
"entity_tags": null,
"caller_file_path": null,
"caller_file_line_range": null,
"resource_address": null,
"severity": null,
"bc_category": null,
"benchmarks": null,
"description": null,
"short_description": null,
"vulnerability_details": null,
"connected_node": null,
"guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-pip-secure",
"details": [],
"check_len": null,
"definition_context_file_path": null
},
{
"check_id": "CKV2_DOCKER_4",
"bc_check_id": null,
"check_name": "Ensure that certificate validation isn't disabled with the pip '--trusted-host' option",
"check_result": {
"result": "PASSED",
"entity": {
"block_name_": "RUN",
"block_type_": "resource",
"file_path_": "/Dockerfile.production",
"config_": {
"content": "RUN npm run build\n",
"value": "npm run build",
"__startline__": 22,
"__endline__": 22
},
"label_": "resource: RUN",
"id_": "RUN",
"source_": "Dockerfile",
"content": "RUN npm run build\n",
"value": "npm run build",
"__startline__": 22,
"__endline__": 22,
"resource_type": "RUN",
"hash": "1bf185fb6038f1b491f2a2686de4dd9869ccdd9c3e34d2772cf43bd368377aa6"
},
"evaluated_keys": [
"value"
]
},
"code_block": [
[
23,
"RUN npm run build\n"
]
],
"file_path": "/Dockerfile.production",
"file_abs_path": "/scan/Dockerfile.production",
"repo_file_path": "/Dockerfile.production",
"file_line_range": [
23,
23
],
"resource": "/Dockerfile.production.RUN",
"evaluations": null,
"check_class": "checkov.common.graph.checks_infra.base_check",
"fixed_definition": null,
"entity_tags": null,
"caller_file_path": null,
"caller_file_line_range": null,
"resource_address": null,
"severity": null,
"bc_category": null,
"benchmarks": null,
"description": null,
"short_description": null,
"vulnerability_details": null,
"connected_node": null,
"guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-pip-secure",
"details": [],
"check_len": null,
"definition_context_file_path": null
},
{
"check_id": "CKV2_DOCKER_4",
"bc_check_id": null,
"check_name": "Ensure that certificate validation isn't disabled with the pip '--trusted-host' option",
"check_result": {
"result": "PASSED",
"entity": {
"block_name_": "RUN",
"block_type_": "resource",
"file_path_": "/Dockerfile.production",
"config_": {
"content": "RUN corepack enable && corepack prepare npm@10.5.0 --activate\n",
"value": "corepack enable && corepack prepare npm@10.5.0 --activate",
"__startline__": 30,
"__endline__": 30
},
"label_": "resource: RUN",
"id_": "RUN",
"source_": "Dockerfile",
"content": "RUN corepack enable && corepack prepare npm@10.5.0 --activate\n",
"value": "corepack enable && corepack prepare npm@10.5.0 --activate",
"__startline__": 30,
"__endline__": 30,
"resource_type": "RUN",
"hash": "01c88e306f7db45ae7136e3bdb63c4b15978dd024f6ed18210961fc3db3df382"
},
"evaluated_keys": [
"value"
]
},
"code_block": [
[
31,
"RUN corepack enable && corepack prepare npm@10.5.0 --activate\n"
]
],
"file_path": "/Dockerfile.production",
"file_abs_path": "/scan/Dockerfile.production",
"repo_file_path": "/Dockerfile.production",
"file_line_range": [
31,
31
],
"resource": "/Dockerfile.production.RUN",
"evaluations": null,
"check_class": "checkov.common.graph.checks_infra.base_check",
"fixed_definition": null,
"entity_tags": null,
"caller_file_path": null,
"caller_file_line_range": null,
"resource_address": null,
"severity": null,
"bc_category": null,
"benchmarks": null,
"description": null,
"short_description": null,
"vulnerability_details": null,
"connected_node": null,
"guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-pip-secure",
"details": [],
"check_len": null,
"definition_context_file_path": null
},
{
"check_id": "CKV2_DOCKER_4",
"bc_check_id": null,
"check_name": "Ensure that certificate validation isn't disabled with the pip '--trusted-host' option",
"check_result": {
"result": "PASSED",
"entity": {
"block_name_": "RUN",
"block_type_": "resource",
"file_path_": "/Dockerfile.test",
"config_": {
"content": "RUN corepack enable && corepack prepare npm@10.5.0 --activate\n",
"value": "corepack enable && corepack prepare npm@10.5.0 --activate",
"__startline__": 4,
"__endline__": 4
},
"label_": "resource: RUN",
"id_": "RUN",
"source_": "Dockerfile",
"content": "RUN corepack enable && corepack prepare npm@10.5.0 --activate\n",
"value": "corepack enable && corepack prepare npm@10.5.0 --activate",
"__startline__": 4,
"__endline__": 4,
"resource_type": "RUN",
"hash": "1d5fb0a211498b8baf37e5744578ad03459da7798534298981f23fdefb7eb757"
},
"evaluated_keys": [
"value"
]
},
"code_block": [
[
5,
"RUN corepack enable && corepack prepare npm@10.5.0 --activate\n"
]
],
"file_path": "/Dockerfile.test",
"file_abs_path": "/scan/Dockerfile.test",
"repo_file_path": "/Dockerfile.test",
"file_line_range": [
5,
5
],
"resource": "/Dockerfile.test.RUN",
"evaluations": null,
"check_class": "checkov.common.graph.checks_infra.base_check",
"fixed_definition": null,
"entity_tags": null,
"caller_file_path": null,
"caller_file_line_range": null,
"resource_address": null,
"severity": null,
"bc_category": null,
"benchmarks": null,
"description": null,
"short_description": null,
"vulnerability_details": null,
"connected_node": null,
"guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-pip-secure",
"details": [],
"check_len": null,
"definition_context_file_path": null
},
{
"check_id": "CKV2_DOCKER_4",
"bc_check_id": null,
"check_name": "Ensure that certificate validation isn't disabled with the pip '--trusted-host' option",
"check_result": {
"result": "PASSED",
"entity": {
"block_name_": "RUN",
"block_type_": "resource",
"file_path_": "/Dockerfile.test",
"config_": {
"content": "RUN npm install\n",
"value": "npm install",
"__startline__": 10,
"__endline__": 10
},
"label_": "resource: RUN",
"id_": "RUN",
"source_": "Dockerfile",
"content": "RUN npm install\n",
"value": "npm install",
"__startline__": 10,
"__endline__": 10,
"resource_type": "RUN",
"hash": "fb809e4860a3131df821aea9480445cc6e2f66dd52744dab5f3d2ef5b2848436"
},
"evaluated_keys": [
"value"
]
},
"code_block": [
[
11,
"RUN npm install\n"
]
],
"file_path": "/Dockerfile.test",
"file_abs_path": "/scan/Dockerfile.test",
"repo_file_path": "/Dockerfile.test",
"file_line_range": [
11,
11
],
"resource": "/Dockerfile.test.RUN",
"evaluations": null,
"check_class": "checkov.common.graph.checks_infra.base_check",
"fixed_definition": null,
"entity_tags": null,
"caller_file_path": null,
"caller_file_line_range": null,
"resource_address": null,
"severity": null,
"bc_category": null,
"benchmarks": null,
"description": null,
"short_description": null,
"vulnerability_details": null,
"connected_node": null,
"guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-pip-secure",
"details": [],
"check_len": null,
"definition_context_file_path": null
},
{
"check_id": "CKV2_DOCKER_4",
"bc_check_id": null,
"check_name": "Ensure that certificate validation isn't disabled with the pip '--trusted-host' option",
"check_result": {
"result": "PASSED",
"entity": {
"block_name_": "RUN",
"block_type_": "resource",
"file_path_": "/Dockerfile.dev",
"config_": {
"content": "RUN npm install -g npm@10.5.0 --no-fund --no-audit\n",
"value": "npm install -g npm@10.5.0 --no-fund --no-audit",
"__startline__": 4,
"__endline__": 4
},
"label_": "resource: RUN",
"id_": "RUN",
"source_": "Dockerfile",
"content": "RUN npm install -g npm@10.5.0 --no-fund --no-audit\n",
"value": "npm install -g npm@10.5.0 --no-fund --no-audit",
"__startline__": 4,
"__endline__": 4,
"resource_type": "RUN",
"hash": "435bba968d1d0b4c410ea33851637829a16b2ad878f0b9531a737c7a444f91b9"
},
"evaluated_keys": [
"value"
]
},
"code_block": [
[
5,
"RUN npm install -g npm@10.5.0 --no-fund --no-audit\n"
]
],
"file_path": "/Dockerfile.dev",
"file_abs_path": "/scan/Dockerfile.dev",
"repo_file_path": "/Dockerfile.dev",
"file_line_range": [
5,
5
],
"resource": "/Dockerfile.dev.RUN",
"evaluations": null,
"check_class": "checkov.common.graph.checks_infra.base_check",
"fixed_definition": null,
"entity_tags": null,
"caller_file_path": null,
"caller_file_line_range": null,
"resource_address": null,
"severity": null,
"bc_category": null,
"benchmarks": null,
"description": null,
"short_description": null,
"vulnerability_details": null,
"connected_node": null,
"guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-pip-secure",
"details": [],
"check_len": null,
"definition_context_file_path": null
},
{
"check_id": "CKV2_DOCKER_4",
"bc_check_id": null,
"check_name": "Ensure that certificate validation isn't disabled with the pip '--trusted-host' option",
"check_result": {
"result": "PASSED",
"entity": {
"block_name_": "RUN",
"block_type_": "resource",
"file_path_": "/Dockerfile.dev",
"config_": {
"content": "RUN npm ci --no-fund --no-audit\n",
"value": "npm ci --no-fund --no-audit",
"__startline__": 10,
"__endline__": 10
},
"label_": "resource: RUN",
"id_": "RUN",
"source_": "Dockerfile",
"content": "RUN npm ci --no-fund --no-audit\n",
"value": "npm ci --no-fund --no-audit",
"__startline__": 10,
"__endline__": 10,
"resource_type": "RUN",
"hash": "57abb1bbe03890ab19f47e5f96b9cbcee02aab65f6980d523df42faf41b709fa"
},
"evaluated_keys": [
"value"
]
},
"code_block": [
[
11,
"RUN npm ci --no-fund --no-audit\n"
]
],
"file_path": "/Dockerfile.dev",
"file_abs_path": "/scan/Dockerfile.dev",
"repo_file_path": "/Dockerfile.dev",
"file_line_range": [
11,
11
],
"resource": "/Dockerfile.dev.RUN",
"evaluations": null,
"check_class": "checkov.common.graph.checks_infra.base_check",
"fixed_definition": null,
"entity_tags": null,
"caller_file_path": null,
"caller_file_line_range": null,
"resource_address": null,
"severity": null,
"bc_category": null,
"benchmarks": null,
"description": null,
"short_description": null,
"vulnerability_details": null,
"connected_node": null,
"guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-pip-secure",
"details": [],
"check_len": null,
"definition_context_file_path": null
},
{
"check_id": "CKV2_DOCKER_2",
"bc_check_id": null,
"check_name": "Ensure that certificate validation isn't disabled with curl",
"check_result": {
"result": "PASSED",
"entity": {
"block_name_": "RUN",
"block_type_": "resource",
"file_path_": "/Dockerfile.production",
"config_": {
"content": "RUN corepack enable && corepack prepare npm@10.5.0 --activate\n",
"value": "corepack enable && corepack prepare npm@10.5.0 --activate",
"__startline__": 4,
"__endline__": 4
},
"label_": "resource: RUN",
"id_": "RUN",
"source_": "Dockerfile",
"content": "RUN corepack enable && corepack prepare npm@10.5.0 --activate\n",
"value": "corepack enable && corepack prepare npm@10.5.0 --activate",
"__startline__": 4,
"__endline__": 4,
"resource_type": "RUN",
"hash": "dbd32b6bad6b728919787011f82d60c50d7b2d1c079f814de2b1640696c98816"
},
"evaluated_keys": [
"value"
]
},
"code_block": [
[
5,
"RUN corepack enable && corepack prepare npm@10.5.0 --activate\n"
]
],
"file_path": "/Dockerfile.production",
"file_abs_path": "/scan/Dockerfile.production",
"repo_file_path": "/Dockerfile.production",
"file_line_range": [
5,
5
],
"resource": "/Dockerfile.production.RUN",
"evaluations": null,
"check_class": "checkov.common.graph.checks_infra.base_check",
"fixed_definition": null,
"entity_tags": null,
"caller_file_path": null,
"caller_file_line_range": null,
"resource_address": null,
"severity": null,
"bc_category": null,
"benchmarks": null,
"description": null,
"short_description": null,
"vulnerability_details": null,
"connected_node": null,
"guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-curl-secure",
"details": [],
"check_len": null,
"definition_context_file_path": null
},
{
"check_id": "CKV2_DOCKER_2",
"bc_check_id": null,
"check_name": "Ensure that certificate validation isn't disabled with curl",
"check_result": {
"result": "PASSED",
"entity": {
"block_name_": "RUN",
"block_type_": "resource",
"file_path_": "/Dockerfile.production",
"config_": {
"content": "RUN npm install\n",
"value": "npm install",
"__startline__": 20,
"__endline__": 20
},
"label_": "resource: RUN",
"id_": "RUN",
"source_": "Dockerfile",
"content": "RUN npm install\n",
"value": "npm install",
"__startline__": 20,
"__endline__": 20,
"resource_type": "RUN",
"hash": "6979b14e6a853ac150ffef85c5e28fd49c956054ea2cb1d01440e13b17260c4a"
},
"evaluated_keys": [
"value"
]
},
"code_block": [
[
21,
"RUN npm install\n"
]
],
"file_path": "/Dockerfile.production",
"file_abs_path": "/scan/Dockerfile.production",
"repo_file_path": "/Dockerfile.production",
"file_line_range": [
21,
21
],
"resource": "/Dockerfile.production.RUN",
"evaluations": null,
"check_class": "checkov.common.graph.checks_infra.base_check",
"fixed_definition": null,
"entity_tags": null,
"caller_file_path": null,
"caller_file_line_range": null,
"resource_address": null,
"severity": null,
"bc_category": null,
"benchmarks": null,
"description": null,
"short_description": null,
"vulnerability_details": null,
"connected_node": null,
"guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-curl-secure",
"details": [],
"check_len": null,
"definition_context_file_path": null
},
{
"check_id": "CKV2_DOCKER_2",
"bc_check_id": null,
"check_name": "Ensure that certificate validation isn't disabled with curl",
"check_result": {
"result": "PASSED",
"entity": {
"block_name_": "RUN",
"block_type_": "resource",
"file_path_": "/Dockerfile.production",
"config_": {
"content": "RUN npm run db:generate\n",
"value": "npm run db:generate",
"__startline__": 21,
"__endline__": 21
},
"label_": "resource: RUN",
"id_": "RUN",
"source_": "Dockerfile",
"content": "RUN npm run db:generate\n",
"value": "npm run db:generate",
"__startline__": 21,
"__endline__": 21,
"resource_type": "RUN",
"hash": "c1f9cc0c42260bb0183d7e7b9ec2edab99837111ad42dbbdd7fad09ff3e37ab0"
},
"evaluated_keys": [
"value"
]
},
"code_block": [
[
22,
"RUN npm run db:generate\n"
]
],
"file_path": "/Dockerfile.production",
"file_abs_path": "/scan/Dockerfile.production",
"repo_file_path": "/Dockerfile.production",
"file_line_range": [
22,
22
],
"resource": "/Dockerfile.production.RUN",
"evaluations": null,
"check_class": "checkov.common.graph.checks_infra.base_check",
"fixed_definition": null,
"entity_tags": null,
"caller_file_path": null,
"caller_file_line_range": null,
"resource_address": null,
"severity": null,
"bc_category": null,
"benchmarks": null,
"description": null,
"short_description": null,
"vulnerability_details": null,
"connected_node": null,
"guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-curl-secure",
"details": [],
"check_len": null,
"definition_context_file_path": null
},
{
"check_id": "CKV2_DOCKER_2",
"bc_check_id": null,
"check_name": "Ensure that certificate validation isn't disabled with curl",
"check_result": {
"result": "PASSED",
"entity": {
"block_name_": "RUN",
"block_type_": "resource",
"file_path_": "/Dockerfile.production",
"config_": {
"content": "RUN npm run build\n",
"value": "npm run build",
"__startline__": 22,
"__endline__": 22
},
"label_": "resource: RUN",
"id_": "RUN",
"source_": "Dockerfile",
"content": "RUN npm run build\n",
"value": "npm run build",
"__startline__": 22,
"__endline__": 22,
"resource_type": "RUN",
"hash": "1bf185fb6038f1b491f2a2686de4dd9869ccdd9c3e34d2772cf43bd368377aa6"
},
"evaluated_keys": [
"value"
]
},
"code_block": [
[
23,
"RUN npm run build\n"
]
],
"file_path": "/Dockerfile.production",
"file_abs_path": "/scan/Dockerfile.production",
"repo_file_path": "/Dockerfile.production",
"file_line_range": [
23,
23
],
"resource": "/Dockerfile.production.RUN",
"evaluations": null,
"check_class": "checkov.common.graph.checks_infra.base_check",
"fixed_definition": null,
"entity_tags": null,
"caller_file_path": null,
"caller_file_line_range": null,
"resource_address": null,
"severity": null,
"bc_category": null,
"benchmarks": null,
"description": null,
"short_description": null,
"vulnerability_details": null,
"connected_node": null,
"guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-curl-secure",
"details": [],
"check_len": null,
"definition_context_file_path": null
},
{
"check_id": "CKV2_DOCKER_2",
"bc_check_id": null,
"check_name": "Ensure that certificate validation isn't disabled with curl",
"check_result": {
"result": "PASSED",
"entity": {
"block_name_": "RUN",
"block_type_": "resource",
"file_path_": "/Dockerfile.production",
"config_": {
"content": "RUN corepack enable && corepack prepare npm@10.5.0 --activate\n",
"value": "corepack enable && corepack prepare npm@10.5.0 --activate",
"__startline__": 30,
"__endline__": 30
},
"label_": "resource: RUN",
"id_": "RUN",
"source_": "Dockerfile",
"content": "RUN corepack enable && corepack prepare npm@10.5.0 --activate\n",
"value": "corepack enable && corepack prepare npm@10.5.0 --activate",
"__startline__": 30,
"__endline__": 30,
"resource_type": "RUN",
"hash": "01c88e306f7db45ae7136e3bdb63c4b15978dd024f6ed18210961fc3db3df382"
},
"evaluated_keys": [
"value"
]
},
"code_block": [
[
31,
"RUN corepack enable && corepack prepare npm@10.5.0 --activate\n"
]
],
"file_path": "/Dockerfile.production",
"file_abs_path": "/scan/Dockerfile.production",
"repo_file_path": "/Dockerfile.production",
"file_line_range": [
31,
31
],
"resource": "/Dockerfile.production.RUN",
"evaluations": null,
"check_class": "checkov.common.graph.checks_infra.base_check",
"fixed_definition": null,
"entity_tags": null,
"caller_file_path": null,
"caller_file_line_range": null,
"resource_address": null,
"severity": null,
"bc_category": null,
"benchmarks": null,
"description": null,
"short_description": null,
"vulnerability_details": null,
"connected_node": null,
"guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-curl-secure",
"details": [],
"check_len": null,
"definition_context_file_path": null
},
{
"check_id": "CKV2_DOCKER_2",
"bc_check_id": null,
"check_name": "Ensure that certificate validation isn't disabled with curl",
"check_result": {
"result": "PASSED",
"entity": {
"block_name_": "RUN",
"block_type_": "resource",
"file_path_": "/Dockerfile.test",
"config_": {
"content": "RUN corepack enable && corepack prepare npm@10.5.0 --activate\n",
"value": "corepack enable && corepack prepare npm@10.5.0 --activate",
"__startline__": 4,
"__endline__": 4
},
"label_": "resource: RUN",
"id_": "RUN",
"source_": "Dockerfile",
"content": "RUN corepack enable && corepack prepare npm@10.5.0 --activate\n",
"value": "corepack enable && corepack prepare npm@10.5.0 --activate",
"__startline__": 4,
"__endline__": 4,
"resource_type": "RUN",
"hash": "1d5fb0a211498b8baf37e5744578ad03459da7798534298981f23fdefb7eb757"
},
"evaluated_keys": [
"value"
]
},
"code_block": [
[
5,
"RUN corepack enable && corepack prepare npm@10.5.0 --activate\n"
]
],
"file_path": "/Dockerfile.test",
"file_abs_path": "/scan/Dockerfile.test",
"repo_file_path": "/Dockerfile.test",
"file_line_range": [
5,
5
],
"resource": "/Dockerfile.test.RUN",
"evaluations": null,
"check_class": "checkov.common.graph.checks_infra.base_check",
"fixed_definition": null,
"entity_tags": null,
"caller_file_path": null,
"caller_file_line_range": null,
"resource_address": null,
"severity": null,
"bc_category": null,
"benchmarks": null,
"description": null,
"short_description": null,
"vulnerability_details": null,
"connected_node": null,
"guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-curl-secure",
"details": [],
"check_len": null,
"definition_context_file_path": null
},
{
"check_id": "CKV2_DOCKER_2",
"bc_check_id": null,
"check_name": "Ensure that certificate validation isn't disabled with curl",
"check_result": {
"result": "PASSED",
"entity": {
"block_name_": "RUN",
"block_type_": "resource",
"file_path_": "/Dockerfile.test",
"config_": {
"content": "RUN npm install\n",
"value": "npm install",
"__startline__": 10,
"__endline__": 10
},
"label_": "resource: RUN",
"id_": "RUN",
"source_": "Dockerfile",
"content": "RUN npm install\n",
"value": "npm install",
"__startline__": 10,
"__endline__": 10,
"resource_type": "RUN",
"hash": "fb809e4860a3131df821aea9480445cc6e2f66dd52744dab5f3d2ef5b2848436"
},
"evaluated_keys": [
"value"
]
},
"code_block": [
[
11,
"RUN npm install\n"
]
],
"file_path": "/Dockerfile.test",
"file_abs_path": "/scan/Dockerfile.test",
"repo_file_path": "/Dockerfile.test",
"file_line_range": [
11,
11
],
"resource": "/Dockerfile.test.RUN",
"evaluations": null,
"check_class": "checkov.common.graph.checks_infra.base_check",
"fixed_definition": null,
"entity_tags": null,
"caller_file_path": null,
"caller_file_line_range": null,
"resource_address": null,
"severity": null,
"bc_category": null,
"benchmarks": null,
"description": null,
"short_description": null,
"vulnerability_details": null,
"connected_node": null,
"guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-curl-secure",
"details": [],
"check_len": null,
"definition_context_file_path": null
},
{
"check_id": "CKV2_DOCKER_2",
"bc_check_id": null,
"check_name": "Ensure that certificate validation isn't disabled with curl",
"check_result": {
"result": "PASSED",
"entity": {
"block_name_": "RUN",
"block_type_": "resource",
"file_path_": "/Dockerfile.dev",
"config_": {
"content": "RUN npm install -g npm@10.5.0 --no-fund --no-audit\n",
"value": "npm install -g npm@10.5.0 --no-fund --no-audit",
"__startline__": 4,
"__endline__": 4
},
"label_": "resource: RUN",
"id_": "RUN",
"source_": "Dockerfile",
"content": "RUN npm install -g npm@10.5.0 --no-fund --no-audit\n",
"value": "npm install -g npm@10.5.0 --no-fund --no-audit",
"__startline__": 4,
"__endline__": 4,
"resource_type": "RUN",
"hash": "435bba968d1d0b4c410ea33851637829a16b2ad878f0b9531a737c7a444f91b9"
},
"evaluated_keys": [
"value"
]
},
"code_block": [
[
5,
"RUN npm install -g npm@10.5.0 --no-fund --no-audit\n"
]
],
"file_path": "/Dockerfile.dev",
"file_abs_path": "/scan/Dockerfile.dev",
"repo_file_path": "/Dockerfile.dev",
"file_line_range": [
5,
5
],
"resource": "/Dockerfile.dev.RUN",
"evaluations": null,
"check_class": "checkov.common.graph.checks_infra.base_check",
"fixed_definition": null,
"entity_tags": null,
"caller_file_path": null,
"caller_file_line_range": null,
"resource_address": null,
"severity": null,
"bc_category": null,
"benchmarks": null,
"description": null,
"short_description": null,
"vulnerability_details": null,
"connected_node": null,
"guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-curl-secure",
"details": [],
"check_len": null,
"definition_context_file_path": null
},
{
"check_id": "CKV2_DOCKER_2",
"bc_check_id": null,
"check_name": "Ensure that certificate validation isn't disabled with curl",
"check_result": {
"result": "PASSED",
"entity": {
"block_name_": "RUN",
"block_type_": "resource",
"file_path_": "/Dockerfile.dev",
"config_": {
"content": "RUN npm ci --no-fund --no-audit\n",
"value": "npm ci --no-fund --no-audit",
"__startline__": 10,
"__endline__": 10
},
"label_": "resource: RUN",
"id_": "RUN",
"source_": "Dockerfile",
"content": "RUN npm ci --no-fund --no-audit\n",
"value": "npm ci --no-fund --no-audit",
"__startline__": 10,
"__endline__": 10,
"resource_type": "RUN",
"hash": "57abb1bbe03890ab19f47e5f96b9cbcee02aab65f6980d523df42faf41b709fa"
},
"evaluated_keys": [
"value"
]
},
"code_block": [
[
11,
"RUN npm ci --no-fund --no-audit\n"
]
],
"file_path": "/Dockerfile.dev",
"file_abs_path": "/scan/Dockerfile.dev",
"repo_file_path": "/Dockerfile.dev",
"file_line_range": [
11,
11
],
"resource": "/Dockerfile.dev.RUN",
"evaluations": null,
"check_class": "checkov.common.graph.checks_infra.base_check",
"fixed_definition": null,
"entity_tags": null,
"caller_file_path": null,
"caller_file_line_range": null,
"resource_address": null,
"severity": null,
"bc_category": null,
"benchmarks": null,
"description": null,
"short_description": null,
"vulnerability_details": null,
"connected_node": null,
"guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-curl-secure",
"details": [],
"check_len": null,
"definition_context_file_path": null
},
{
"check_id": "CKV2_DOCKER_9",
"bc_check_id": null,
"check_name": "Ensure that packages with untrusted or missing GPG signatures are not used by dnf, tdnf, or yum via the '--nogpgcheck' option",
"check_result": {
"result": "PASSED",
"entity": {
"block_name_": "RUN",
"block_type_": "resource",
"file_path_": "/Dockerfile.production",
"config_": {
"content": "RUN corepack enable && corepack prepare npm@10.5.0 --activate\n",
"value": "corepack enable && corepack prepare npm@10.5.0 --activate",
"__startline__": 4,
"__endline__": 4
},
"label_": "resource: RUN",
"id_": "RUN",
"source_": "Dockerfile",
"content": "RUN corepack enable && corepack prepare npm@10.5.0 --activate\n",
"value": "corepack enable && corepack prepare npm@10.5.0 --activate",
"__startline__": 4,
"__endline__": 4,
"resource_type": "RUN",
"hash": "dbd32b6bad6b728919787011f82d60c50d7b2d1c079f814de2b1640696c98816"
},
"evaluated_keys": [
"value"
]
},
"code_block": [
[
5,
"RUN corepack enable && corepack prepare npm@10.5.0 --activate\n"
]
],
"file_path": "/Dockerfile.production",
"file_abs_path": "/scan/Dockerfile.production",
"repo_file_path": "/Dockerfile.production",
"file_line_range": [
5,
5
],
"resource": "/Dockerfile.production.RUN",
"evaluations": null,
"check_class": "checkov.common.graph.checks_infra.base_check",
"fixed_definition": null,
"entity_tags": null,
"caller_file_path": null,
"caller_file_line_range": null,
"resource_address": null,
"severity": null,
"bc_category": null,
"benchmarks": null,
"description": null,
"short_description": null,
"vulnerability_details": null,
"connected_node": null,
"guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-yum-signed",
"details": [],
"check_len": null,
"definition_context_file_path": null
},
{
"check_id": "CKV2_DOCKER_9",
"bc_check_id": null,
"check_name": "Ensure that packages with untrusted or missing GPG signatures are not used by dnf, tdnf, or yum via the '--nogpgcheck' option",
"check_result": {
"result": "PASSED",
"entity": {
"block_name_": "RUN",
"block_type_": "resource",
"file_path_": "/Dockerfile.production",
"config_": {
"content": "RUN npm install\n",
"value": "npm install",
"__startline__": 20,
"__endline__": 20
},
"label_": "resource: RUN",
"id_": "RUN",
"source_": "Dockerfile",
"content": "RUN npm install\n",
"value": "npm install",
"__startline__": 20,
"__endline__": 20,
"resource_type": "RUN",
"hash": "6979b14e6a853ac150ffef85c5e28fd49c956054ea2cb1d01440e13b17260c4a"
},
"evaluated_keys": [
"value"
]
},
"code_block": [
[
21,
"RUN npm install\n"
]
],
"file_path": "/Dockerfile.production",
"file_abs_path": "/scan/Dockerfile.production",
"repo_file_path": "/Dockerfile.production",
"file_line_range": [
21,
21
],
"resource": "/Dockerfile.production.RUN",
"evaluations": null,
"check_class": "checkov.common.graph.checks_infra.base_check",
"fixed_definition": null,
"entity_tags": null,
"caller_file_path": null,
"caller_file_line_range": null,
"resource_address": null,
"severity": null,
"bc_category": null,
"benchmarks": null,
"description": null,
"short_description": null,
"vulnerability_details": null,
"connected_node": null,
"guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-yum-signed",
"details": [],
"check_len": null,
"definition_context_file_path": null
},
{
"check_id": "CKV2_DOCKER_9",
"bc_check_id": null,
"check_name": "Ensure that packages with untrusted or missing GPG signatures are not used by dnf, tdnf, or yum via the '--nogpgcheck' option",
"check_result": {
"result": "PASSED",
"entity": {
"block_name_": "RUN",
"block_type_": "resource",
"file_path_": "/Dockerfile.production",
"config_": {
"content": "RUN npm run db:generate\n",
"value": "npm run db:generate",
"__startline__": 21,
"__endline__": 21
},
"label_": "resource: RUN",
"id_": "RUN",
"source_": "Dockerfile",
"content": "RUN npm run db:generate\n",
"value": "npm run db:generate",
"__startline__": 21,
"__endline__": 21,
"resource_type": "RUN",
"hash": "c1f9cc0c42260bb0183d7e7b9ec2edab99837111ad42dbbdd7fad09ff3e37ab0"
},
"evaluated_keys": [
"value"
]
},
"code_block": [
[
22,
"RUN npm run db:generate\n"
]
],
"file_path": "/Dockerfile.production",
"file_abs_path": "/scan/Dockerfile.production",
"repo_file_path": "/Dockerfile.production",
"file_line_range": [
22,
22
],
"resource": "/Dockerfile.production.RUN",
"evaluations": null,
"check_class": "checkov.common.graph.checks_infra.base_check",
"fixed_definition": null,
"entity_tags": null,
"caller_file_path": null,
"caller_file_line_range": null,
"resource_address": null,
"severity": null,
"bc_category": null,
"benchmarks": null,
"description": null,
"short_description": null,
"vulnerability_details": null,
"connected_node": null,
"guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-yum-signed",
"details": [],
"check_len": null,
"definition_context_file_path": null
},
{
"check_id": "CKV2_DOCKER_9",
"bc_check_id": null,
"check_name": "Ensure that packages with untrusted or missing GPG signatures are not used by dnf, tdnf, or yum via the '--nogpgcheck' option",
"check_result": {
"result": "PASSED",
"entity": {
"block_name_": "RUN",
"block_type_": "resource",
"file_path_": "/Dockerfile.production",
"config_": {
"content": "RUN npm run build\n",
"value": "npm run build",
"__startline__": 22,
"__endline__": 22
},
"label_": "resource: RUN",
"id_": "RUN",
"source_": "Dockerfile",
"content": "RUN npm run build\n",
"value": "npm run build",
"__startline__": 22,
"__endline__": 22,
"resource_type": "RUN",
"hash": "1bf185fb6038f1b491f2a2686de4dd9869ccdd9c3e34d2772cf43bd368377aa6"
},
"evaluated_keys": [
"value"
]
},
"code_block": [
[
23,
"RUN npm run build\n"
]
],
"file_path": "/Dockerfile.production",
"file_abs_path": "/scan/Dockerfile.production",
"repo_file_path": "/Dockerfile.production",
"file_line_range": [
23,
23
],
"resource": "/Dockerfile.production.RUN",
"evaluations": null,
"check_class": "checkov.common.graph.checks_infra.base_check",
"fixed_definition": null,
"entity_tags": null,
"caller_file_path": null,
"caller_file_line_range": null,
"resource_address": null,
"severity": null,
"bc_category": null,
"benchmarks": null,
"description": null,
"short_description": null,
"vulnerability_details": null,
"connected_node": null,
"guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-yum-signed",
"details": [],
"check_len": null,
"definition_context_file_path": null
},
{
"check_id": "CKV2_DOCKER_9",
"bc_check_id": null,
"check_name": "Ensure that packages with untrusted or missing GPG signatures are not used by dnf, tdnf, or yum via the '--nogpgcheck' option",
"check_result": {
"result": "PASSED",
"entity": {
"block_name_": "RUN",
"block_type_": "resource",
"file_path_": "/Dockerfile.production",
"config_": {
"content": "RUN corepack enable && corepack prepare npm@10.5.0 --activate\n",
"value": "corepack enable && corepack prepare npm@10.5.0 --activate",
"__startline__": 30,
"__endline__": 30
},
"label_": "resource: RUN",
"id_": "RUN",
"source_": "Dockerfile",
"content": "RUN corepack enable && corepack prepare npm@10.5.0 --activate\n",
"value": "corepack enable && corepack prepare npm@10.5.0 --activate",
"__startline__": 30,
"__endline__": 30,
"resource_type": "RUN",
"hash": "01c88e306f7db45ae7136e3bdb63c4b15978dd024f6ed18210961fc3db3df382"
},
"evaluated_keys": [
"value"
]
},
"code_block": [
[
31,
"RUN corepack enable && corepack prepare npm@10.5.0 --activate\n"
]
],
"file_path": "/Dockerfile.production",
"file_abs_path": "/scan/Dockerfile.production",
"repo_file_path": "/Dockerfile.production",
"file_line_range": [
31,
31
],
"resource": "/Dockerfile.production.RUN",
"evaluations": null,
"check_class": "checkov.common.graph.checks_infra.base_check",
"fixed_definition": null,
"entity_tags": null,
"caller_file_path": null,
"caller_file_line_range": null,
"resource_address": null,
"severity": null,
"bc_category": null,
"benchmarks": null,
"description": null,
"short_description": null,
"vulnerability_details": null,
"connected_node": null,
"guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-yum-signed",
"details": [],
"check_len": null,
"definition_context_file_path": null
},
{
"check_id": "CKV2_DOCKER_9",
"bc_check_id": null,
"check_name": "Ensure that packages with untrusted or missing GPG signatures are not used by dnf, tdnf, or yum via the '--nogpgcheck' option",
"check_result": {
"result": "PASSED",
"entity": {
"block_name_": "RUN",
"block_type_": "resource",
"file_path_": "/Dockerfile.test",
"config_": {
"content": "RUN corepack enable && corepack prepare npm@10.5.0 --activate\n",
"value": "corepack enable && corepack prepare npm@10.5.0 --activate",
"__startline__": 4,
"__endline__": 4
},
"label_": "resource: RUN",
"id_": "RUN",
"source_": "Dockerfile",
"content": "RUN corepack enable && corepack prepare npm@10.5.0 --activate\n",
"value": "corepack enable && corepack prepare npm@10.5.0 --activate",
"__startline__": 4,
"__endline__": 4,
"resource_type": "RUN",
"hash": "1d5fb0a211498b8baf37e5744578ad03459da7798534298981f23fdefb7eb757"
},
"evaluated_keys": [
"value"
]
},
"code_block": [
[
5,
"RUN corepack enable && corepack prepare npm@10.5.0 --activate\n"
]
],
"file_path": "/Dockerfile.test",
"file_abs_path": "/scan/Dockerfile.test",
"repo_file_path": "/Dockerfile.test",
"file_line_range": [
5,
5
],
"resource": "/Dockerfile.test.RUN",
"evaluations": null,
"check_class": "checkov.common.graph.checks_infra.base_check",
"fixed_definition": null,
"entity_tags": null,
"caller_file_path": null,
"caller_file_line_range": null,
"resource_address": null,
"severity": null,
"bc_category": null,
"benchmarks": null,
"description": null,
"short_description": null,
"vulnerability_details": null,
"connected_node": null,
"guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-yum-signed",
"details": [],
"check_len": null,
"definition_context_file_path": null
},
{
"check_id": "CKV2_DOCKER_9",
"bc_check_id": null,
"check_name": "Ensure that packages with untrusted or missing GPG signatures are not used by dnf, tdnf, or yum via the '--nogpgcheck' option",
"check_result": {
"result": "PASSED",
"entity": {
"block_name_": "RUN",
"block_type_": "resource",
"file_path_": "/Dockerfile.test",
"config_": {
"content": "RUN npm install\n",
"value": "npm install",
"__startline__": 10,
"__endline__": 10
},
"label_": "resource: RUN",
"id_": "RUN",
"source_": "Dockerfile",
"content": "RUN npm install\n",
"value": "npm install",
"__startline__": 10,
"__endline__": 10,
"resource_type": "RUN",
"hash": "fb809e4860a3131df821aea9480445cc6e2f66dd52744dab5f3d2ef5b2848436"
},
"evaluated_keys": [
"value"
]
},
"code_block": [
[
11,
"RUN npm install\n"
]
],
"file_path": "/Dockerfile.test",
"file_abs_path": "/scan/Dockerfile.test",
"repo_file_path": "/Dockerfile.test",
"file_line_range": [
11,
11
],
"resource": "/Dockerfile.test.RUN",
"evaluations": null,
"check_class": "checkov.common.graph.checks_infra.base_check",
"fixed_definition": null,
"entity_tags": null,
"caller_file_path": null,
"caller_file_line_range": null,
"resource_address": null,
"severity": null,
"bc_category": null,
"benchmarks": null,
"description": null,
"short_description": null,
"vulnerability_details": null,
"connected_node": null,
"guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-yum-signed",
"details": [],
"check_len": null,
"definition_context_file_path": null
},
{
"check_id": "CKV2_DOCKER_9",
"bc_check_id": null,
"check_name": "Ensure that packages with untrusted or missing GPG signatures are not used by dnf, tdnf, or yum via the '--nogpgcheck' option",
"check_result": {
"result": "PASSED",
"entity": {
"block_name_": "RUN",
"block_type_": "resource",
"file_path_": "/Dockerfile.dev",
"config_": {
"content": "RUN npm install -g npm@10.5.0 --no-fund --no-audit\n",
"value": "npm install -g npm@10.5.0 --no-fund --no-audit",
"__startline__": 4,
"__endline__": 4
},
"label_": "resource: RUN",
"id_": "RUN",
"source_": "Dockerfile",
"content": "RUN npm install -g npm@10.5.0 --no-fund --no-audit\n",
"value": "npm install -g npm@10.5.0 --no-fund --no-audit",
"__startline__": 4,
"__endline__": 4,
"resource_type": "RUN",
"hash": "435bba968d1d0b4c410ea33851637829a16b2ad878f0b9531a737c7a444f91b9"
},
"evaluated_keys": [
"value"
]
},
"code_block": [
[
5,
"RUN npm install -g npm@10.5.0 --no-fund --no-audit\n"
]
],
"file_path": "/Dockerfile.dev",
"file_abs_path": "/scan/Dockerfile.dev",
"repo_file_path": "/Dockerfile.dev",
"file_line_range": [
5,
5
],
"resource": "/Dockerfile.dev.RUN",
"evaluations": null,
"check_class": "checkov.common.graph.checks_infra.base_check",
"fixed_definition": null,
"entity_tags": null,
"caller_file_path": null,
"caller_file_line_range": null,
"resource_address": null,
"severity": null,
"bc_category": null,
"benchmarks": null,
"description": null,
"short_description": null,
"vulnerability_details": null,
"connected_node": null,
"guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-yum-signed",
"details": [],
"check_len": null,
"definition_context_file_path": null
},
{
"check_id": "CKV2_DOCKER_9",
"bc_check_id": null,
"check_name": "Ensure that packages with untrusted or missing GPG signatures are not used by dnf, tdnf, or yum via the '--nogpgcheck' option",
"check_result": {
"result": "PASSED",
"entity": {
"block_name_": "RUN",
"block_type_": "resource",
"file_path_": "/Dockerfile.dev",
"config_": {
"content": "RUN npm ci --no-fund --no-audit\n",
"value": "npm ci --no-fund --no-audit",
"__startline__": 10,
"__endline__": 10
},
"label_": "resource: RUN",
"id_": "RUN",
"source_": "Dockerfile",
"content": "RUN npm ci --no-fund --no-audit\n",
"value": "npm ci --no-fund --no-audit",
"__startline__": 10,
"__endline__": 10,
"resource_type": "RUN",
"hash": "57abb1bbe03890ab19f47e5f96b9cbcee02aab65f6980d523df42faf41b709fa"
},
"evaluated_keys": [
"value"
]
},
"code_block": [
[
11,
"RUN npm ci --no-fund --no-audit\n"
]
],
"file_path": "/Dockerfile.dev",
"file_abs_path": "/scan/Dockerfile.dev",
"repo_file_path": "/Dockerfile.dev",
"file_line_range": [
11,
11
],
"resource": "/Dockerfile.dev.RUN",
"evaluations": null,
"check_class": "checkov.common.graph.checks_infra.base_check",
"fixed_definition": null,
"entity_tags": null,
"caller_file_path": null,
"caller_file_line_range": null,
"resource_address": null,
"severity": null,
"bc_category": null,
"benchmarks": null,
"description": null,
"short_description": null,
"vulnerability_details": null,
"connected_node": null,
"guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-yum-signed",
"details": [],
"check_len": null,
"definition_context_file_path": null
}
],
"failed_checks": [
{
"check_id": "CKV_DOCKER_2",
"bc_check_id": "BC_DKR_2",
"check_name": "Ensure that HEALTHCHECK instructions have been added to container images",
"check_result": {
"result": "FAILED",
"results_configuration": null
},
"code_block": [
[
1,
"FROM node:20-bookworm AS builder\n"
],
[
2,
"\n"
],
[
3,
"WORKDIR /app\n"
],
[
4,
"\n"
],
[
5,
"RUN corepack enable && corepack prepare npm@10.5.0 --activate\n"
],
[
6,
"\n"
],
[
7,
"COPY package.json package-lock.json turbo.json tsconfig.base.json ./\n"
],
[
8,
"COPY apps ./apps\n"
],
[
9,
"COPY packages ./packages\n"
],
[
10,
"\n"
],
[
11,
"# NEXT_PUBLIC_* vars must be present at build time \u2014 they are inlined into JS bundles\n"
],
[
12,
"ARG NEXT_PUBLIC_API_URL\n"
],
[
13,
"ARG NEXT_PUBLIC_MARKETPLACE_URL\n"
],
[
14,
"ARG NEXT_PUBLIC_DASHBOARD_URL\n"
],
[
15,
"ARG NEXT_PUBLIC_ADMIN_URL\n"
],
[
16,
"ENV NEXT_PUBLIC_API_URL=$NEXT_PUBLIC_API_URL \\\n"
],
[
17,
" NEXT_PUBLIC_MARKETPLACE_URL=$NEXT_PUBLIC_MARKETPLACE_URL \\\n"
],
[
18,
" NEXT_PUBLIC_DASHBOARD_URL=$NEXT_PUBLIC_DASHBOARD_URL \\\n"
],
[
19,
" NEXT_PUBLIC_ADMIN_URL=$NEXT_PUBLIC_ADMIN_URL\n"
],
[
20,
"\n"
],
[
21,
"RUN npm install\n"
],
[
22,
"RUN npm run db:generate\n"
],
[
23,
"RUN npm run build\n"
],
[
24,
"\n"
],
[
25,
"FROM node:20-bookworm AS runner\n"
],
[
26,
"\n"
],
[
27,
"WORKDIR /app\n"
],
[
28,
"\n"
],
[
29,
"ENV NODE_ENV=production\n"
],
[
30,
"\n"
],
[
31,
"RUN corepack enable && corepack prepare npm@10.5.0 --activate\n"
],
[
32,
"\n"
],
[
33,
"COPY --from=builder /app/package.json /app/package-lock.json /app/turbo.json /app/tsconfig.base.json ./\n"
],
[
34,
"COPY --from=builder /app/node_modules ./node_modules\n"
],
[
35,
"COPY --from=builder /app/apps ./apps\n"
],
[
36,
"COPY --from=builder /app/packages ./packages\n"
],
[
37,
"\n"
],
[
38,
"EXPOSE 3000 3001 3002 4000\n"
],
[
39,
"\n"
],
[
40,
"CMD [\"npm\", \"run\", \"start\", \"--workspace\", \"@rentaldrivego/api\"]"
]
],
"file_path": "/Dockerfile.production",
"file_abs_path": "/scan/Dockerfile.production",
"repo_file_path": "/Dockerfile.production",
"file_line_range": [
1,
40
],
"resource": "/Dockerfile.production.",
"evaluations": null,
"check_class": "checkov.dockerfile.checks.HealthcheckExists",
"fixed_definition": null,
"entity_tags": null,
"caller_file_path": null,
"caller_file_line_range": null,
"resource_address": null,
"severity": null,
"bc_category": null,
"benchmarks": null,
"description": null,
"short_description": null,
"vulnerability_details": null,
"connected_node": null,
"guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-that-healthcheck-instructions-have-been-added-to-container-images",
"details": [],
"check_len": null,
"definition_context_file_path": null
},
{
"check_id": "CKV_DOCKER_3",
"bc_check_id": "BC_DKR_3",
"check_name": "Ensure that a user for the container has been created",
"check_result": {
"result": "FAILED",
"results_configuration": null
},
"code_block": [
[
1,
"FROM node:20-bookworm AS builder\n"
],
[
2,
"\n"
],
[
3,
"WORKDIR /app\n"
],
[
4,
"\n"
],
[
5,
"RUN corepack enable && corepack prepare npm@10.5.0 --activate\n"
],
[
6,
"\n"
],
[
7,
"COPY package.json package-lock.json turbo.json tsconfig.base.json ./\n"
],
[
8,
"COPY apps ./apps\n"
],
[
9,
"COPY packages ./packages\n"
],
[
10,
"\n"
],
[
11,
"# NEXT_PUBLIC_* vars must be present at build time \u2014 they are inlined into JS bundles\n"
],
[
12,
"ARG NEXT_PUBLIC_API_URL\n"
],
[
13,
"ARG NEXT_PUBLIC_MARKETPLACE_URL\n"
],
[
14,
"ARG NEXT_PUBLIC_DASHBOARD_URL\n"
],
[
15,
"ARG NEXT_PUBLIC_ADMIN_URL\n"
],
[
16,
"ENV NEXT_PUBLIC_API_URL=$NEXT_PUBLIC_API_URL \\\n"
],
[
17,
" NEXT_PUBLIC_MARKETPLACE_URL=$NEXT_PUBLIC_MARKETPLACE_URL \\\n"
],
[
18,
" NEXT_PUBLIC_DASHBOARD_URL=$NEXT_PUBLIC_DASHBOARD_URL \\\n"
],
[
19,
" NEXT_PUBLIC_ADMIN_URL=$NEXT_PUBLIC_ADMIN_URL\n"
],
[
20,
"\n"
],
[
21,
"RUN npm install\n"
],
[
22,
"RUN npm run db:generate\n"
],
[
23,
"RUN npm run build\n"
],
[
24,
"\n"
],
[
25,
"FROM node:20-bookworm AS runner\n"
],
[
26,
"\n"
],
[
27,
"WORKDIR /app\n"
],
[
28,
"\n"
],
[
29,
"ENV NODE_ENV=production\n"
],
[
30,
"\n"
],
[
31,
"RUN corepack enable && corepack prepare npm@10.5.0 --activate\n"
],
[
32,
"\n"
],
[
33,
"COPY --from=builder /app/package.json /app/package-lock.json /app/turbo.json /app/tsconfig.base.json ./\n"
],
[
34,
"COPY --from=builder /app/node_modules ./node_modules\n"
],
[
35,
"COPY --from=builder /app/apps ./apps\n"
],
[
36,
"COPY --from=builder /app/packages ./packages\n"
],
[
37,
"\n"
],
[
38,
"EXPOSE 3000 3001 3002 4000\n"
],
[
39,
"\n"
],
[
40,
"CMD [\"npm\", \"run\", \"start\", \"--workspace\", \"@rentaldrivego/api\"]"
]
],
"file_path": "/Dockerfile.production",
"file_abs_path": "/scan/Dockerfile.production",
"repo_file_path": "/Dockerfile.production",
"file_line_range": [
1,
40
],
"resource": "/Dockerfile.production.",
"evaluations": null,
"check_class": "checkov.dockerfile.checks.UserExists",
"fixed_definition": null,
"entity_tags": null,
"caller_file_path": null,
"caller_file_line_range": null,
"resource_address": null,
"severity": null,
"bc_category": null,
"benchmarks": null,
"description": null,
"short_description": null,
"vulnerability_details": null,
"connected_node": null,
"guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-that-a-user-for-the-container-has-been-created",
"details": [],
"check_len": null,
"definition_context_file_path": null
},
{
"check_id": "CKV_DOCKER_2",
"bc_check_id": "BC_DKR_2",
"check_name": "Ensure that HEALTHCHECK instructions have been added to container images",
"check_result": {
"result": "FAILED",
"results_configuration": null
},
"code_block": [
[
1,
"FROM node:20-bookworm\n"
],
[
2,
"\n"
],
[
3,
"WORKDIR /app\n"
],
[
4,
"\n"
],
[
5,
"RUN corepack enable && corepack prepare npm@10.5.0 --activate\n"
],
[
6,
"\n"
],
[
7,
"COPY package.json package-lock.json turbo.json tsconfig.base.json ./\n"
],
[
8,
"COPY apps ./apps\n"
],
[
9,
"COPY packages ./packages\n"
],
[
10,
"\n"
],
[
11,
"RUN npm install\n"
],
[
12,
"\n"
],
[
13,
"ENV NODE_ENV=test\n"
],
[
14,
"\n"
],
[
15,
"CMD [\"sh\", \"-c\", \"npm run db:deploy && npm run db:generate && npm run type-check && npm run build && npm run test:api:integration\"]"
]
],
"file_path": "/Dockerfile.test",
"file_abs_path": "/scan/Dockerfile.test",
"repo_file_path": "/Dockerfile.test",
"file_line_range": [
1,
15
],
"resource": "/Dockerfile.test.",
"evaluations": null,
"check_class": "checkov.dockerfile.checks.HealthcheckExists",
"fixed_definition": null,
"entity_tags": null,
"caller_file_path": null,
"caller_file_line_range": null,
"resource_address": null,
"severity": null,
"bc_category": null,
"benchmarks": null,
"description": null,
"short_description": null,
"vulnerability_details": null,
"connected_node": null,
"guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-that-healthcheck-instructions-have-been-added-to-container-images",
"details": [],
"check_len": null,
"definition_context_file_path": null
},
{
"check_id": "CKV_DOCKER_3",
"bc_check_id": "BC_DKR_3",
"check_name": "Ensure that a user for the container has been created",
"check_result": {
"result": "FAILED",
"results_configuration": null
},
"code_block": [
[
1,
"FROM node:20-bookworm\n"
],
[
2,
"\n"
],
[
3,
"WORKDIR /app\n"
],
[
4,
"\n"
],
[
5,
"RUN corepack enable && corepack prepare npm@10.5.0 --activate\n"
],
[
6,
"\n"
],
[
7,
"COPY package.json package-lock.json turbo.json tsconfig.base.json ./\n"
],
[
8,
"COPY apps ./apps\n"
],
[
9,
"COPY packages ./packages\n"
],
[
10,
"\n"
],
[
11,
"RUN npm install\n"
],
[
12,
"\n"
],
[
13,
"ENV NODE_ENV=test\n"
],
[
14,
"\n"
],
[
15,
"CMD [\"sh\", \"-c\", \"npm run db:deploy && npm run db:generate && npm run type-check && npm run build && npm run test:api:integration\"]"
]
],
"file_path": "/Dockerfile.test",
"file_abs_path": "/scan/Dockerfile.test",
"repo_file_path": "/Dockerfile.test",
"file_line_range": [
1,
15
],
"resource": "/Dockerfile.test.",
"evaluations": null,
"check_class": "checkov.dockerfile.checks.UserExists",
"fixed_definition": null,
"entity_tags": null,
"caller_file_path": null,
"caller_file_line_range": null,
"resource_address": null,
"severity": null,
"bc_category": null,
"benchmarks": null,
"description": null,
"short_description": null,
"vulnerability_details": null,
"connected_node": null,
"guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-that-a-user-for-the-container-has-been-created",
"details": [],
"check_len": null,
"definition_context_file_path": null
},
{
"check_id": "CKV_DOCKER_2",
"bc_check_id": "BC_DKR_2",
"check_name": "Ensure that HEALTHCHECK instructions have been added to container images",
"check_result": {
"result": "FAILED",
"results_configuration": null
},
"code_block": [
[
1,
"FROM node:20-bookworm\n"
],
[
2,
"\n"
],
[
3,
"WORKDIR /app\n"
],
[
4,
"\n"
],
[
5,
"RUN npm install -g npm@10.5.0 --no-fund --no-audit\n"
],
[
6,
"\n"
],
[
7,
"COPY package.json package-lock.json turbo.json tsconfig.base.json ./\n"
],
[
8,
"COPY apps ./apps\n"
],
[
9,
"COPY packages ./packages\n"
],
[
10,
"\n"
],
[
11,
"RUN npm ci --no-fund --no-audit\n"
],
[
12,
"\n"
],
[
13,
"EXPOSE 3000 3001 3002 3003 4000\n"
],
[
14,
"\n"
],
[
15,
"CMD [\"sh\", \"-c\", \"npm run db:generate && npm run dev\"]"
]
],
"file_path": "/Dockerfile.dev",
"file_abs_path": "/scan/Dockerfile.dev",
"repo_file_path": "/Dockerfile.dev",
"file_line_range": [
1,
15
],
"resource": "/Dockerfile.dev.",
"evaluations": null,
"check_class": "checkov.dockerfile.checks.HealthcheckExists",
"fixed_definition": null,
"entity_tags": null,
"caller_file_path": null,
"caller_file_line_range": null,
"resource_address": null,
"severity": null,
"bc_category": null,
"benchmarks": null,
"description": null,
"short_description": null,
"vulnerability_details": null,
"connected_node": null,
"guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-that-healthcheck-instructions-have-been-added-to-container-images",
"details": [],
"check_len": null,
"definition_context_file_path": null
},
{
"check_id": "CKV_DOCKER_3",
"bc_check_id": "BC_DKR_3",
"check_name": "Ensure that a user for the container has been created",
"check_result": {
"result": "FAILED",
"results_configuration": null
},
"code_block": [
[
1,
"FROM node:20-bookworm\n"
],
[
2,
"\n"
],
[
3,
"WORKDIR /app\n"
],
[
4,
"\n"
],
[
5,
"RUN npm install -g npm@10.5.0 --no-fund --no-audit\n"
],
[
6,
"\n"
],
[
7,
"COPY package.json package-lock.json turbo.json tsconfig.base.json ./\n"
],
[
8,
"COPY apps ./apps\n"
],
[
9,
"COPY packages ./packages\n"
],
[
10,
"\n"
],
[
11,
"RUN npm ci --no-fund --no-audit\n"
],
[
12,
"\n"
],
[
13,
"EXPOSE 3000 3001 3002 3003 4000\n"
],
[
14,
"\n"
],
[
15,
"CMD [\"sh\", \"-c\", \"npm run db:generate && npm run dev\"]"
]
],
"file_path": "/Dockerfile.dev",
"file_abs_path": "/scan/Dockerfile.dev",
"repo_file_path": "/Dockerfile.dev",
"file_line_range": [
1,
15
],
"resource": "/Dockerfile.dev.",
"evaluations": null,
"check_class": "checkov.dockerfile.checks.UserExists",
"fixed_definition": null,
"entity_tags": null,
"caller_file_path": null,
"caller_file_line_range": null,
"resource_address": null,
"severity": null,
"bc_category": null,
"benchmarks": null,
"description": null,
"short_description": null,
"vulnerability_details": null,
"connected_node": null,
"guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-that-a-user-for-the-container-has-been-created",
"details": [],
"check_len": null,
"definition_context_file_path": null
}
],
"skipped_checks": [],
"parsing_errors": []
},
"summary": {
"passed": 205,
"failed": 6,
"skipped": 0,
"parsing_errors": 0,
"resource_count": 3,
"checkov_version": "3.2.501"
},
"url": "Add an api key '--bc-api-key <api-key>' to see more detailed insights via https://bridgecrew.cloud"
},
{
"check_type": "gitlab_ci",
"results": {
"passed_checks": [
{
"check_id": "CKV_GITLABCI_1",
"bc_check_id": null,
"check_name": "Suspicious use of curl with CI environment variables in script",
"check_result": {
"result": "PASSED",
"results_configuration": {
"0": "ssh $VPS_USER@$VPS_IP \"docker login -u $CI_REGISTRY_USER -p $CI_REGISTRY_PASSWORD $CI_REGISTRY\"",
"__startline__": 25,
"__endline__": 25
}
},
"code_block": [
[
25,
" - ssh $VPS_USER@$VPS_IP \"docker login -u $CI_REGISTRY_USER -p $CI_REGISTRY_PASSWORD $CI_REGISTRY\"\n"
],
[
26,
" - ssh $VPS_USER@$VPS_IP \"docker pull $DOCKER_IMAGE\"\n"
]
],
"file_path": "/.gitlab-ci.yml",
"file_abs_path": "/scan/.gitlab-ci.yml",
"repo_file_path": "/.gitlab-ci.yml",
"file_line_range": [
25,
26
],
"resource": "deploy",
"evaluations": null,
"check_class": "checkov.gitlab_ci.checks.job.SuspectCurlInScript",
"fixed_definition": null,
"entity_tags": null,
"caller_file_path": null,
"caller_file_line_range": null,
"resource_address": null,
"severity": null,
"bc_category": null,
"benchmarks": null,
"description": null,
"short_description": null,
"vulnerability_details": null,
"connected_node": null,
"guideline": null,
"details": [],
"check_len": null,
"definition_context_file_path": null
},
{
"check_id": "CKV_GITLABCI_1",
"bc_check_id": null,
"check_name": "Suspicious use of curl with CI environment variables in script",
"check_result": {
"result": "PASSED",
"results_configuration": {
"0": "docker build -t $DOCKER_IMAGE .",
"__startline__": 15,
"__endline__": 15
}
},
"code_block": [
[
15,
" - docker build -t $DOCKER_IMAGE .\n"
],
[
16,
" - docker push $DOCKER_IMAGE\n"
]
],
"file_path": "/.gitlab-ci.yml",
"file_abs_path": "/scan/.gitlab-ci.yml",
"repo_file_path": "/.gitlab-ci.yml",
"file_line_range": [
15,
16
],
"resource": "build",
"evaluations": null,
"check_class": "checkov.gitlab_ci.checks.job.SuspectCurlInScript",
"fixed_definition": null,
"entity_tags": null,
"caller_file_path": null,
"caller_file_line_range": null,
"resource_address": null,
"severity": null,
"bc_category": null,
"benchmarks": null,
"description": null,
"short_description": null,
"vulnerability_details": null,
"connected_node": null,
"guideline": null,
"details": [],
"check_len": null,
"definition_context_file_path": null
},
{
"check_id": "CKV_GITLABCI_1",
"bc_check_id": null,
"check_name": "Suspicious use of curl with CI environment variables in script",
"check_result": {
"result": "PASSED",
"results_configuration": {
"0": "docker push $DOCKER_IMAGE",
"__startline__": 16,
"__endline__": 16
}
},
"code_block": [
[
16,
" - docker push $DOCKER_IMAGE\n"
],
[
17,
" only:\n"
]
],
"file_path": "/.gitlab-ci.yml",
"file_abs_path": "/scan/.gitlab-ci.yml",
"repo_file_path": "/.gitlab-ci.yml",
"file_line_range": [
16,
17
],
"resource": "build",
"evaluations": null,
"check_class": "checkov.gitlab_ci.checks.job.SuspectCurlInScript",
"fixed_definition": null,
"entity_tags": null,
"caller_file_path": null,
"caller_file_line_range": null,
"resource_address": null,
"severity": null,
"bc_category": null,
"benchmarks": null,
"description": null,
"short_description": null,
"vulnerability_details": null,
"connected_node": null,
"guideline": null,
"details": [],
"check_len": null,
"definition_context_file_path": null
},
{
"check_id": "CKV_GITLABCI_1",
"bc_check_id": null,
"check_name": "Suspicious use of curl with CI environment variables in script",
"check_result": {
"result": "PASSED",
"results_configuration": {
"0": "ssh $VPS_USER@$VPS_IP \"docker pull $DOCKER_IMAGE\"",
"__startline__": 26,
"__endline__": 26
}
},
"code_block": [
[
26,
" - ssh $VPS_USER@$VPS_IP \"docker pull $DOCKER_IMAGE\"\n"
],
[
27,
" - ssh $VPS_USER@$VPS_IP \"docker stop myapp || true\"\n"
]
],
"file_path": "/.gitlab-ci.yml",
"file_abs_path": "/scan/.gitlab-ci.yml",
"repo_file_path": "/.gitlab-ci.yml",
"file_line_range": [
26,
27
],
"resource": "deploy",
"evaluations": null,
"check_class": "checkov.gitlab_ci.checks.job.SuspectCurlInScript",
"fixed_definition": null,
"entity_tags": null,
"caller_file_path": null,
"caller_file_line_range": null,
"resource_address": null,
"severity": null,
"bc_category": null,
"benchmarks": null,
"description": null,
"short_description": null,
"vulnerability_details": null,
"connected_node": null,
"guideline": null,
"details": [],
"check_len": null,
"definition_context_file_path": null
},
{
"check_id": "CKV_GITLABCI_1",
"bc_check_id": null,
"check_name": "Suspicious use of curl with CI environment variables in script",
"check_result": {
"result": "PASSED",
"results_configuration": {
"0": "ssh $VPS_USER@$VPS_IP \"docker stop myapp || true\"",
"__startline__": 27,
"__endline__": 27
}
},
"code_block": [
[
27,
" - ssh $VPS_USER@$VPS_IP \"docker stop myapp || true\"\n"
],
[
28,
" - ssh $VPS_USER@$VPS_IP \"docker run -d --name myapp -p 80:3000 $DOCKER_IMAGE\""
]
],
"file_path": "/.gitlab-ci.yml",
"file_abs_path": "/scan/.gitlab-ci.yml",
"repo_file_path": "/.gitlab-ci.yml",
"file_line_range": [
27,
28
],
"resource": "deploy",
"evaluations": null,
"check_class": "checkov.gitlab_ci.checks.job.SuspectCurlInScript",
"fixed_definition": null,
"entity_tags": null,
"caller_file_path": null,
"caller_file_line_range": null,
"resource_address": null,
"severity": null,
"bc_category": null,
"benchmarks": null,
"description": null,
"short_description": null,
"vulnerability_details": null,
"connected_node": null,
"guideline": null,
"details": [],
"check_len": null,
"definition_context_file_path": null
},
{
"check_id": "CKV_GITLABCI_1",
"bc_check_id": null,
"check_name": "Suspicious use of curl with CI environment variables in script",
"check_result": {
"result": "PASSED",
"results_configuration": {
"0": "ssh $VPS_USER@$VPS_IP \"docker run -d --name myapp -p 80:3000 $DOCKER_IMAGE\"",
"__startline__": 28,
"__endline__": 28
}
},
"code_block": [
[
28,
" - ssh $VPS_USER@$VPS_IP \"docker run -d --name myapp -p 80:3000 $DOCKER_IMAGE\""
]
],
"file_path": "/.gitlab-ci.yml",
"file_abs_path": "/scan/.gitlab-ci.yml",
"repo_file_path": "/.gitlab-ci.yml",
"file_line_range": [
28,
29
],
"resource": "deploy",
"evaluations": null,
"check_class": "checkov.gitlab_ci.checks.job.SuspectCurlInScript",
"fixed_definition": null,
"entity_tags": null,
"caller_file_path": null,
"caller_file_line_range": null,
"resource_address": null,
"severity": null,
"bc_category": null,
"benchmarks": null,
"description": null,
"short_description": null,
"vulnerability_details": null,
"connected_node": null,
"guideline": null,
"details": [],
"check_len": null,
"definition_context_file_path": null
},
{
"check_id": "CKV_GITLABCI_3",
"bc_check_id": null,
"check_name": "Detecting image usages in gitlab workflows",
"check_result": {
"result": "PASSED",
"results_configuration": {
"0": "docker:24",
"__startline__": 10,
"__endline__": 10
}
},
"code_block": [
[
10,
" image: docker:24\n"
],
[
11,
" services:\n"
]
],
"file_path": "/.gitlab-ci.yml",
"file_abs_path": "/scan/.gitlab-ci.yml",
"repo_file_path": "/.gitlab-ci.yml",
"file_line_range": [
10,
11
],
"resource": "build",
"evaluations": null,
"check_class": "checkov.gitlab_ci.checks.job.DetectImagesUsage",
"fixed_definition": null,
"entity_tags": null,
"caller_file_path": null,
"caller_file_line_range": null,
"resource_address": null,
"severity": null,
"bc_category": null,
"benchmarks": null,
"description": null,
"short_description": null,
"vulnerability_details": null,
"connected_node": null,
"guideline": null,
"details": [],
"check_len": null,
"definition_context_file_path": null
},
{
"check_id": "CKV_GITLABCI_3",
"bc_check_id": null,
"check_name": "Detecting image usages in gitlab workflows",
"check_result": {
"result": "PASSED",
"results_configuration": {
"0": "docker:dind",
"__startline__": 12,
"__endline__": 12
}
},
"code_block": [
[
12,
" - docker:dind\n"
],
[
13,
" script:\n"
]
],
"file_path": "/.gitlab-ci.yml",
"file_abs_path": "/scan/.gitlab-ci.yml",
"repo_file_path": "/.gitlab-ci.yml",
"file_line_range": [
12,
13
],
"resource": "build",
"evaluations": null,
"check_class": "checkov.gitlab_ci.checks.job.DetectImagesUsage",
"fixed_definition": null,
"entity_tags": null,
"caller_file_path": null,
"caller_file_line_range": null,
"resource_address": null,
"severity": null,
"bc_category": null,
"benchmarks": null,
"description": null,
"short_description": null,
"vulnerability_details": null,
"connected_node": null,
"guideline": null,
"details": [],
"check_len": null,
"definition_context_file_path": null
}
],
"failed_checks": [],
"skipped_checks": [],
"parsing_errors": []
},
"summary": {
"passed": 8,
"failed": 0,
"skipped": 0,
"parsing_errors": 0,
"resource_count": 0,
"checkov_version": "3.2.501"
},
"url": "Add an api key '--bc-api-key <api-key>' to see more detailed insights via https://bridgecrew.cloud"
}
]