15121 lines
706 KiB
JSON
15121 lines
706 KiB
JSON
[
|
|
{
|
|
"check_type": "dockerfile",
|
|
"results": {
|
|
"passed_checks": [
|
|
{
|
|
"check_id": "CKV_DOCKER_9",
|
|
"bc_check_id": "BC_DKR_NETWORKING_1",
|
|
"check_name": "Ensure that APT isn't used",
|
|
"check_result": {
|
|
"result": "PASSED",
|
|
"results_configuration": null
|
|
},
|
|
"code_block": [
|
|
[
|
|
1,
|
|
"FROM node:20-bookworm AS builder\n"
|
|
],
|
|
[
|
|
2,
|
|
"\n"
|
|
],
|
|
[
|
|
3,
|
|
"WORKDIR /app\n"
|
|
],
|
|
[
|
|
4,
|
|
"\n"
|
|
],
|
|
[
|
|
5,
|
|
"RUN corepack enable && corepack prepare npm@10.5.0 --activate\n"
|
|
],
|
|
[
|
|
6,
|
|
"\n"
|
|
],
|
|
[
|
|
7,
|
|
"COPY package.json package-lock.json turbo.json tsconfig.base.json ./\n"
|
|
],
|
|
[
|
|
8,
|
|
"COPY apps ./apps\n"
|
|
],
|
|
[
|
|
9,
|
|
"COPY packages ./packages\n"
|
|
],
|
|
[
|
|
10,
|
|
"\n"
|
|
],
|
|
[
|
|
11,
|
|
"# NEXT_PUBLIC_* vars must be present at build time \u2014 they are inlined into JS bundles\n"
|
|
],
|
|
[
|
|
12,
|
|
"ARG NEXT_PUBLIC_API_URL\n"
|
|
],
|
|
[
|
|
13,
|
|
"ARG NEXT_PUBLIC_MARKETPLACE_URL\n"
|
|
],
|
|
[
|
|
14,
|
|
"ARG NEXT_PUBLIC_DASHBOARD_URL\n"
|
|
],
|
|
[
|
|
15,
|
|
"ARG NEXT_PUBLIC_ADMIN_URL\n"
|
|
],
|
|
[
|
|
16,
|
|
"ENV NEXT_PUBLIC_API_URL=$NEXT_PUBLIC_API_URL \\\n"
|
|
],
|
|
[
|
|
17,
|
|
" NEXT_PUBLIC_MARKETPLACE_URL=$NEXT_PUBLIC_MARKETPLACE_URL \\\n"
|
|
],
|
|
[
|
|
18,
|
|
" NEXT_PUBLIC_DASHBOARD_URL=$NEXT_PUBLIC_DASHBOARD_URL \\\n"
|
|
],
|
|
[
|
|
19,
|
|
" NEXT_PUBLIC_ADMIN_URL=$NEXT_PUBLIC_ADMIN_URL\n"
|
|
],
|
|
[
|
|
20,
|
|
"\n"
|
|
],
|
|
[
|
|
21,
|
|
"RUN npm install\n"
|
|
],
|
|
[
|
|
22,
|
|
"RUN npm run db:generate\n"
|
|
],
|
|
[
|
|
23,
|
|
"RUN npm run build\n"
|
|
],
|
|
[
|
|
24,
|
|
"\n"
|
|
],
|
|
[
|
|
25,
|
|
"FROM node:20-bookworm AS runner\n"
|
|
],
|
|
[
|
|
26,
|
|
"\n"
|
|
],
|
|
[
|
|
27,
|
|
"WORKDIR /app\n"
|
|
],
|
|
[
|
|
28,
|
|
"\n"
|
|
],
|
|
[
|
|
29,
|
|
"ENV NODE_ENV=production\n"
|
|
],
|
|
[
|
|
30,
|
|
"\n"
|
|
],
|
|
[
|
|
31,
|
|
"RUN corepack enable && corepack prepare npm@10.5.0 --activate\n"
|
|
],
|
|
[
|
|
32,
|
|
"\n"
|
|
],
|
|
[
|
|
33,
|
|
"COPY --from=builder /app/package.json /app/package-lock.json /app/turbo.json /app/tsconfig.base.json ./\n"
|
|
],
|
|
[
|
|
34,
|
|
"COPY --from=builder /app/node_modules ./node_modules\n"
|
|
],
|
|
[
|
|
35,
|
|
"COPY --from=builder /app/apps ./apps\n"
|
|
],
|
|
[
|
|
36,
|
|
"COPY --from=builder /app/packages ./packages\n"
|
|
],
|
|
[
|
|
37,
|
|
"\n"
|
|
],
|
|
[
|
|
38,
|
|
"EXPOSE 3000 3001 3002 4000\n"
|
|
],
|
|
[
|
|
39,
|
|
"\n"
|
|
],
|
|
[
|
|
40,
|
|
"CMD [\"npm\", \"run\", \"start\", \"--workspace\", \"@rentaldrivego/api\"]"
|
|
]
|
|
],
|
|
"file_path": "/Dockerfile.production",
|
|
"file_abs_path": "/scan/Dockerfile.production",
|
|
"repo_file_path": "/Dockerfile.production",
|
|
"file_line_range": [
|
|
1,
|
|
40
|
|
],
|
|
"resource": "/Dockerfile.production.",
|
|
"evaluations": null,
|
|
"check_class": "checkov.dockerfile.checks.RunUsingAPT",
|
|
"fixed_definition": null,
|
|
"entity_tags": null,
|
|
"caller_file_path": null,
|
|
"caller_file_line_range": null,
|
|
"resource_address": null,
|
|
"severity": null,
|
|
"bc_category": null,
|
|
"benchmarks": null,
|
|
"description": null,
|
|
"short_description": null,
|
|
"vulnerability_details": null,
|
|
"connected_node": null,
|
|
"guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-apt-is-not-used",
|
|
"details": [],
|
|
"check_len": null,
|
|
"definition_context_file_path": null
|
|
},
|
|
{
|
|
"check_id": "CKV_DOCKER_5",
|
|
"bc_check_id": "BC_DKR_4",
|
|
"check_name": "Ensure update instructions are not use alone in the Dockerfile",
|
|
"check_result": {
|
|
"result": "PASSED",
|
|
"results_configuration": null
|
|
},
|
|
"code_block": [
|
|
[
|
|
1,
|
|
"FROM node:20-bookworm AS builder\n"
|
|
],
|
|
[
|
|
2,
|
|
"\n"
|
|
],
|
|
[
|
|
3,
|
|
"WORKDIR /app\n"
|
|
],
|
|
[
|
|
4,
|
|
"\n"
|
|
],
|
|
[
|
|
5,
|
|
"RUN corepack enable && corepack prepare npm@10.5.0 --activate\n"
|
|
],
|
|
[
|
|
6,
|
|
"\n"
|
|
],
|
|
[
|
|
7,
|
|
"COPY package.json package-lock.json turbo.json tsconfig.base.json ./\n"
|
|
],
|
|
[
|
|
8,
|
|
"COPY apps ./apps\n"
|
|
],
|
|
[
|
|
9,
|
|
"COPY packages ./packages\n"
|
|
],
|
|
[
|
|
10,
|
|
"\n"
|
|
],
|
|
[
|
|
11,
|
|
"# NEXT_PUBLIC_* vars must be present at build time \u2014 they are inlined into JS bundles\n"
|
|
],
|
|
[
|
|
12,
|
|
"ARG NEXT_PUBLIC_API_URL\n"
|
|
],
|
|
[
|
|
13,
|
|
"ARG NEXT_PUBLIC_MARKETPLACE_URL\n"
|
|
],
|
|
[
|
|
14,
|
|
"ARG NEXT_PUBLIC_DASHBOARD_URL\n"
|
|
],
|
|
[
|
|
15,
|
|
"ARG NEXT_PUBLIC_ADMIN_URL\n"
|
|
],
|
|
[
|
|
16,
|
|
"ENV NEXT_PUBLIC_API_URL=$NEXT_PUBLIC_API_URL \\\n"
|
|
],
|
|
[
|
|
17,
|
|
" NEXT_PUBLIC_MARKETPLACE_URL=$NEXT_PUBLIC_MARKETPLACE_URL \\\n"
|
|
],
|
|
[
|
|
18,
|
|
" NEXT_PUBLIC_DASHBOARD_URL=$NEXT_PUBLIC_DASHBOARD_URL \\\n"
|
|
],
|
|
[
|
|
19,
|
|
" NEXT_PUBLIC_ADMIN_URL=$NEXT_PUBLIC_ADMIN_URL\n"
|
|
],
|
|
[
|
|
20,
|
|
"\n"
|
|
],
|
|
[
|
|
21,
|
|
"RUN npm install\n"
|
|
],
|
|
[
|
|
22,
|
|
"RUN npm run db:generate\n"
|
|
],
|
|
[
|
|
23,
|
|
"RUN npm run build\n"
|
|
],
|
|
[
|
|
24,
|
|
"\n"
|
|
],
|
|
[
|
|
25,
|
|
"FROM node:20-bookworm AS runner\n"
|
|
],
|
|
[
|
|
26,
|
|
"\n"
|
|
],
|
|
[
|
|
27,
|
|
"WORKDIR /app\n"
|
|
],
|
|
[
|
|
28,
|
|
"\n"
|
|
],
|
|
[
|
|
29,
|
|
"ENV NODE_ENV=production\n"
|
|
],
|
|
[
|
|
30,
|
|
"\n"
|
|
],
|
|
[
|
|
31,
|
|
"RUN corepack enable && corepack prepare npm@10.5.0 --activate\n"
|
|
],
|
|
[
|
|
32,
|
|
"\n"
|
|
],
|
|
[
|
|
33,
|
|
"COPY --from=builder /app/package.json /app/package-lock.json /app/turbo.json /app/tsconfig.base.json ./\n"
|
|
],
|
|
[
|
|
34,
|
|
"COPY --from=builder /app/node_modules ./node_modules\n"
|
|
],
|
|
[
|
|
35,
|
|
"COPY --from=builder /app/apps ./apps\n"
|
|
],
|
|
[
|
|
36,
|
|
"COPY --from=builder /app/packages ./packages\n"
|
|
],
|
|
[
|
|
37,
|
|
"\n"
|
|
],
|
|
[
|
|
38,
|
|
"EXPOSE 3000 3001 3002 4000\n"
|
|
],
|
|
[
|
|
39,
|
|
"\n"
|
|
],
|
|
[
|
|
40,
|
|
"CMD [\"npm\", \"run\", \"start\", \"--workspace\", \"@rentaldrivego/api\"]"
|
|
]
|
|
],
|
|
"file_path": "/Dockerfile.production",
|
|
"file_abs_path": "/scan/Dockerfile.production",
|
|
"repo_file_path": "/Dockerfile.production",
|
|
"file_line_range": [
|
|
1,
|
|
40
|
|
],
|
|
"resource": "/Dockerfile.production.",
|
|
"evaluations": null,
|
|
"check_class": "checkov.dockerfile.checks.UpdateNotAlone",
|
|
"fixed_definition": null,
|
|
"entity_tags": null,
|
|
"caller_file_path": null,
|
|
"caller_file_line_range": null,
|
|
"resource_address": null,
|
|
"severity": null,
|
|
"bc_category": null,
|
|
"benchmarks": null,
|
|
"description": null,
|
|
"short_description": null,
|
|
"vulnerability_details": null,
|
|
"connected_node": null,
|
|
"guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-update-instructions-are-not-used-alone-in-the-dockerfile",
|
|
"details": [],
|
|
"check_len": null,
|
|
"definition_context_file_path": null
|
|
},
|
|
{
|
|
"check_id": "CKV_DOCKER_11",
|
|
"bc_check_id": "BC_DKR_GENERAL_9",
|
|
"check_name": "Ensure From Alias are unique for multistage builds.",
|
|
"check_result": {
|
|
"result": "PASSED",
|
|
"results_configuration": null
|
|
},
|
|
"code_block": [
|
|
[
|
|
1,
|
|
"FROM node:20-bookworm AS builder\n"
|
|
],
|
|
[
|
|
2,
|
|
"\n"
|
|
],
|
|
[
|
|
3,
|
|
"WORKDIR /app\n"
|
|
],
|
|
[
|
|
4,
|
|
"\n"
|
|
],
|
|
[
|
|
5,
|
|
"RUN corepack enable && corepack prepare npm@10.5.0 --activate\n"
|
|
],
|
|
[
|
|
6,
|
|
"\n"
|
|
],
|
|
[
|
|
7,
|
|
"COPY package.json package-lock.json turbo.json tsconfig.base.json ./\n"
|
|
],
|
|
[
|
|
8,
|
|
"COPY apps ./apps\n"
|
|
],
|
|
[
|
|
9,
|
|
"COPY packages ./packages\n"
|
|
],
|
|
[
|
|
10,
|
|
"\n"
|
|
],
|
|
[
|
|
11,
|
|
"# NEXT_PUBLIC_* vars must be present at build time \u2014 they are inlined into JS bundles\n"
|
|
],
|
|
[
|
|
12,
|
|
"ARG NEXT_PUBLIC_API_URL\n"
|
|
],
|
|
[
|
|
13,
|
|
"ARG NEXT_PUBLIC_MARKETPLACE_URL\n"
|
|
],
|
|
[
|
|
14,
|
|
"ARG NEXT_PUBLIC_DASHBOARD_URL\n"
|
|
],
|
|
[
|
|
15,
|
|
"ARG NEXT_PUBLIC_ADMIN_URL\n"
|
|
],
|
|
[
|
|
16,
|
|
"ENV NEXT_PUBLIC_API_URL=$NEXT_PUBLIC_API_URL \\\n"
|
|
],
|
|
[
|
|
17,
|
|
" NEXT_PUBLIC_MARKETPLACE_URL=$NEXT_PUBLIC_MARKETPLACE_URL \\\n"
|
|
],
|
|
[
|
|
18,
|
|
" NEXT_PUBLIC_DASHBOARD_URL=$NEXT_PUBLIC_DASHBOARD_URL \\\n"
|
|
],
|
|
[
|
|
19,
|
|
" NEXT_PUBLIC_ADMIN_URL=$NEXT_PUBLIC_ADMIN_URL\n"
|
|
],
|
|
[
|
|
20,
|
|
"\n"
|
|
],
|
|
[
|
|
21,
|
|
"RUN npm install\n"
|
|
],
|
|
[
|
|
22,
|
|
"RUN npm run db:generate\n"
|
|
],
|
|
[
|
|
23,
|
|
"RUN npm run build\n"
|
|
],
|
|
[
|
|
24,
|
|
"\n"
|
|
],
|
|
[
|
|
25,
|
|
"FROM node:20-bookworm AS runner\n"
|
|
],
|
|
[
|
|
26,
|
|
"\n"
|
|
],
|
|
[
|
|
27,
|
|
"WORKDIR /app\n"
|
|
],
|
|
[
|
|
28,
|
|
"\n"
|
|
],
|
|
[
|
|
29,
|
|
"ENV NODE_ENV=production\n"
|
|
],
|
|
[
|
|
30,
|
|
"\n"
|
|
],
|
|
[
|
|
31,
|
|
"RUN corepack enable && corepack prepare npm@10.5.0 --activate\n"
|
|
],
|
|
[
|
|
32,
|
|
"\n"
|
|
],
|
|
[
|
|
33,
|
|
"COPY --from=builder /app/package.json /app/package-lock.json /app/turbo.json /app/tsconfig.base.json ./\n"
|
|
],
|
|
[
|
|
34,
|
|
"COPY --from=builder /app/node_modules ./node_modules\n"
|
|
],
|
|
[
|
|
35,
|
|
"COPY --from=builder /app/apps ./apps\n"
|
|
],
|
|
[
|
|
36,
|
|
"COPY --from=builder /app/packages ./packages\n"
|
|
],
|
|
[
|
|
37,
|
|
"\n"
|
|
],
|
|
[
|
|
38,
|
|
"EXPOSE 3000 3001 3002 4000\n"
|
|
],
|
|
[
|
|
39,
|
|
"\n"
|
|
],
|
|
[
|
|
40,
|
|
"CMD [\"npm\", \"run\", \"start\", \"--workspace\", \"@rentaldrivego/api\"]"
|
|
]
|
|
],
|
|
"file_path": "/Dockerfile.production",
|
|
"file_abs_path": "/scan/Dockerfile.production",
|
|
"repo_file_path": "/Dockerfile.production",
|
|
"file_line_range": [
|
|
1,
|
|
40
|
|
],
|
|
"resource": "/Dockerfile.production.",
|
|
"evaluations": null,
|
|
"check_class": "checkov.dockerfile.checks.AliasIsUnique",
|
|
"fixed_definition": null,
|
|
"entity_tags": null,
|
|
"caller_file_path": null,
|
|
"caller_file_line_range": null,
|
|
"resource_address": null,
|
|
"severity": null,
|
|
"bc_category": null,
|
|
"benchmarks": null,
|
|
"description": null,
|
|
"short_description": null,
|
|
"vulnerability_details": null,
|
|
"connected_node": null,
|
|
"guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-from-alias-is-unique-for-multistage-builds",
|
|
"details": [],
|
|
"check_len": null,
|
|
"definition_context_file_path": null
|
|
},
|
|
{
|
|
"check_id": "CKV_DOCKER_7",
|
|
"bc_check_id": "BC_DKR_7",
|
|
"check_name": "Ensure the base image uses a non latest version tag",
|
|
"check_result": {
|
|
"result": "PASSED",
|
|
"results_configuration": [
|
|
{
|
|
"instruction": "FROM",
|
|
"startline": 24,
|
|
"endline": 24,
|
|
"content": "FROM node:20-bookworm AS runner\n",
|
|
"value": "node:20-bookworm AS runner"
|
|
}
|
|
]
|
|
},
|
|
"code_block": [
|
|
[
|
|
25,
|
|
"FROM node:20-bookworm AS runner\n"
|
|
]
|
|
],
|
|
"file_path": "/Dockerfile.production",
|
|
"file_abs_path": "/scan/Dockerfile.production",
|
|
"repo_file_path": "/Dockerfile.production",
|
|
"file_line_range": [
|
|
25,
|
|
25
|
|
],
|
|
"resource": "/Dockerfile.production.FROM",
|
|
"evaluations": null,
|
|
"check_class": "checkov.dockerfile.checks.ReferenceLatestTag",
|
|
"fixed_definition": null,
|
|
"entity_tags": null,
|
|
"caller_file_path": null,
|
|
"caller_file_line_range": null,
|
|
"resource_address": null,
|
|
"severity": null,
|
|
"bc_category": null,
|
|
"benchmarks": null,
|
|
"description": null,
|
|
"short_description": null,
|
|
"vulnerability_details": null,
|
|
"connected_node": null,
|
|
"guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-the-base-image-uses-a-non-latest-version-tag",
|
|
"details": [],
|
|
"check_len": null,
|
|
"definition_context_file_path": null
|
|
},
|
|
{
|
|
"check_id": "CKV_DOCKER_1",
|
|
"bc_check_id": "BC_DKR_1",
|
|
"check_name": "Ensure port 22 is not exposed",
|
|
"check_result": {
|
|
"result": "PASSED",
|
|
"results_configuration": null
|
|
},
|
|
"code_block": [
|
|
[
|
|
1,
|
|
"FROM node:20-bookworm AS builder\n"
|
|
],
|
|
[
|
|
2,
|
|
"\n"
|
|
],
|
|
[
|
|
3,
|
|
"WORKDIR /app\n"
|
|
],
|
|
[
|
|
4,
|
|
"\n"
|
|
],
|
|
[
|
|
5,
|
|
"RUN corepack enable && corepack prepare npm@10.5.0 --activate\n"
|
|
],
|
|
[
|
|
6,
|
|
"\n"
|
|
],
|
|
[
|
|
7,
|
|
"COPY package.json package-lock.json turbo.json tsconfig.base.json ./\n"
|
|
],
|
|
[
|
|
8,
|
|
"COPY apps ./apps\n"
|
|
],
|
|
[
|
|
9,
|
|
"COPY packages ./packages\n"
|
|
],
|
|
[
|
|
10,
|
|
"\n"
|
|
],
|
|
[
|
|
11,
|
|
"# NEXT_PUBLIC_* vars must be present at build time \u2014 they are inlined into JS bundles\n"
|
|
],
|
|
[
|
|
12,
|
|
"ARG NEXT_PUBLIC_API_URL\n"
|
|
],
|
|
[
|
|
13,
|
|
"ARG NEXT_PUBLIC_MARKETPLACE_URL\n"
|
|
],
|
|
[
|
|
14,
|
|
"ARG NEXT_PUBLIC_DASHBOARD_URL\n"
|
|
],
|
|
[
|
|
15,
|
|
"ARG NEXT_PUBLIC_ADMIN_URL\n"
|
|
],
|
|
[
|
|
16,
|
|
"ENV NEXT_PUBLIC_API_URL=$NEXT_PUBLIC_API_URL \\\n"
|
|
],
|
|
[
|
|
17,
|
|
" NEXT_PUBLIC_MARKETPLACE_URL=$NEXT_PUBLIC_MARKETPLACE_URL \\\n"
|
|
],
|
|
[
|
|
18,
|
|
" NEXT_PUBLIC_DASHBOARD_URL=$NEXT_PUBLIC_DASHBOARD_URL \\\n"
|
|
],
|
|
[
|
|
19,
|
|
" NEXT_PUBLIC_ADMIN_URL=$NEXT_PUBLIC_ADMIN_URL\n"
|
|
],
|
|
[
|
|
20,
|
|
"\n"
|
|
],
|
|
[
|
|
21,
|
|
"RUN npm install\n"
|
|
],
|
|
[
|
|
22,
|
|
"RUN npm run db:generate\n"
|
|
],
|
|
[
|
|
23,
|
|
"RUN npm run build\n"
|
|
],
|
|
[
|
|
24,
|
|
"\n"
|
|
],
|
|
[
|
|
25,
|
|
"FROM node:20-bookworm AS runner\n"
|
|
],
|
|
[
|
|
26,
|
|
"\n"
|
|
],
|
|
[
|
|
27,
|
|
"WORKDIR /app\n"
|
|
],
|
|
[
|
|
28,
|
|
"\n"
|
|
],
|
|
[
|
|
29,
|
|
"ENV NODE_ENV=production\n"
|
|
],
|
|
[
|
|
30,
|
|
"\n"
|
|
],
|
|
[
|
|
31,
|
|
"RUN corepack enable && corepack prepare npm@10.5.0 --activate\n"
|
|
],
|
|
[
|
|
32,
|
|
"\n"
|
|
],
|
|
[
|
|
33,
|
|
"COPY --from=builder /app/package.json /app/package-lock.json /app/turbo.json /app/tsconfig.base.json ./\n"
|
|
],
|
|
[
|
|
34,
|
|
"COPY --from=builder /app/node_modules ./node_modules\n"
|
|
],
|
|
[
|
|
35,
|
|
"COPY --from=builder /app/apps ./apps\n"
|
|
],
|
|
[
|
|
36,
|
|
"COPY --from=builder /app/packages ./packages\n"
|
|
],
|
|
[
|
|
37,
|
|
"\n"
|
|
],
|
|
[
|
|
38,
|
|
"EXPOSE 3000 3001 3002 4000\n"
|
|
],
|
|
[
|
|
39,
|
|
"\n"
|
|
],
|
|
[
|
|
40,
|
|
"CMD [\"npm\", \"run\", \"start\", \"--workspace\", \"@rentaldrivego/api\"]"
|
|
]
|
|
],
|
|
"file_path": "/Dockerfile.production",
|
|
"file_abs_path": "/scan/Dockerfile.production",
|
|
"repo_file_path": "/Dockerfile.production",
|
|
"file_line_range": [
|
|
1,
|
|
40
|
|
],
|
|
"resource": "/Dockerfile.production.",
|
|
"evaluations": null,
|
|
"check_class": "checkov.dockerfile.checks.ExposePort22",
|
|
"fixed_definition": null,
|
|
"entity_tags": null,
|
|
"caller_file_path": null,
|
|
"caller_file_line_range": null,
|
|
"resource_address": null,
|
|
"severity": null,
|
|
"bc_category": null,
|
|
"benchmarks": null,
|
|
"description": null,
|
|
"short_description": null,
|
|
"vulnerability_details": null,
|
|
"connected_node": null,
|
|
"guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-port-22-is-not-exposed",
|
|
"details": [],
|
|
"check_len": null,
|
|
"definition_context_file_path": null
|
|
},
|
|
{
|
|
"check_id": "CKV_DOCKER_10",
|
|
"bc_check_id": "BC_DKR_GENERAL_10",
|
|
"check_name": "Ensure that WORKDIR values are absolute paths",
|
|
"check_result": {
|
|
"result": "PASSED",
|
|
"results_configuration": null
|
|
},
|
|
"code_block": [
|
|
[
|
|
1,
|
|
"FROM node:20-bookworm AS builder\n"
|
|
],
|
|
[
|
|
2,
|
|
"\n"
|
|
],
|
|
[
|
|
3,
|
|
"WORKDIR /app\n"
|
|
],
|
|
[
|
|
4,
|
|
"\n"
|
|
],
|
|
[
|
|
5,
|
|
"RUN corepack enable && corepack prepare npm@10.5.0 --activate\n"
|
|
],
|
|
[
|
|
6,
|
|
"\n"
|
|
],
|
|
[
|
|
7,
|
|
"COPY package.json package-lock.json turbo.json tsconfig.base.json ./\n"
|
|
],
|
|
[
|
|
8,
|
|
"COPY apps ./apps\n"
|
|
],
|
|
[
|
|
9,
|
|
"COPY packages ./packages\n"
|
|
],
|
|
[
|
|
10,
|
|
"\n"
|
|
],
|
|
[
|
|
11,
|
|
"# NEXT_PUBLIC_* vars must be present at build time \u2014 they are inlined into JS bundles\n"
|
|
],
|
|
[
|
|
12,
|
|
"ARG NEXT_PUBLIC_API_URL\n"
|
|
],
|
|
[
|
|
13,
|
|
"ARG NEXT_PUBLIC_MARKETPLACE_URL\n"
|
|
],
|
|
[
|
|
14,
|
|
"ARG NEXT_PUBLIC_DASHBOARD_URL\n"
|
|
],
|
|
[
|
|
15,
|
|
"ARG NEXT_PUBLIC_ADMIN_URL\n"
|
|
],
|
|
[
|
|
16,
|
|
"ENV NEXT_PUBLIC_API_URL=$NEXT_PUBLIC_API_URL \\\n"
|
|
],
|
|
[
|
|
17,
|
|
" NEXT_PUBLIC_MARKETPLACE_URL=$NEXT_PUBLIC_MARKETPLACE_URL \\\n"
|
|
],
|
|
[
|
|
18,
|
|
" NEXT_PUBLIC_DASHBOARD_URL=$NEXT_PUBLIC_DASHBOARD_URL \\\n"
|
|
],
|
|
[
|
|
19,
|
|
" NEXT_PUBLIC_ADMIN_URL=$NEXT_PUBLIC_ADMIN_URL\n"
|
|
],
|
|
[
|
|
20,
|
|
"\n"
|
|
],
|
|
[
|
|
21,
|
|
"RUN npm install\n"
|
|
],
|
|
[
|
|
22,
|
|
"RUN npm run db:generate\n"
|
|
],
|
|
[
|
|
23,
|
|
"RUN npm run build\n"
|
|
],
|
|
[
|
|
24,
|
|
"\n"
|
|
],
|
|
[
|
|
25,
|
|
"FROM node:20-bookworm AS runner\n"
|
|
],
|
|
[
|
|
26,
|
|
"\n"
|
|
],
|
|
[
|
|
27,
|
|
"WORKDIR /app\n"
|
|
],
|
|
[
|
|
28,
|
|
"\n"
|
|
],
|
|
[
|
|
29,
|
|
"ENV NODE_ENV=production\n"
|
|
],
|
|
[
|
|
30,
|
|
"\n"
|
|
],
|
|
[
|
|
31,
|
|
"RUN corepack enable && corepack prepare npm@10.5.0 --activate\n"
|
|
],
|
|
[
|
|
32,
|
|
"\n"
|
|
],
|
|
[
|
|
33,
|
|
"COPY --from=builder /app/package.json /app/package-lock.json /app/turbo.json /app/tsconfig.base.json ./\n"
|
|
],
|
|
[
|
|
34,
|
|
"COPY --from=builder /app/node_modules ./node_modules\n"
|
|
],
|
|
[
|
|
35,
|
|
"COPY --from=builder /app/apps ./apps\n"
|
|
],
|
|
[
|
|
36,
|
|
"COPY --from=builder /app/packages ./packages\n"
|
|
],
|
|
[
|
|
37,
|
|
"\n"
|
|
],
|
|
[
|
|
38,
|
|
"EXPOSE 3000 3001 3002 4000\n"
|
|
],
|
|
[
|
|
39,
|
|
"\n"
|
|
],
|
|
[
|
|
40,
|
|
"CMD [\"npm\", \"run\", \"start\", \"--workspace\", \"@rentaldrivego/api\"]"
|
|
]
|
|
],
|
|
"file_path": "/Dockerfile.production",
|
|
"file_abs_path": "/scan/Dockerfile.production",
|
|
"repo_file_path": "/Dockerfile.production",
|
|
"file_line_range": [
|
|
1,
|
|
40
|
|
],
|
|
"resource": "/Dockerfile.production.",
|
|
"evaluations": null,
|
|
"check_class": "checkov.dockerfile.checks.WorkdirIsAbsolute",
|
|
"fixed_definition": null,
|
|
"entity_tags": null,
|
|
"caller_file_path": null,
|
|
"caller_file_line_range": null,
|
|
"resource_address": null,
|
|
"severity": null,
|
|
"bc_category": null,
|
|
"benchmarks": null,
|
|
"description": null,
|
|
"short_description": null,
|
|
"vulnerability_details": null,
|
|
"connected_node": null,
|
|
"guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-workdir-values-are-absolute-paths",
|
|
"details": [],
|
|
"check_len": null,
|
|
"definition_context_file_path": null
|
|
},
|
|
{
|
|
"check_id": "CKV_DOCKER_9",
|
|
"bc_check_id": "BC_DKR_NETWORKING_1",
|
|
"check_name": "Ensure that APT isn't used",
|
|
"check_result": {
|
|
"result": "PASSED",
|
|
"results_configuration": null
|
|
},
|
|
"code_block": [
|
|
[
|
|
1,
|
|
"FROM node:20-bookworm\n"
|
|
],
|
|
[
|
|
2,
|
|
"\n"
|
|
],
|
|
[
|
|
3,
|
|
"WORKDIR /app\n"
|
|
],
|
|
[
|
|
4,
|
|
"\n"
|
|
],
|
|
[
|
|
5,
|
|
"RUN corepack enable && corepack prepare npm@10.5.0 --activate\n"
|
|
],
|
|
[
|
|
6,
|
|
"\n"
|
|
],
|
|
[
|
|
7,
|
|
"COPY package.json package-lock.json turbo.json tsconfig.base.json ./\n"
|
|
],
|
|
[
|
|
8,
|
|
"COPY apps ./apps\n"
|
|
],
|
|
[
|
|
9,
|
|
"COPY packages ./packages\n"
|
|
],
|
|
[
|
|
10,
|
|
"\n"
|
|
],
|
|
[
|
|
11,
|
|
"RUN npm install\n"
|
|
],
|
|
[
|
|
12,
|
|
"\n"
|
|
],
|
|
[
|
|
13,
|
|
"ENV NODE_ENV=test\n"
|
|
],
|
|
[
|
|
14,
|
|
"\n"
|
|
],
|
|
[
|
|
15,
|
|
"CMD [\"sh\", \"-c\", \"npm run db:deploy && npm run db:generate && npm run type-check && npm run build && npm run test:api:integration\"]"
|
|
]
|
|
],
|
|
"file_path": "/Dockerfile.test",
|
|
"file_abs_path": "/scan/Dockerfile.test",
|
|
"repo_file_path": "/Dockerfile.test",
|
|
"file_line_range": [
|
|
1,
|
|
15
|
|
],
|
|
"resource": "/Dockerfile.test.",
|
|
"evaluations": null,
|
|
"check_class": "checkov.dockerfile.checks.RunUsingAPT",
|
|
"fixed_definition": null,
|
|
"entity_tags": null,
|
|
"caller_file_path": null,
|
|
"caller_file_line_range": null,
|
|
"resource_address": null,
|
|
"severity": null,
|
|
"bc_category": null,
|
|
"benchmarks": null,
|
|
"description": null,
|
|
"short_description": null,
|
|
"vulnerability_details": null,
|
|
"connected_node": null,
|
|
"guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-apt-is-not-used",
|
|
"details": [],
|
|
"check_len": null,
|
|
"definition_context_file_path": null
|
|
},
|
|
{
|
|
"check_id": "CKV_DOCKER_5",
|
|
"bc_check_id": "BC_DKR_4",
|
|
"check_name": "Ensure update instructions are not use alone in the Dockerfile",
|
|
"check_result": {
|
|
"result": "PASSED",
|
|
"results_configuration": null
|
|
},
|
|
"code_block": [
|
|
[
|
|
1,
|
|
"FROM node:20-bookworm\n"
|
|
],
|
|
[
|
|
2,
|
|
"\n"
|
|
],
|
|
[
|
|
3,
|
|
"WORKDIR /app\n"
|
|
],
|
|
[
|
|
4,
|
|
"\n"
|
|
],
|
|
[
|
|
5,
|
|
"RUN corepack enable && corepack prepare npm@10.5.0 --activate\n"
|
|
],
|
|
[
|
|
6,
|
|
"\n"
|
|
],
|
|
[
|
|
7,
|
|
"COPY package.json package-lock.json turbo.json tsconfig.base.json ./\n"
|
|
],
|
|
[
|
|
8,
|
|
"COPY apps ./apps\n"
|
|
],
|
|
[
|
|
9,
|
|
"COPY packages ./packages\n"
|
|
],
|
|
[
|
|
10,
|
|
"\n"
|
|
],
|
|
[
|
|
11,
|
|
"RUN npm install\n"
|
|
],
|
|
[
|
|
12,
|
|
"\n"
|
|
],
|
|
[
|
|
13,
|
|
"ENV NODE_ENV=test\n"
|
|
],
|
|
[
|
|
14,
|
|
"\n"
|
|
],
|
|
[
|
|
15,
|
|
"CMD [\"sh\", \"-c\", \"npm run db:deploy && npm run db:generate && npm run type-check && npm run build && npm run test:api:integration\"]"
|
|
]
|
|
],
|
|
"file_path": "/Dockerfile.test",
|
|
"file_abs_path": "/scan/Dockerfile.test",
|
|
"repo_file_path": "/Dockerfile.test",
|
|
"file_line_range": [
|
|
1,
|
|
15
|
|
],
|
|
"resource": "/Dockerfile.test.",
|
|
"evaluations": null,
|
|
"check_class": "checkov.dockerfile.checks.UpdateNotAlone",
|
|
"fixed_definition": null,
|
|
"entity_tags": null,
|
|
"caller_file_path": null,
|
|
"caller_file_line_range": null,
|
|
"resource_address": null,
|
|
"severity": null,
|
|
"bc_category": null,
|
|
"benchmarks": null,
|
|
"description": null,
|
|
"short_description": null,
|
|
"vulnerability_details": null,
|
|
"connected_node": null,
|
|
"guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-update-instructions-are-not-used-alone-in-the-dockerfile",
|
|
"details": [],
|
|
"check_len": null,
|
|
"definition_context_file_path": null
|
|
},
|
|
{
|
|
"check_id": "CKV_DOCKER_11",
|
|
"bc_check_id": "BC_DKR_GENERAL_9",
|
|
"check_name": "Ensure From Alias are unique for multistage builds.",
|
|
"check_result": {
|
|
"result": "PASSED",
|
|
"results_configuration": null
|
|
},
|
|
"code_block": [
|
|
[
|
|
1,
|
|
"FROM node:20-bookworm\n"
|
|
],
|
|
[
|
|
2,
|
|
"\n"
|
|
],
|
|
[
|
|
3,
|
|
"WORKDIR /app\n"
|
|
],
|
|
[
|
|
4,
|
|
"\n"
|
|
],
|
|
[
|
|
5,
|
|
"RUN corepack enable && corepack prepare npm@10.5.0 --activate\n"
|
|
],
|
|
[
|
|
6,
|
|
"\n"
|
|
],
|
|
[
|
|
7,
|
|
"COPY package.json package-lock.json turbo.json tsconfig.base.json ./\n"
|
|
],
|
|
[
|
|
8,
|
|
"COPY apps ./apps\n"
|
|
],
|
|
[
|
|
9,
|
|
"COPY packages ./packages\n"
|
|
],
|
|
[
|
|
10,
|
|
"\n"
|
|
],
|
|
[
|
|
11,
|
|
"RUN npm install\n"
|
|
],
|
|
[
|
|
12,
|
|
"\n"
|
|
],
|
|
[
|
|
13,
|
|
"ENV NODE_ENV=test\n"
|
|
],
|
|
[
|
|
14,
|
|
"\n"
|
|
],
|
|
[
|
|
15,
|
|
"CMD [\"sh\", \"-c\", \"npm run db:deploy && npm run db:generate && npm run type-check && npm run build && npm run test:api:integration\"]"
|
|
]
|
|
],
|
|
"file_path": "/Dockerfile.test",
|
|
"file_abs_path": "/scan/Dockerfile.test",
|
|
"repo_file_path": "/Dockerfile.test",
|
|
"file_line_range": [
|
|
1,
|
|
15
|
|
],
|
|
"resource": "/Dockerfile.test.",
|
|
"evaluations": null,
|
|
"check_class": "checkov.dockerfile.checks.AliasIsUnique",
|
|
"fixed_definition": null,
|
|
"entity_tags": null,
|
|
"caller_file_path": null,
|
|
"caller_file_line_range": null,
|
|
"resource_address": null,
|
|
"severity": null,
|
|
"bc_category": null,
|
|
"benchmarks": null,
|
|
"description": null,
|
|
"short_description": null,
|
|
"vulnerability_details": null,
|
|
"connected_node": null,
|
|
"guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-from-alias-is-unique-for-multistage-builds",
|
|
"details": [],
|
|
"check_len": null,
|
|
"definition_context_file_path": null
|
|
},
|
|
{
|
|
"check_id": "CKV_DOCKER_7",
|
|
"bc_check_id": "BC_DKR_7",
|
|
"check_name": "Ensure the base image uses a non latest version tag",
|
|
"check_result": {
|
|
"result": "PASSED",
|
|
"results_configuration": [
|
|
{
|
|
"instruction": "FROM",
|
|
"startline": 0,
|
|
"endline": 0,
|
|
"content": "FROM node:20-bookworm\n",
|
|
"value": "node:20-bookworm"
|
|
}
|
|
]
|
|
},
|
|
"code_block": [
|
|
[
|
|
1,
|
|
"FROM node:20-bookworm\n"
|
|
]
|
|
],
|
|
"file_path": "/Dockerfile.test",
|
|
"file_abs_path": "/scan/Dockerfile.test",
|
|
"repo_file_path": "/Dockerfile.test",
|
|
"file_line_range": [
|
|
1,
|
|
1
|
|
],
|
|
"resource": "/Dockerfile.test.FROM",
|
|
"evaluations": null,
|
|
"check_class": "checkov.dockerfile.checks.ReferenceLatestTag",
|
|
"fixed_definition": null,
|
|
"entity_tags": null,
|
|
"caller_file_path": null,
|
|
"caller_file_line_range": null,
|
|
"resource_address": null,
|
|
"severity": null,
|
|
"bc_category": null,
|
|
"benchmarks": null,
|
|
"description": null,
|
|
"short_description": null,
|
|
"vulnerability_details": null,
|
|
"connected_node": null,
|
|
"guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-the-base-image-uses-a-non-latest-version-tag",
|
|
"details": [],
|
|
"check_len": null,
|
|
"definition_context_file_path": null
|
|
},
|
|
{
|
|
"check_id": "CKV_DOCKER_10",
|
|
"bc_check_id": "BC_DKR_GENERAL_10",
|
|
"check_name": "Ensure that WORKDIR values are absolute paths",
|
|
"check_result": {
|
|
"result": "PASSED",
|
|
"results_configuration": null
|
|
},
|
|
"code_block": [
|
|
[
|
|
1,
|
|
"FROM node:20-bookworm\n"
|
|
],
|
|
[
|
|
2,
|
|
"\n"
|
|
],
|
|
[
|
|
3,
|
|
"WORKDIR /app\n"
|
|
],
|
|
[
|
|
4,
|
|
"\n"
|
|
],
|
|
[
|
|
5,
|
|
"RUN corepack enable && corepack prepare npm@10.5.0 --activate\n"
|
|
],
|
|
[
|
|
6,
|
|
"\n"
|
|
],
|
|
[
|
|
7,
|
|
"COPY package.json package-lock.json turbo.json tsconfig.base.json ./\n"
|
|
],
|
|
[
|
|
8,
|
|
"COPY apps ./apps\n"
|
|
],
|
|
[
|
|
9,
|
|
"COPY packages ./packages\n"
|
|
],
|
|
[
|
|
10,
|
|
"\n"
|
|
],
|
|
[
|
|
11,
|
|
"RUN npm install\n"
|
|
],
|
|
[
|
|
12,
|
|
"\n"
|
|
],
|
|
[
|
|
13,
|
|
"ENV NODE_ENV=test\n"
|
|
],
|
|
[
|
|
14,
|
|
"\n"
|
|
],
|
|
[
|
|
15,
|
|
"CMD [\"sh\", \"-c\", \"npm run db:deploy && npm run db:generate && npm run type-check && npm run build && npm run test:api:integration\"]"
|
|
]
|
|
],
|
|
"file_path": "/Dockerfile.test",
|
|
"file_abs_path": "/scan/Dockerfile.test",
|
|
"repo_file_path": "/Dockerfile.test",
|
|
"file_line_range": [
|
|
1,
|
|
15
|
|
],
|
|
"resource": "/Dockerfile.test.",
|
|
"evaluations": null,
|
|
"check_class": "checkov.dockerfile.checks.WorkdirIsAbsolute",
|
|
"fixed_definition": null,
|
|
"entity_tags": null,
|
|
"caller_file_path": null,
|
|
"caller_file_line_range": null,
|
|
"resource_address": null,
|
|
"severity": null,
|
|
"bc_category": null,
|
|
"benchmarks": null,
|
|
"description": null,
|
|
"short_description": null,
|
|
"vulnerability_details": null,
|
|
"connected_node": null,
|
|
"guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-workdir-values-are-absolute-paths",
|
|
"details": [],
|
|
"check_len": null,
|
|
"definition_context_file_path": null
|
|
},
|
|
{
|
|
"check_id": "CKV_DOCKER_9",
|
|
"bc_check_id": "BC_DKR_NETWORKING_1",
|
|
"check_name": "Ensure that APT isn't used",
|
|
"check_result": {
|
|
"result": "PASSED",
|
|
"results_configuration": null
|
|
},
|
|
"code_block": [
|
|
[
|
|
1,
|
|
"FROM node:20-bookworm\n"
|
|
],
|
|
[
|
|
2,
|
|
"\n"
|
|
],
|
|
[
|
|
3,
|
|
"WORKDIR /app\n"
|
|
],
|
|
[
|
|
4,
|
|
"\n"
|
|
],
|
|
[
|
|
5,
|
|
"RUN npm install -g npm@10.5.0 --no-fund --no-audit\n"
|
|
],
|
|
[
|
|
6,
|
|
"\n"
|
|
],
|
|
[
|
|
7,
|
|
"COPY package.json package-lock.json turbo.json tsconfig.base.json ./\n"
|
|
],
|
|
[
|
|
8,
|
|
"COPY apps ./apps\n"
|
|
],
|
|
[
|
|
9,
|
|
"COPY packages ./packages\n"
|
|
],
|
|
[
|
|
10,
|
|
"\n"
|
|
],
|
|
[
|
|
11,
|
|
"RUN npm ci --no-fund --no-audit\n"
|
|
],
|
|
[
|
|
12,
|
|
"\n"
|
|
],
|
|
[
|
|
13,
|
|
"EXPOSE 3000 3001 3002 3003 4000\n"
|
|
],
|
|
[
|
|
14,
|
|
"\n"
|
|
],
|
|
[
|
|
15,
|
|
"CMD [\"sh\", \"-c\", \"npm run db:generate && npm run dev\"]"
|
|
]
|
|
],
|
|
"file_path": "/Dockerfile.dev",
|
|
"file_abs_path": "/scan/Dockerfile.dev",
|
|
"repo_file_path": "/Dockerfile.dev",
|
|
"file_line_range": [
|
|
1,
|
|
15
|
|
],
|
|
"resource": "/Dockerfile.dev.",
|
|
"evaluations": null,
|
|
"check_class": "checkov.dockerfile.checks.RunUsingAPT",
|
|
"fixed_definition": null,
|
|
"entity_tags": null,
|
|
"caller_file_path": null,
|
|
"caller_file_line_range": null,
|
|
"resource_address": null,
|
|
"severity": null,
|
|
"bc_category": null,
|
|
"benchmarks": null,
|
|
"description": null,
|
|
"short_description": null,
|
|
"vulnerability_details": null,
|
|
"connected_node": null,
|
|
"guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-apt-is-not-used",
|
|
"details": [],
|
|
"check_len": null,
|
|
"definition_context_file_path": null
|
|
},
|
|
{
|
|
"check_id": "CKV_DOCKER_5",
|
|
"bc_check_id": "BC_DKR_4",
|
|
"check_name": "Ensure update instructions are not use alone in the Dockerfile",
|
|
"check_result": {
|
|
"result": "PASSED",
|
|
"results_configuration": null
|
|
},
|
|
"code_block": [
|
|
[
|
|
1,
|
|
"FROM node:20-bookworm\n"
|
|
],
|
|
[
|
|
2,
|
|
"\n"
|
|
],
|
|
[
|
|
3,
|
|
"WORKDIR /app\n"
|
|
],
|
|
[
|
|
4,
|
|
"\n"
|
|
],
|
|
[
|
|
5,
|
|
"RUN npm install -g npm@10.5.0 --no-fund --no-audit\n"
|
|
],
|
|
[
|
|
6,
|
|
"\n"
|
|
],
|
|
[
|
|
7,
|
|
"COPY package.json package-lock.json turbo.json tsconfig.base.json ./\n"
|
|
],
|
|
[
|
|
8,
|
|
"COPY apps ./apps\n"
|
|
],
|
|
[
|
|
9,
|
|
"COPY packages ./packages\n"
|
|
],
|
|
[
|
|
10,
|
|
"\n"
|
|
],
|
|
[
|
|
11,
|
|
"RUN npm ci --no-fund --no-audit\n"
|
|
],
|
|
[
|
|
12,
|
|
"\n"
|
|
],
|
|
[
|
|
13,
|
|
"EXPOSE 3000 3001 3002 3003 4000\n"
|
|
],
|
|
[
|
|
14,
|
|
"\n"
|
|
],
|
|
[
|
|
15,
|
|
"CMD [\"sh\", \"-c\", \"npm run db:generate && npm run dev\"]"
|
|
]
|
|
],
|
|
"file_path": "/Dockerfile.dev",
|
|
"file_abs_path": "/scan/Dockerfile.dev",
|
|
"repo_file_path": "/Dockerfile.dev",
|
|
"file_line_range": [
|
|
1,
|
|
15
|
|
],
|
|
"resource": "/Dockerfile.dev.",
|
|
"evaluations": null,
|
|
"check_class": "checkov.dockerfile.checks.UpdateNotAlone",
|
|
"fixed_definition": null,
|
|
"entity_tags": null,
|
|
"caller_file_path": null,
|
|
"caller_file_line_range": null,
|
|
"resource_address": null,
|
|
"severity": null,
|
|
"bc_category": null,
|
|
"benchmarks": null,
|
|
"description": null,
|
|
"short_description": null,
|
|
"vulnerability_details": null,
|
|
"connected_node": null,
|
|
"guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-update-instructions-are-not-used-alone-in-the-dockerfile",
|
|
"details": [],
|
|
"check_len": null,
|
|
"definition_context_file_path": null
|
|
},
|
|
{
|
|
"check_id": "CKV_DOCKER_11",
|
|
"bc_check_id": "BC_DKR_GENERAL_9",
|
|
"check_name": "Ensure From Alias are unique for multistage builds.",
|
|
"check_result": {
|
|
"result": "PASSED",
|
|
"results_configuration": null
|
|
},
|
|
"code_block": [
|
|
[
|
|
1,
|
|
"FROM node:20-bookworm\n"
|
|
],
|
|
[
|
|
2,
|
|
"\n"
|
|
],
|
|
[
|
|
3,
|
|
"WORKDIR /app\n"
|
|
],
|
|
[
|
|
4,
|
|
"\n"
|
|
],
|
|
[
|
|
5,
|
|
"RUN npm install -g npm@10.5.0 --no-fund --no-audit\n"
|
|
],
|
|
[
|
|
6,
|
|
"\n"
|
|
],
|
|
[
|
|
7,
|
|
"COPY package.json package-lock.json turbo.json tsconfig.base.json ./\n"
|
|
],
|
|
[
|
|
8,
|
|
"COPY apps ./apps\n"
|
|
],
|
|
[
|
|
9,
|
|
"COPY packages ./packages\n"
|
|
],
|
|
[
|
|
10,
|
|
"\n"
|
|
],
|
|
[
|
|
11,
|
|
"RUN npm ci --no-fund --no-audit\n"
|
|
],
|
|
[
|
|
12,
|
|
"\n"
|
|
],
|
|
[
|
|
13,
|
|
"EXPOSE 3000 3001 3002 3003 4000\n"
|
|
],
|
|
[
|
|
14,
|
|
"\n"
|
|
],
|
|
[
|
|
15,
|
|
"CMD [\"sh\", \"-c\", \"npm run db:generate && npm run dev\"]"
|
|
]
|
|
],
|
|
"file_path": "/Dockerfile.dev",
|
|
"file_abs_path": "/scan/Dockerfile.dev",
|
|
"repo_file_path": "/Dockerfile.dev",
|
|
"file_line_range": [
|
|
1,
|
|
15
|
|
],
|
|
"resource": "/Dockerfile.dev.",
|
|
"evaluations": null,
|
|
"check_class": "checkov.dockerfile.checks.AliasIsUnique",
|
|
"fixed_definition": null,
|
|
"entity_tags": null,
|
|
"caller_file_path": null,
|
|
"caller_file_line_range": null,
|
|
"resource_address": null,
|
|
"severity": null,
|
|
"bc_category": null,
|
|
"benchmarks": null,
|
|
"description": null,
|
|
"short_description": null,
|
|
"vulnerability_details": null,
|
|
"connected_node": null,
|
|
"guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-from-alias-is-unique-for-multistage-builds",
|
|
"details": [],
|
|
"check_len": null,
|
|
"definition_context_file_path": null
|
|
},
|
|
{
|
|
"check_id": "CKV_DOCKER_7",
|
|
"bc_check_id": "BC_DKR_7",
|
|
"check_name": "Ensure the base image uses a non latest version tag",
|
|
"check_result": {
|
|
"result": "PASSED",
|
|
"results_configuration": [
|
|
{
|
|
"instruction": "FROM",
|
|
"startline": 0,
|
|
"endline": 0,
|
|
"content": "FROM node:20-bookworm\n",
|
|
"value": "node:20-bookworm"
|
|
}
|
|
]
|
|
},
|
|
"code_block": [
|
|
[
|
|
1,
|
|
"FROM node:20-bookworm\n"
|
|
]
|
|
],
|
|
"file_path": "/Dockerfile.dev",
|
|
"file_abs_path": "/scan/Dockerfile.dev",
|
|
"repo_file_path": "/Dockerfile.dev",
|
|
"file_line_range": [
|
|
1,
|
|
1
|
|
],
|
|
"resource": "/Dockerfile.dev.FROM",
|
|
"evaluations": null,
|
|
"check_class": "checkov.dockerfile.checks.ReferenceLatestTag",
|
|
"fixed_definition": null,
|
|
"entity_tags": null,
|
|
"caller_file_path": null,
|
|
"caller_file_line_range": null,
|
|
"resource_address": null,
|
|
"severity": null,
|
|
"bc_category": null,
|
|
"benchmarks": null,
|
|
"description": null,
|
|
"short_description": null,
|
|
"vulnerability_details": null,
|
|
"connected_node": null,
|
|
"guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-the-base-image-uses-a-non-latest-version-tag",
|
|
"details": [],
|
|
"check_len": null,
|
|
"definition_context_file_path": null
|
|
},
|
|
{
|
|
"check_id": "CKV_DOCKER_1",
|
|
"bc_check_id": "BC_DKR_1",
|
|
"check_name": "Ensure port 22 is not exposed",
|
|
"check_result": {
|
|
"result": "PASSED",
|
|
"results_configuration": null
|
|
},
|
|
"code_block": [
|
|
[
|
|
1,
|
|
"FROM node:20-bookworm\n"
|
|
],
|
|
[
|
|
2,
|
|
"\n"
|
|
],
|
|
[
|
|
3,
|
|
"WORKDIR /app\n"
|
|
],
|
|
[
|
|
4,
|
|
"\n"
|
|
],
|
|
[
|
|
5,
|
|
"RUN npm install -g npm@10.5.0 --no-fund --no-audit\n"
|
|
],
|
|
[
|
|
6,
|
|
"\n"
|
|
],
|
|
[
|
|
7,
|
|
"COPY package.json package-lock.json turbo.json tsconfig.base.json ./\n"
|
|
],
|
|
[
|
|
8,
|
|
"COPY apps ./apps\n"
|
|
],
|
|
[
|
|
9,
|
|
"COPY packages ./packages\n"
|
|
],
|
|
[
|
|
10,
|
|
"\n"
|
|
],
|
|
[
|
|
11,
|
|
"RUN npm ci --no-fund --no-audit\n"
|
|
],
|
|
[
|
|
12,
|
|
"\n"
|
|
],
|
|
[
|
|
13,
|
|
"EXPOSE 3000 3001 3002 3003 4000\n"
|
|
],
|
|
[
|
|
14,
|
|
"\n"
|
|
],
|
|
[
|
|
15,
|
|
"CMD [\"sh\", \"-c\", \"npm run db:generate && npm run dev\"]"
|
|
]
|
|
],
|
|
"file_path": "/Dockerfile.dev",
|
|
"file_abs_path": "/scan/Dockerfile.dev",
|
|
"repo_file_path": "/Dockerfile.dev",
|
|
"file_line_range": [
|
|
1,
|
|
15
|
|
],
|
|
"resource": "/Dockerfile.dev.",
|
|
"evaluations": null,
|
|
"check_class": "checkov.dockerfile.checks.ExposePort22",
|
|
"fixed_definition": null,
|
|
"entity_tags": null,
|
|
"caller_file_path": null,
|
|
"caller_file_line_range": null,
|
|
"resource_address": null,
|
|
"severity": null,
|
|
"bc_category": null,
|
|
"benchmarks": null,
|
|
"description": null,
|
|
"short_description": null,
|
|
"vulnerability_details": null,
|
|
"connected_node": null,
|
|
"guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-port-22-is-not-exposed",
|
|
"details": [],
|
|
"check_len": null,
|
|
"definition_context_file_path": null
|
|
},
|
|
{
|
|
"check_id": "CKV_DOCKER_10",
|
|
"bc_check_id": "BC_DKR_GENERAL_10",
|
|
"check_name": "Ensure that WORKDIR values are absolute paths",
|
|
"check_result": {
|
|
"result": "PASSED",
|
|
"results_configuration": null
|
|
},
|
|
"code_block": [
|
|
[
|
|
1,
|
|
"FROM node:20-bookworm\n"
|
|
],
|
|
[
|
|
2,
|
|
"\n"
|
|
],
|
|
[
|
|
3,
|
|
"WORKDIR /app\n"
|
|
],
|
|
[
|
|
4,
|
|
"\n"
|
|
],
|
|
[
|
|
5,
|
|
"RUN npm install -g npm@10.5.0 --no-fund --no-audit\n"
|
|
],
|
|
[
|
|
6,
|
|
"\n"
|
|
],
|
|
[
|
|
7,
|
|
"COPY package.json package-lock.json turbo.json tsconfig.base.json ./\n"
|
|
],
|
|
[
|
|
8,
|
|
"COPY apps ./apps\n"
|
|
],
|
|
[
|
|
9,
|
|
"COPY packages ./packages\n"
|
|
],
|
|
[
|
|
10,
|
|
"\n"
|
|
],
|
|
[
|
|
11,
|
|
"RUN npm ci --no-fund --no-audit\n"
|
|
],
|
|
[
|
|
12,
|
|
"\n"
|
|
],
|
|
[
|
|
13,
|
|
"EXPOSE 3000 3001 3002 3003 4000\n"
|
|
],
|
|
[
|
|
14,
|
|
"\n"
|
|
],
|
|
[
|
|
15,
|
|
"CMD [\"sh\", \"-c\", \"npm run db:generate && npm run dev\"]"
|
|
]
|
|
],
|
|
"file_path": "/Dockerfile.dev",
|
|
"file_abs_path": "/scan/Dockerfile.dev",
|
|
"repo_file_path": "/Dockerfile.dev",
|
|
"file_line_range": [
|
|
1,
|
|
15
|
|
],
|
|
"resource": "/Dockerfile.dev.",
|
|
"evaluations": null,
|
|
"check_class": "checkov.dockerfile.checks.WorkdirIsAbsolute",
|
|
"fixed_definition": null,
|
|
"entity_tags": null,
|
|
"caller_file_path": null,
|
|
"caller_file_line_range": null,
|
|
"resource_address": null,
|
|
"severity": null,
|
|
"bc_category": null,
|
|
"benchmarks": null,
|
|
"description": null,
|
|
"short_description": null,
|
|
"vulnerability_details": null,
|
|
"connected_node": null,
|
|
"guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-workdir-values-are-absolute-paths",
|
|
"details": [],
|
|
"check_len": null,
|
|
"definition_context_file_path": null
|
|
},
|
|
{
|
|
"check_id": "CKV2_DOCKER_1",
|
|
"bc_check_id": null,
|
|
"check_name": "Ensure that sudo isn't used",
|
|
"check_result": {
|
|
"result": "PASSED",
|
|
"entity": {
|
|
"block_name_": "RUN",
|
|
"block_type_": "resource",
|
|
"file_path_": "/Dockerfile.production",
|
|
"config_": {
|
|
"content": "RUN corepack enable && corepack prepare npm@10.5.0 --activate\n",
|
|
"value": "corepack enable && corepack prepare npm@10.5.0 --activate",
|
|
"__startline__": 4,
|
|
"__endline__": 4
|
|
},
|
|
"label_": "resource: RUN",
|
|
"id_": "RUN",
|
|
"source_": "Dockerfile",
|
|
"content": "RUN corepack enable && corepack prepare npm@10.5.0 --activate\n",
|
|
"value": "corepack enable && corepack prepare npm@10.5.0 --activate",
|
|
"__startline__": 4,
|
|
"__endline__": 4,
|
|
"resource_type": "RUN",
|
|
"hash": "dbd32b6bad6b728919787011f82d60c50d7b2d1c079f814de2b1640696c98816"
|
|
},
|
|
"evaluated_keys": [
|
|
"value"
|
|
]
|
|
},
|
|
"code_block": [
|
|
[
|
|
5,
|
|
"RUN corepack enable && corepack prepare npm@10.5.0 --activate\n"
|
|
]
|
|
],
|
|
"file_path": "/Dockerfile.production",
|
|
"file_abs_path": "/scan/Dockerfile.production",
|
|
"repo_file_path": "/Dockerfile.production",
|
|
"file_line_range": [
|
|
5,
|
|
5
|
|
],
|
|
"resource": "/Dockerfile.production.RUN",
|
|
"evaluations": null,
|
|
"check_class": "checkov.common.graph.checks_infra.base_check",
|
|
"fixed_definition": null,
|
|
"entity_tags": null,
|
|
"caller_file_path": null,
|
|
"caller_file_line_range": null,
|
|
"resource_address": null,
|
|
"severity": null,
|
|
"bc_category": null,
|
|
"benchmarks": null,
|
|
"description": null,
|
|
"short_description": null,
|
|
"vulnerability_details": null,
|
|
"connected_node": null,
|
|
"guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-dont-use-sudo",
|
|
"details": [],
|
|
"check_len": null,
|
|
"definition_context_file_path": null
|
|
},
|
|
{
|
|
"check_id": "CKV2_DOCKER_1",
|
|
"bc_check_id": null,
|
|
"check_name": "Ensure that sudo isn't used",
|
|
"check_result": {
|
|
"result": "PASSED",
|
|
"entity": {
|
|
"block_name_": "RUN",
|
|
"block_type_": "resource",
|
|
"file_path_": "/Dockerfile.production",
|
|
"config_": {
|
|
"content": "RUN npm install\n",
|
|
"value": "npm install",
|
|
"__startline__": 20,
|
|
"__endline__": 20
|
|
},
|
|
"label_": "resource: RUN",
|
|
"id_": "RUN",
|
|
"source_": "Dockerfile",
|
|
"content": "RUN npm install\n",
|
|
"value": "npm install",
|
|
"__startline__": 20,
|
|
"__endline__": 20,
|
|
"resource_type": "RUN",
|
|
"hash": "6979b14e6a853ac150ffef85c5e28fd49c956054ea2cb1d01440e13b17260c4a"
|
|
},
|
|
"evaluated_keys": [
|
|
"value"
|
|
]
|
|
},
|
|
"code_block": [
|
|
[
|
|
21,
|
|
"RUN npm install\n"
|
|
]
|
|
],
|
|
"file_path": "/Dockerfile.production",
|
|
"file_abs_path": "/scan/Dockerfile.production",
|
|
"repo_file_path": "/Dockerfile.production",
|
|
"file_line_range": [
|
|
21,
|
|
21
|
|
],
|
|
"resource": "/Dockerfile.production.RUN",
|
|
"evaluations": null,
|
|
"check_class": "checkov.common.graph.checks_infra.base_check",
|
|
"fixed_definition": null,
|
|
"entity_tags": null,
|
|
"caller_file_path": null,
|
|
"caller_file_line_range": null,
|
|
"resource_address": null,
|
|
"severity": null,
|
|
"bc_category": null,
|
|
"benchmarks": null,
|
|
"description": null,
|
|
"short_description": null,
|
|
"vulnerability_details": null,
|
|
"connected_node": null,
|
|
"guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-dont-use-sudo",
|
|
"details": [],
|
|
"check_len": null,
|
|
"definition_context_file_path": null
|
|
},
|
|
{
|
|
"check_id": "CKV2_DOCKER_1",
|
|
"bc_check_id": null,
|
|
"check_name": "Ensure that sudo isn't used",
|
|
"check_result": {
|
|
"result": "PASSED",
|
|
"entity": {
|
|
"block_name_": "RUN",
|
|
"block_type_": "resource",
|
|
"file_path_": "/Dockerfile.production",
|
|
"config_": {
|
|
"content": "RUN npm run db:generate\n",
|
|
"value": "npm run db:generate",
|
|
"__startline__": 21,
|
|
"__endline__": 21
|
|
},
|
|
"label_": "resource: RUN",
|
|
"id_": "RUN",
|
|
"source_": "Dockerfile",
|
|
"content": "RUN npm run db:generate\n",
|
|
"value": "npm run db:generate",
|
|
"__startline__": 21,
|
|
"__endline__": 21,
|
|
"resource_type": "RUN",
|
|
"hash": "c1f9cc0c42260bb0183d7e7b9ec2edab99837111ad42dbbdd7fad09ff3e37ab0"
|
|
},
|
|
"evaluated_keys": [
|
|
"value"
|
|
]
|
|
},
|
|
"code_block": [
|
|
[
|
|
22,
|
|
"RUN npm run db:generate\n"
|
|
]
|
|
],
|
|
"file_path": "/Dockerfile.production",
|
|
"file_abs_path": "/scan/Dockerfile.production",
|
|
"repo_file_path": "/Dockerfile.production",
|
|
"file_line_range": [
|
|
22,
|
|
22
|
|
],
|
|
"resource": "/Dockerfile.production.RUN",
|
|
"evaluations": null,
|
|
"check_class": "checkov.common.graph.checks_infra.base_check",
|
|
"fixed_definition": null,
|
|
"entity_tags": null,
|
|
"caller_file_path": null,
|
|
"caller_file_line_range": null,
|
|
"resource_address": null,
|
|
"severity": null,
|
|
"bc_category": null,
|
|
"benchmarks": null,
|
|
"description": null,
|
|
"short_description": null,
|
|
"vulnerability_details": null,
|
|
"connected_node": null,
|
|
"guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-dont-use-sudo",
|
|
"details": [],
|
|
"check_len": null,
|
|
"definition_context_file_path": null
|
|
},
|
|
{
|
|
"check_id": "CKV2_DOCKER_1",
|
|
"bc_check_id": null,
|
|
"check_name": "Ensure that sudo isn't used",
|
|
"check_result": {
|
|
"result": "PASSED",
|
|
"entity": {
|
|
"block_name_": "RUN",
|
|
"block_type_": "resource",
|
|
"file_path_": "/Dockerfile.production",
|
|
"config_": {
|
|
"content": "RUN npm run build\n",
|
|
"value": "npm run build",
|
|
"__startline__": 22,
|
|
"__endline__": 22
|
|
},
|
|
"label_": "resource: RUN",
|
|
"id_": "RUN",
|
|
"source_": "Dockerfile",
|
|
"content": "RUN npm run build\n",
|
|
"value": "npm run build",
|
|
"__startline__": 22,
|
|
"__endline__": 22,
|
|
"resource_type": "RUN",
|
|
"hash": "1bf185fb6038f1b491f2a2686de4dd9869ccdd9c3e34d2772cf43bd368377aa6"
|
|
},
|
|
"evaluated_keys": [
|
|
"value"
|
|
]
|
|
},
|
|
"code_block": [
|
|
[
|
|
23,
|
|
"RUN npm run build\n"
|
|
]
|
|
],
|
|
"file_path": "/Dockerfile.production",
|
|
"file_abs_path": "/scan/Dockerfile.production",
|
|
"repo_file_path": "/Dockerfile.production",
|
|
"file_line_range": [
|
|
23,
|
|
23
|
|
],
|
|
"resource": "/Dockerfile.production.RUN",
|
|
"evaluations": null,
|
|
"check_class": "checkov.common.graph.checks_infra.base_check",
|
|
"fixed_definition": null,
|
|
"entity_tags": null,
|
|
"caller_file_path": null,
|
|
"caller_file_line_range": null,
|
|
"resource_address": null,
|
|
"severity": null,
|
|
"bc_category": null,
|
|
"benchmarks": null,
|
|
"description": null,
|
|
"short_description": null,
|
|
"vulnerability_details": null,
|
|
"connected_node": null,
|
|
"guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-dont-use-sudo",
|
|
"details": [],
|
|
"check_len": null,
|
|
"definition_context_file_path": null
|
|
},
|
|
{
|
|
"check_id": "CKV2_DOCKER_1",
|
|
"bc_check_id": null,
|
|
"check_name": "Ensure that sudo isn't used",
|
|
"check_result": {
|
|
"result": "PASSED",
|
|
"entity": {
|
|
"block_name_": "RUN",
|
|
"block_type_": "resource",
|
|
"file_path_": "/Dockerfile.production",
|
|
"config_": {
|
|
"content": "RUN corepack enable && corepack prepare npm@10.5.0 --activate\n",
|
|
"value": "corepack enable && corepack prepare npm@10.5.0 --activate",
|
|
"__startline__": 30,
|
|
"__endline__": 30
|
|
},
|
|
"label_": "resource: RUN",
|
|
"id_": "RUN",
|
|
"source_": "Dockerfile",
|
|
"content": "RUN corepack enable && corepack prepare npm@10.5.0 --activate\n",
|
|
"value": "corepack enable && corepack prepare npm@10.5.0 --activate",
|
|
"__startline__": 30,
|
|
"__endline__": 30,
|
|
"resource_type": "RUN",
|
|
"hash": "01c88e306f7db45ae7136e3bdb63c4b15978dd024f6ed18210961fc3db3df382"
|
|
},
|
|
"evaluated_keys": [
|
|
"value"
|
|
]
|
|
},
|
|
"code_block": [
|
|
[
|
|
31,
|
|
"RUN corepack enable && corepack prepare npm@10.5.0 --activate\n"
|
|
]
|
|
],
|
|
"file_path": "/Dockerfile.production",
|
|
"file_abs_path": "/scan/Dockerfile.production",
|
|
"repo_file_path": "/Dockerfile.production",
|
|
"file_line_range": [
|
|
31,
|
|
31
|
|
],
|
|
"resource": "/Dockerfile.production.RUN",
|
|
"evaluations": null,
|
|
"check_class": "checkov.common.graph.checks_infra.base_check",
|
|
"fixed_definition": null,
|
|
"entity_tags": null,
|
|
"caller_file_path": null,
|
|
"caller_file_line_range": null,
|
|
"resource_address": null,
|
|
"severity": null,
|
|
"bc_category": null,
|
|
"benchmarks": null,
|
|
"description": null,
|
|
"short_description": null,
|
|
"vulnerability_details": null,
|
|
"connected_node": null,
|
|
"guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-dont-use-sudo",
|
|
"details": [],
|
|
"check_len": null,
|
|
"definition_context_file_path": null
|
|
},
|
|
{
|
|
"check_id": "CKV2_DOCKER_1",
|
|
"bc_check_id": null,
|
|
"check_name": "Ensure that sudo isn't used",
|
|
"check_result": {
|
|
"result": "PASSED",
|
|
"entity": {
|
|
"block_name_": "RUN",
|
|
"block_type_": "resource",
|
|
"file_path_": "/Dockerfile.test",
|
|
"config_": {
|
|
"content": "RUN corepack enable && corepack prepare npm@10.5.0 --activate\n",
|
|
"value": "corepack enable && corepack prepare npm@10.5.0 --activate",
|
|
"__startline__": 4,
|
|
"__endline__": 4
|
|
},
|
|
"label_": "resource: RUN",
|
|
"id_": "RUN",
|
|
"source_": "Dockerfile",
|
|
"content": "RUN corepack enable && corepack prepare npm@10.5.0 --activate\n",
|
|
"value": "corepack enable && corepack prepare npm@10.5.0 --activate",
|
|
"__startline__": 4,
|
|
"__endline__": 4,
|
|
"resource_type": "RUN",
|
|
"hash": "1d5fb0a211498b8baf37e5744578ad03459da7798534298981f23fdefb7eb757"
|
|
},
|
|
"evaluated_keys": [
|
|
"value"
|
|
]
|
|
},
|
|
"code_block": [
|
|
[
|
|
5,
|
|
"RUN corepack enable && corepack prepare npm@10.5.0 --activate\n"
|
|
]
|
|
],
|
|
"file_path": "/Dockerfile.test",
|
|
"file_abs_path": "/scan/Dockerfile.test",
|
|
"repo_file_path": "/Dockerfile.test",
|
|
"file_line_range": [
|
|
5,
|
|
5
|
|
],
|
|
"resource": "/Dockerfile.test.RUN",
|
|
"evaluations": null,
|
|
"check_class": "checkov.common.graph.checks_infra.base_check",
|
|
"fixed_definition": null,
|
|
"entity_tags": null,
|
|
"caller_file_path": null,
|
|
"caller_file_line_range": null,
|
|
"resource_address": null,
|
|
"severity": null,
|
|
"bc_category": null,
|
|
"benchmarks": null,
|
|
"description": null,
|
|
"short_description": null,
|
|
"vulnerability_details": null,
|
|
"connected_node": null,
|
|
"guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-dont-use-sudo",
|
|
"details": [],
|
|
"check_len": null,
|
|
"definition_context_file_path": null
|
|
},
|
|
{
|
|
"check_id": "CKV2_DOCKER_1",
|
|
"bc_check_id": null,
|
|
"check_name": "Ensure that sudo isn't used",
|
|
"check_result": {
|
|
"result": "PASSED",
|
|
"entity": {
|
|
"block_name_": "RUN",
|
|
"block_type_": "resource",
|
|
"file_path_": "/Dockerfile.test",
|
|
"config_": {
|
|
"content": "RUN npm install\n",
|
|
"value": "npm install",
|
|
"__startline__": 10,
|
|
"__endline__": 10
|
|
},
|
|
"label_": "resource: RUN",
|
|
"id_": "RUN",
|
|
"source_": "Dockerfile",
|
|
"content": "RUN npm install\n",
|
|
"value": "npm install",
|
|
"__startline__": 10,
|
|
"__endline__": 10,
|
|
"resource_type": "RUN",
|
|
"hash": "fb809e4860a3131df821aea9480445cc6e2f66dd52744dab5f3d2ef5b2848436"
|
|
},
|
|
"evaluated_keys": [
|
|
"value"
|
|
]
|
|
},
|
|
"code_block": [
|
|
[
|
|
11,
|
|
"RUN npm install\n"
|
|
]
|
|
],
|
|
"file_path": "/Dockerfile.test",
|
|
"file_abs_path": "/scan/Dockerfile.test",
|
|
"repo_file_path": "/Dockerfile.test",
|
|
"file_line_range": [
|
|
11,
|
|
11
|
|
],
|
|
"resource": "/Dockerfile.test.RUN",
|
|
"evaluations": null,
|
|
"check_class": "checkov.common.graph.checks_infra.base_check",
|
|
"fixed_definition": null,
|
|
"entity_tags": null,
|
|
"caller_file_path": null,
|
|
"caller_file_line_range": null,
|
|
"resource_address": null,
|
|
"severity": null,
|
|
"bc_category": null,
|
|
"benchmarks": null,
|
|
"description": null,
|
|
"short_description": null,
|
|
"vulnerability_details": null,
|
|
"connected_node": null,
|
|
"guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-dont-use-sudo",
|
|
"details": [],
|
|
"check_len": null,
|
|
"definition_context_file_path": null
|
|
},
|
|
{
|
|
"check_id": "CKV2_DOCKER_1",
|
|
"bc_check_id": null,
|
|
"check_name": "Ensure that sudo isn't used",
|
|
"check_result": {
|
|
"result": "PASSED",
|
|
"entity": {
|
|
"block_name_": "RUN",
|
|
"block_type_": "resource",
|
|
"file_path_": "/Dockerfile.dev",
|
|
"config_": {
|
|
"content": "RUN npm install -g npm@10.5.0 --no-fund --no-audit\n",
|
|
"value": "npm install -g npm@10.5.0 --no-fund --no-audit",
|
|
"__startline__": 4,
|
|
"__endline__": 4
|
|
},
|
|
"label_": "resource: RUN",
|
|
"id_": "RUN",
|
|
"source_": "Dockerfile",
|
|
"content": "RUN npm install -g npm@10.5.0 --no-fund --no-audit\n",
|
|
"value": "npm install -g npm@10.5.0 --no-fund --no-audit",
|
|
"__startline__": 4,
|
|
"__endline__": 4,
|
|
"resource_type": "RUN",
|
|
"hash": "435bba968d1d0b4c410ea33851637829a16b2ad878f0b9531a737c7a444f91b9"
|
|
},
|
|
"evaluated_keys": [
|
|
"value"
|
|
]
|
|
},
|
|
"code_block": [
|
|
[
|
|
5,
|
|
"RUN npm install -g npm@10.5.0 --no-fund --no-audit\n"
|
|
]
|
|
],
|
|
"file_path": "/Dockerfile.dev",
|
|
"file_abs_path": "/scan/Dockerfile.dev",
|
|
"repo_file_path": "/Dockerfile.dev",
|
|
"file_line_range": [
|
|
5,
|
|
5
|
|
],
|
|
"resource": "/Dockerfile.dev.RUN",
|
|
"evaluations": null,
|
|
"check_class": "checkov.common.graph.checks_infra.base_check",
|
|
"fixed_definition": null,
|
|
"entity_tags": null,
|
|
"caller_file_path": null,
|
|
"caller_file_line_range": null,
|
|
"resource_address": null,
|
|
"severity": null,
|
|
"bc_category": null,
|
|
"benchmarks": null,
|
|
"description": null,
|
|
"short_description": null,
|
|
"vulnerability_details": null,
|
|
"connected_node": null,
|
|
"guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-dont-use-sudo",
|
|
"details": [],
|
|
"check_len": null,
|
|
"definition_context_file_path": null
|
|
},
|
|
{
|
|
"check_id": "CKV2_DOCKER_1",
|
|
"bc_check_id": null,
|
|
"check_name": "Ensure that sudo isn't used",
|
|
"check_result": {
|
|
"result": "PASSED",
|
|
"entity": {
|
|
"block_name_": "RUN",
|
|
"block_type_": "resource",
|
|
"file_path_": "/Dockerfile.dev",
|
|
"config_": {
|
|
"content": "RUN npm ci --no-fund --no-audit\n",
|
|
"value": "npm ci --no-fund --no-audit",
|
|
"__startline__": 10,
|
|
"__endline__": 10
|
|
},
|
|
"label_": "resource: RUN",
|
|
"id_": "RUN",
|
|
"source_": "Dockerfile",
|
|
"content": "RUN npm ci --no-fund --no-audit\n",
|
|
"value": "npm ci --no-fund --no-audit",
|
|
"__startline__": 10,
|
|
"__endline__": 10,
|
|
"resource_type": "RUN",
|
|
"hash": "57abb1bbe03890ab19f47e5f96b9cbcee02aab65f6980d523df42faf41b709fa"
|
|
},
|
|
"evaluated_keys": [
|
|
"value"
|
|
]
|
|
},
|
|
"code_block": [
|
|
[
|
|
11,
|
|
"RUN npm ci --no-fund --no-audit\n"
|
|
]
|
|
],
|
|
"file_path": "/Dockerfile.dev",
|
|
"file_abs_path": "/scan/Dockerfile.dev",
|
|
"repo_file_path": "/Dockerfile.dev",
|
|
"file_line_range": [
|
|
11,
|
|
11
|
|
],
|
|
"resource": "/Dockerfile.dev.RUN",
|
|
"evaluations": null,
|
|
"check_class": "checkov.common.graph.checks_infra.base_check",
|
|
"fixed_definition": null,
|
|
"entity_tags": null,
|
|
"caller_file_path": null,
|
|
"caller_file_line_range": null,
|
|
"resource_address": null,
|
|
"severity": null,
|
|
"bc_category": null,
|
|
"benchmarks": null,
|
|
"description": null,
|
|
"short_description": null,
|
|
"vulnerability_details": null,
|
|
"connected_node": null,
|
|
"guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-dont-use-sudo",
|
|
"details": [],
|
|
"check_len": null,
|
|
"definition_context_file_path": null
|
|
},
|
|
{
|
|
"check_id": "CKV2_DOCKER_16",
|
|
"bc_check_id": null,
|
|
"check_name": "Ensure that certificate validation isn't disabled with pip via the 'PIP_TRUSTED_HOST' environment variable",
|
|
"check_result": {
|
|
"result": "PASSED",
|
|
"entity": {
|
|
"block_name_": "RUN",
|
|
"block_type_": "resource",
|
|
"file_path_": "/Dockerfile.production",
|
|
"config_": {
|
|
"content": "RUN corepack enable && corepack prepare npm@10.5.0 --activate\n",
|
|
"value": "corepack enable && corepack prepare npm@10.5.0 --activate",
|
|
"__startline__": 4,
|
|
"__endline__": 4
|
|
},
|
|
"label_": "resource: RUN",
|
|
"id_": "RUN",
|
|
"source_": "Dockerfile",
|
|
"content": "RUN corepack enable && corepack prepare npm@10.5.0 --activate\n",
|
|
"value": "corepack enable && corepack prepare npm@10.5.0 --activate",
|
|
"__startline__": 4,
|
|
"__endline__": 4,
|
|
"resource_type": "RUN",
|
|
"hash": "dbd32b6bad6b728919787011f82d60c50d7b2d1c079f814de2b1640696c98816"
|
|
},
|
|
"evaluated_keys": [
|
|
"value"
|
|
]
|
|
},
|
|
"code_block": [
|
|
[
|
|
5,
|
|
"RUN corepack enable && corepack prepare npm@10.5.0 --activate\n"
|
|
]
|
|
],
|
|
"file_path": "/Dockerfile.production",
|
|
"file_abs_path": "/scan/Dockerfile.production",
|
|
"repo_file_path": "/Dockerfile.production",
|
|
"file_line_range": [
|
|
5,
|
|
5
|
|
],
|
|
"resource": "/Dockerfile.production.RUN",
|
|
"evaluations": null,
|
|
"check_class": "checkov.common.graph.checks_infra.base_check",
|
|
"fixed_definition": null,
|
|
"entity_tags": null,
|
|
"caller_file_path": null,
|
|
"caller_file_line_range": null,
|
|
"resource_address": null,
|
|
"severity": null,
|
|
"bc_category": null,
|
|
"benchmarks": null,
|
|
"description": null,
|
|
"short_description": null,
|
|
"vulnerability_details": null,
|
|
"connected_node": null,
|
|
"guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-pip-trusted-host",
|
|
"details": [],
|
|
"check_len": null,
|
|
"definition_context_file_path": null
|
|
},
|
|
{
|
|
"check_id": "CKV2_DOCKER_16",
|
|
"bc_check_id": null,
|
|
"check_name": "Ensure that certificate validation isn't disabled with pip via the 'PIP_TRUSTED_HOST' environment variable",
|
|
"check_result": {
|
|
"result": "PASSED",
|
|
"entity": {
|
|
"block_name_": "RUN",
|
|
"block_type_": "resource",
|
|
"file_path_": "/Dockerfile.production",
|
|
"config_": {
|
|
"content": "RUN npm install\n",
|
|
"value": "npm install",
|
|
"__startline__": 20,
|
|
"__endline__": 20
|
|
},
|
|
"label_": "resource: RUN",
|
|
"id_": "RUN",
|
|
"source_": "Dockerfile",
|
|
"content": "RUN npm install\n",
|
|
"value": "npm install",
|
|
"__startline__": 20,
|
|
"__endline__": 20,
|
|
"resource_type": "RUN",
|
|
"hash": "6979b14e6a853ac150ffef85c5e28fd49c956054ea2cb1d01440e13b17260c4a"
|
|
},
|
|
"evaluated_keys": [
|
|
"value"
|
|
]
|
|
},
|
|
"code_block": [
|
|
[
|
|
21,
|
|
"RUN npm install\n"
|
|
]
|
|
],
|
|
"file_path": "/Dockerfile.production",
|
|
"file_abs_path": "/scan/Dockerfile.production",
|
|
"repo_file_path": "/Dockerfile.production",
|
|
"file_line_range": [
|
|
21,
|
|
21
|
|
],
|
|
"resource": "/Dockerfile.production.RUN",
|
|
"evaluations": null,
|
|
"check_class": "checkov.common.graph.checks_infra.base_check",
|
|
"fixed_definition": null,
|
|
"entity_tags": null,
|
|
"caller_file_path": null,
|
|
"caller_file_line_range": null,
|
|
"resource_address": null,
|
|
"severity": null,
|
|
"bc_category": null,
|
|
"benchmarks": null,
|
|
"description": null,
|
|
"short_description": null,
|
|
"vulnerability_details": null,
|
|
"connected_node": null,
|
|
"guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-pip-trusted-host",
|
|
"details": [],
|
|
"check_len": null,
|
|
"definition_context_file_path": null
|
|
},
|
|
{
|
|
"check_id": "CKV2_DOCKER_16",
|
|
"bc_check_id": null,
|
|
"check_name": "Ensure that certificate validation isn't disabled with pip via the 'PIP_TRUSTED_HOST' environment variable",
|
|
"check_result": {
|
|
"result": "PASSED",
|
|
"entity": {
|
|
"block_name_": "RUN",
|
|
"block_type_": "resource",
|
|
"file_path_": "/Dockerfile.production",
|
|
"config_": {
|
|
"content": "RUN npm run db:generate\n",
|
|
"value": "npm run db:generate",
|
|
"__startline__": 21,
|
|
"__endline__": 21
|
|
},
|
|
"label_": "resource: RUN",
|
|
"id_": "RUN",
|
|
"source_": "Dockerfile",
|
|
"content": "RUN npm run db:generate\n",
|
|
"value": "npm run db:generate",
|
|
"__startline__": 21,
|
|
"__endline__": 21,
|
|
"resource_type": "RUN",
|
|
"hash": "c1f9cc0c42260bb0183d7e7b9ec2edab99837111ad42dbbdd7fad09ff3e37ab0"
|
|
},
|
|
"evaluated_keys": [
|
|
"value"
|
|
]
|
|
},
|
|
"code_block": [
|
|
[
|
|
22,
|
|
"RUN npm run db:generate\n"
|
|
]
|
|
],
|
|
"file_path": "/Dockerfile.production",
|
|
"file_abs_path": "/scan/Dockerfile.production",
|
|
"repo_file_path": "/Dockerfile.production",
|
|
"file_line_range": [
|
|
22,
|
|
22
|
|
],
|
|
"resource": "/Dockerfile.production.RUN",
|
|
"evaluations": null,
|
|
"check_class": "checkov.common.graph.checks_infra.base_check",
|
|
"fixed_definition": null,
|
|
"entity_tags": null,
|
|
"caller_file_path": null,
|
|
"caller_file_line_range": null,
|
|
"resource_address": null,
|
|
"severity": null,
|
|
"bc_category": null,
|
|
"benchmarks": null,
|
|
"description": null,
|
|
"short_description": null,
|
|
"vulnerability_details": null,
|
|
"connected_node": null,
|
|
"guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-pip-trusted-host",
|
|
"details": [],
|
|
"check_len": null,
|
|
"definition_context_file_path": null
|
|
},
|
|
{
|
|
"check_id": "CKV2_DOCKER_16",
|
|
"bc_check_id": null,
|
|
"check_name": "Ensure that certificate validation isn't disabled with pip via the 'PIP_TRUSTED_HOST' environment variable",
|
|
"check_result": {
|
|
"result": "PASSED",
|
|
"entity": {
|
|
"block_name_": "RUN",
|
|
"block_type_": "resource",
|
|
"file_path_": "/Dockerfile.production",
|
|
"config_": {
|
|
"content": "RUN npm run build\n",
|
|
"value": "npm run build",
|
|
"__startline__": 22,
|
|
"__endline__": 22
|
|
},
|
|
"label_": "resource: RUN",
|
|
"id_": "RUN",
|
|
"source_": "Dockerfile",
|
|
"content": "RUN npm run build\n",
|
|
"value": "npm run build",
|
|
"__startline__": 22,
|
|
"__endline__": 22,
|
|
"resource_type": "RUN",
|
|
"hash": "1bf185fb6038f1b491f2a2686de4dd9869ccdd9c3e34d2772cf43bd368377aa6"
|
|
},
|
|
"evaluated_keys": [
|
|
"value"
|
|
]
|
|
},
|
|
"code_block": [
|
|
[
|
|
23,
|
|
"RUN npm run build\n"
|
|
]
|
|
],
|
|
"file_path": "/Dockerfile.production",
|
|
"file_abs_path": "/scan/Dockerfile.production",
|
|
"repo_file_path": "/Dockerfile.production",
|
|
"file_line_range": [
|
|
23,
|
|
23
|
|
],
|
|
"resource": "/Dockerfile.production.RUN",
|
|
"evaluations": null,
|
|
"check_class": "checkov.common.graph.checks_infra.base_check",
|
|
"fixed_definition": null,
|
|
"entity_tags": null,
|
|
"caller_file_path": null,
|
|
"caller_file_line_range": null,
|
|
"resource_address": null,
|
|
"severity": null,
|
|
"bc_category": null,
|
|
"benchmarks": null,
|
|
"description": null,
|
|
"short_description": null,
|
|
"vulnerability_details": null,
|
|
"connected_node": null,
|
|
"guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-pip-trusted-host",
|
|
"details": [],
|
|
"check_len": null,
|
|
"definition_context_file_path": null
|
|
},
|
|
{
|
|
"check_id": "CKV2_DOCKER_16",
|
|
"bc_check_id": null,
|
|
"check_name": "Ensure that certificate validation isn't disabled with pip via the 'PIP_TRUSTED_HOST' environment variable",
|
|
"check_result": {
|
|
"result": "PASSED",
|
|
"entity": {
|
|
"block_name_": "RUN",
|
|
"block_type_": "resource",
|
|
"file_path_": "/Dockerfile.production",
|
|
"config_": {
|
|
"content": "RUN corepack enable && corepack prepare npm@10.5.0 --activate\n",
|
|
"value": "corepack enable && corepack prepare npm@10.5.0 --activate",
|
|
"__startline__": 30,
|
|
"__endline__": 30
|
|
},
|
|
"label_": "resource: RUN",
|
|
"id_": "RUN",
|
|
"source_": "Dockerfile",
|
|
"content": "RUN corepack enable && corepack prepare npm@10.5.0 --activate\n",
|
|
"value": "corepack enable && corepack prepare npm@10.5.0 --activate",
|
|
"__startline__": 30,
|
|
"__endline__": 30,
|
|
"resource_type": "RUN",
|
|
"hash": "01c88e306f7db45ae7136e3bdb63c4b15978dd024f6ed18210961fc3db3df382"
|
|
},
|
|
"evaluated_keys": [
|
|
"value"
|
|
]
|
|
},
|
|
"code_block": [
|
|
[
|
|
31,
|
|
"RUN corepack enable && corepack prepare npm@10.5.0 --activate\n"
|
|
]
|
|
],
|
|
"file_path": "/Dockerfile.production",
|
|
"file_abs_path": "/scan/Dockerfile.production",
|
|
"repo_file_path": "/Dockerfile.production",
|
|
"file_line_range": [
|
|
31,
|
|
31
|
|
],
|
|
"resource": "/Dockerfile.production.RUN",
|
|
"evaluations": null,
|
|
"check_class": "checkov.common.graph.checks_infra.base_check",
|
|
"fixed_definition": null,
|
|
"entity_tags": null,
|
|
"caller_file_path": null,
|
|
"caller_file_line_range": null,
|
|
"resource_address": null,
|
|
"severity": null,
|
|
"bc_category": null,
|
|
"benchmarks": null,
|
|
"description": null,
|
|
"short_description": null,
|
|
"vulnerability_details": null,
|
|
"connected_node": null,
|
|
"guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-pip-trusted-host",
|
|
"details": [],
|
|
"check_len": null,
|
|
"definition_context_file_path": null
|
|
},
|
|
{
|
|
"check_id": "CKV2_DOCKER_16",
|
|
"bc_check_id": null,
|
|
"check_name": "Ensure that certificate validation isn't disabled with pip via the 'PIP_TRUSTED_HOST' environment variable",
|
|
"check_result": {
|
|
"result": "PASSED",
|
|
"entity": {
|
|
"block_name_": "ARG",
|
|
"block_type_": "resource",
|
|
"file_path_": "/Dockerfile.production",
|
|
"config_": {
|
|
"content": "ARG NEXT_PUBLIC_API_URL\n",
|
|
"value": "NEXT_PUBLIC_API_URL",
|
|
"__startline__": 11,
|
|
"__endline__": 11
|
|
},
|
|
"label_": "resource: ARG",
|
|
"id_": "ARG",
|
|
"source_": "Dockerfile",
|
|
"content": "ARG NEXT_PUBLIC_API_URL\n",
|
|
"value": "NEXT_PUBLIC_API_URL",
|
|
"__startline__": 11,
|
|
"__endline__": 11,
|
|
"resource_type": "ARG",
|
|
"hash": "fded00a21c81cd45d8985324636a2acafc73bef594a45811ca0d68265da3f9dc"
|
|
},
|
|
"evaluated_keys": [
|
|
"value"
|
|
]
|
|
},
|
|
"code_block": [
|
|
[
|
|
12,
|
|
"ARG NEXT_PUBLIC_API_URL\n"
|
|
]
|
|
],
|
|
"file_path": "/Dockerfile.production",
|
|
"file_abs_path": "/scan/Dockerfile.production",
|
|
"repo_file_path": "/Dockerfile.production",
|
|
"file_line_range": [
|
|
12,
|
|
12
|
|
],
|
|
"resource": "/Dockerfile.production.ARG",
|
|
"evaluations": null,
|
|
"check_class": "checkov.common.graph.checks_infra.base_check",
|
|
"fixed_definition": null,
|
|
"entity_tags": null,
|
|
"caller_file_path": null,
|
|
"caller_file_line_range": null,
|
|
"resource_address": null,
|
|
"severity": null,
|
|
"bc_category": null,
|
|
"benchmarks": null,
|
|
"description": null,
|
|
"short_description": null,
|
|
"vulnerability_details": null,
|
|
"connected_node": null,
|
|
"guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-pip-trusted-host",
|
|
"details": [],
|
|
"check_len": null,
|
|
"definition_context_file_path": null
|
|
},
|
|
{
|
|
"check_id": "CKV2_DOCKER_16",
|
|
"bc_check_id": null,
|
|
"check_name": "Ensure that certificate validation isn't disabled with pip via the 'PIP_TRUSTED_HOST' environment variable",
|
|
"check_result": {
|
|
"result": "PASSED",
|
|
"entity": {
|
|
"block_name_": "ARG",
|
|
"block_type_": "resource",
|
|
"file_path_": "/Dockerfile.production",
|
|
"config_": {
|
|
"content": "ARG NEXT_PUBLIC_MARKETPLACE_URL\n",
|
|
"value": "NEXT_PUBLIC_MARKETPLACE_URL",
|
|
"__startline__": 12,
|
|
"__endline__": 12
|
|
},
|
|
"label_": "resource: ARG",
|
|
"id_": "ARG",
|
|
"source_": "Dockerfile",
|
|
"content": "ARG NEXT_PUBLIC_MARKETPLACE_URL\n",
|
|
"value": "NEXT_PUBLIC_MARKETPLACE_URL",
|
|
"__startline__": 12,
|
|
"__endline__": 12,
|
|
"resource_type": "ARG",
|
|
"hash": "11d98758a432fc03021573afe4df769dc34ff0a4aec966f558b5e00c71c6cf3b"
|
|
},
|
|
"evaluated_keys": [
|
|
"value"
|
|
]
|
|
},
|
|
"code_block": [
|
|
[
|
|
13,
|
|
"ARG NEXT_PUBLIC_MARKETPLACE_URL\n"
|
|
]
|
|
],
|
|
"file_path": "/Dockerfile.production",
|
|
"file_abs_path": "/scan/Dockerfile.production",
|
|
"repo_file_path": "/Dockerfile.production",
|
|
"file_line_range": [
|
|
13,
|
|
13
|
|
],
|
|
"resource": "/Dockerfile.production.ARG",
|
|
"evaluations": null,
|
|
"check_class": "checkov.common.graph.checks_infra.base_check",
|
|
"fixed_definition": null,
|
|
"entity_tags": null,
|
|
"caller_file_path": null,
|
|
"caller_file_line_range": null,
|
|
"resource_address": null,
|
|
"severity": null,
|
|
"bc_category": null,
|
|
"benchmarks": null,
|
|
"description": null,
|
|
"short_description": null,
|
|
"vulnerability_details": null,
|
|
"connected_node": null,
|
|
"guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-pip-trusted-host",
|
|
"details": [],
|
|
"check_len": null,
|
|
"definition_context_file_path": null
|
|
},
|
|
{
|
|
"check_id": "CKV2_DOCKER_16",
|
|
"bc_check_id": null,
|
|
"check_name": "Ensure that certificate validation isn't disabled with pip via the 'PIP_TRUSTED_HOST' environment variable",
|
|
"check_result": {
|
|
"result": "PASSED",
|
|
"entity": {
|
|
"block_name_": "ARG",
|
|
"block_type_": "resource",
|
|
"file_path_": "/Dockerfile.production",
|
|
"config_": {
|
|
"content": "ARG NEXT_PUBLIC_DASHBOARD_URL\n",
|
|
"value": "NEXT_PUBLIC_DASHBOARD_URL",
|
|
"__startline__": 13,
|
|
"__endline__": 13
|
|
},
|
|
"label_": "resource: ARG",
|
|
"id_": "ARG",
|
|
"source_": "Dockerfile",
|
|
"content": "ARG NEXT_PUBLIC_DASHBOARD_URL\n",
|
|
"value": "NEXT_PUBLIC_DASHBOARD_URL",
|
|
"__startline__": 13,
|
|
"__endline__": 13,
|
|
"resource_type": "ARG",
|
|
"hash": "4075db881e0d222faeb86e03db8a05d9a998deab344c05aee0e89d2426e01383"
|
|
},
|
|
"evaluated_keys": [
|
|
"value"
|
|
]
|
|
},
|
|
"code_block": [
|
|
[
|
|
14,
|
|
"ARG NEXT_PUBLIC_DASHBOARD_URL\n"
|
|
]
|
|
],
|
|
"file_path": "/Dockerfile.production",
|
|
"file_abs_path": "/scan/Dockerfile.production",
|
|
"repo_file_path": "/Dockerfile.production",
|
|
"file_line_range": [
|
|
14,
|
|
14
|
|
],
|
|
"resource": "/Dockerfile.production.ARG",
|
|
"evaluations": null,
|
|
"check_class": "checkov.common.graph.checks_infra.base_check",
|
|
"fixed_definition": null,
|
|
"entity_tags": null,
|
|
"caller_file_path": null,
|
|
"caller_file_line_range": null,
|
|
"resource_address": null,
|
|
"severity": null,
|
|
"bc_category": null,
|
|
"benchmarks": null,
|
|
"description": null,
|
|
"short_description": null,
|
|
"vulnerability_details": null,
|
|
"connected_node": null,
|
|
"guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-pip-trusted-host",
|
|
"details": [],
|
|
"check_len": null,
|
|
"definition_context_file_path": null
|
|
},
|
|
{
|
|
"check_id": "CKV2_DOCKER_16",
|
|
"bc_check_id": null,
|
|
"check_name": "Ensure that certificate validation isn't disabled with pip via the 'PIP_TRUSTED_HOST' environment variable",
|
|
"check_result": {
|
|
"result": "PASSED",
|
|
"entity": {
|
|
"block_name_": "ARG",
|
|
"block_type_": "resource",
|
|
"file_path_": "/Dockerfile.production",
|
|
"config_": {
|
|
"content": "ARG NEXT_PUBLIC_ADMIN_URL\n",
|
|
"value": "NEXT_PUBLIC_ADMIN_URL",
|
|
"__startline__": 14,
|
|
"__endline__": 14
|
|
},
|
|
"label_": "resource: ARG",
|
|
"id_": "ARG",
|
|
"source_": "Dockerfile",
|
|
"content": "ARG NEXT_PUBLIC_ADMIN_URL\n",
|
|
"value": "NEXT_PUBLIC_ADMIN_URL",
|
|
"__startline__": 14,
|
|
"__endline__": 14,
|
|
"resource_type": "ARG",
|
|
"hash": "a4c9bf1c4e349946074fb4c606d0db63c06a809d125e58ddd09427e4d929fd6a"
|
|
},
|
|
"evaluated_keys": [
|
|
"value"
|
|
]
|
|
},
|
|
"code_block": [
|
|
[
|
|
15,
|
|
"ARG NEXT_PUBLIC_ADMIN_URL\n"
|
|
]
|
|
],
|
|
"file_path": "/Dockerfile.production",
|
|
"file_abs_path": "/scan/Dockerfile.production",
|
|
"repo_file_path": "/Dockerfile.production",
|
|
"file_line_range": [
|
|
15,
|
|
15
|
|
],
|
|
"resource": "/Dockerfile.production.ARG",
|
|
"evaluations": null,
|
|
"check_class": "checkov.common.graph.checks_infra.base_check",
|
|
"fixed_definition": null,
|
|
"entity_tags": null,
|
|
"caller_file_path": null,
|
|
"caller_file_line_range": null,
|
|
"resource_address": null,
|
|
"severity": null,
|
|
"bc_category": null,
|
|
"benchmarks": null,
|
|
"description": null,
|
|
"short_description": null,
|
|
"vulnerability_details": null,
|
|
"connected_node": null,
|
|
"guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-pip-trusted-host",
|
|
"details": [],
|
|
"check_len": null,
|
|
"definition_context_file_path": null
|
|
},
|
|
{
|
|
"check_id": "CKV2_DOCKER_16",
|
|
"bc_check_id": null,
|
|
"check_name": "Ensure that certificate validation isn't disabled with pip via the 'PIP_TRUSTED_HOST' environment variable",
|
|
"check_result": {
|
|
"result": "PASSED",
|
|
"entity": {
|
|
"block_name_": "ENV",
|
|
"block_type_": "resource",
|
|
"file_path_": "/Dockerfile.production",
|
|
"config_": {
|
|
"content": "ENV NEXT_PUBLIC_API_URL=$NEXT_PUBLIC_API_URL \\\n NEXT_PUBLIC_MARKETPLACE_URL=$NEXT_PUBLIC_MARKETPLACE_URL \\\n NEXT_PUBLIC_DASHBOARD_URL=$NEXT_PUBLIC_DASHBOARD_URL \\\n NEXT_PUBLIC_ADMIN_URL=$NEXT_PUBLIC_ADMIN_URL\n",
|
|
"value": "NEXT_PUBLIC_API_URL=$NEXT_PUBLIC_API_URL NEXT_PUBLIC_MARKETPLACE_URL=$NEXT_PUBLIC_MARKETPLACE_URL NEXT_PUBLIC_DASHBOARD_URL=$NEXT_PUBLIC_DASHBOARD_URL NEXT_PUBLIC_ADMIN_URL=$NEXT_PUBLIC_ADMIN_URL",
|
|
"__startline__": 15,
|
|
"__endline__": 18
|
|
},
|
|
"label_": "resource: ENV",
|
|
"id_": "ENV",
|
|
"source_": "Dockerfile",
|
|
"content": "ENV NEXT_PUBLIC_API_URL=$NEXT_PUBLIC_API_URL \\\n NEXT_PUBLIC_MARKETPLACE_URL=$NEXT_PUBLIC_MARKETPLACE_URL \\\n NEXT_PUBLIC_DASHBOARD_URL=$NEXT_PUBLIC_DASHBOARD_URL \\\n NEXT_PUBLIC_ADMIN_URL=$NEXT_PUBLIC_ADMIN_URL\n",
|
|
"value": "NEXT_PUBLIC_API_URL=$NEXT_PUBLIC_API_URL NEXT_PUBLIC_MARKETPLACE_URL=$NEXT_PUBLIC_MARKETPLACE_URL NEXT_PUBLIC_DASHBOARD_URL=$NEXT_PUBLIC_DASHBOARD_URL NEXT_PUBLIC_ADMIN_URL=$NEXT_PUBLIC_ADMIN_URL",
|
|
"__startline__": 15,
|
|
"__endline__": 18,
|
|
"resource_type": "ENV",
|
|
"hash": "65abe3eb0aadfa3b1ed513b9e21f4f8c4524ec8c298e7123de46806870b90557"
|
|
},
|
|
"evaluated_keys": [
|
|
"value"
|
|
]
|
|
},
|
|
"code_block": [
|
|
[
|
|
16,
|
|
"ENV NEXT_PUBLIC_API_URL=$NEXT_PUBLIC_API_URL \\\n"
|
|
],
|
|
[
|
|
17,
|
|
" NEXT_PUBLIC_MARKETPLACE_URL=$NEXT_PUBLIC_MARKETPLACE_URL \\\n"
|
|
],
|
|
[
|
|
18,
|
|
" NEXT_PUBLIC_DASHBOARD_URL=$NEXT_PUBLIC_DASHBOARD_URL \\\n"
|
|
],
|
|
[
|
|
19,
|
|
" NEXT_PUBLIC_ADMIN_URL=$NEXT_PUBLIC_ADMIN_URL\n"
|
|
]
|
|
],
|
|
"file_path": "/Dockerfile.production",
|
|
"file_abs_path": "/scan/Dockerfile.production",
|
|
"repo_file_path": "/Dockerfile.production",
|
|
"file_line_range": [
|
|
16,
|
|
19
|
|
],
|
|
"resource": "/Dockerfile.production.ENV",
|
|
"evaluations": null,
|
|
"check_class": "checkov.common.graph.checks_infra.base_check",
|
|
"fixed_definition": null,
|
|
"entity_tags": null,
|
|
"caller_file_path": null,
|
|
"caller_file_line_range": null,
|
|
"resource_address": null,
|
|
"severity": null,
|
|
"bc_category": null,
|
|
"benchmarks": null,
|
|
"description": null,
|
|
"short_description": null,
|
|
"vulnerability_details": null,
|
|
"connected_node": null,
|
|
"guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-pip-trusted-host",
|
|
"details": [],
|
|
"check_len": null,
|
|
"definition_context_file_path": null
|
|
},
|
|
{
|
|
"check_id": "CKV2_DOCKER_16",
|
|
"bc_check_id": null,
|
|
"check_name": "Ensure that certificate validation isn't disabled with pip via the 'PIP_TRUSTED_HOST' environment variable",
|
|
"check_result": {
|
|
"result": "PASSED",
|
|
"entity": {
|
|
"block_name_": "ENV",
|
|
"block_type_": "resource",
|
|
"file_path_": "/Dockerfile.production",
|
|
"config_": {
|
|
"content": "ENV NODE_ENV=production\n",
|
|
"value": "NODE_ENV=production",
|
|
"__startline__": 28,
|
|
"__endline__": 28
|
|
},
|
|
"label_": "resource: ENV",
|
|
"id_": "ENV",
|
|
"source_": "Dockerfile",
|
|
"content": "ENV NODE_ENV=production\n",
|
|
"value": "NODE_ENV=production",
|
|
"__startline__": 28,
|
|
"__endline__": 28,
|
|
"resource_type": "ENV",
|
|
"hash": "5a6afcff0e4c111b04ace6d372feb2943096034796456739be650482e87f3e0e"
|
|
},
|
|
"evaluated_keys": [
|
|
"value"
|
|
]
|
|
},
|
|
"code_block": [
|
|
[
|
|
29,
|
|
"ENV NODE_ENV=production\n"
|
|
]
|
|
],
|
|
"file_path": "/Dockerfile.production",
|
|
"file_abs_path": "/scan/Dockerfile.production",
|
|
"repo_file_path": "/Dockerfile.production",
|
|
"file_line_range": [
|
|
29,
|
|
29
|
|
],
|
|
"resource": "/Dockerfile.production.ENV",
|
|
"evaluations": null,
|
|
"check_class": "checkov.common.graph.checks_infra.base_check",
|
|
"fixed_definition": null,
|
|
"entity_tags": null,
|
|
"caller_file_path": null,
|
|
"caller_file_line_range": null,
|
|
"resource_address": null,
|
|
"severity": null,
|
|
"bc_category": null,
|
|
"benchmarks": null,
|
|
"description": null,
|
|
"short_description": null,
|
|
"vulnerability_details": null,
|
|
"connected_node": null,
|
|
"guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-pip-trusted-host",
|
|
"details": [],
|
|
"check_len": null,
|
|
"definition_context_file_path": null
|
|
},
|
|
{
|
|
"check_id": "CKV2_DOCKER_16",
|
|
"bc_check_id": null,
|
|
"check_name": "Ensure that certificate validation isn't disabled with pip via the 'PIP_TRUSTED_HOST' environment variable",
|
|
"check_result": {
|
|
"result": "PASSED",
|
|
"entity": {
|
|
"block_name_": "RUN",
|
|
"block_type_": "resource",
|
|
"file_path_": "/Dockerfile.test",
|
|
"config_": {
|
|
"content": "RUN corepack enable && corepack prepare npm@10.5.0 --activate\n",
|
|
"value": "corepack enable && corepack prepare npm@10.5.0 --activate",
|
|
"__startline__": 4,
|
|
"__endline__": 4
|
|
},
|
|
"label_": "resource: RUN",
|
|
"id_": "RUN",
|
|
"source_": "Dockerfile",
|
|
"content": "RUN corepack enable && corepack prepare npm@10.5.0 --activate\n",
|
|
"value": "corepack enable && corepack prepare npm@10.5.0 --activate",
|
|
"__startline__": 4,
|
|
"__endline__": 4,
|
|
"resource_type": "RUN",
|
|
"hash": "1d5fb0a211498b8baf37e5744578ad03459da7798534298981f23fdefb7eb757"
|
|
},
|
|
"evaluated_keys": [
|
|
"value"
|
|
]
|
|
},
|
|
"code_block": [
|
|
[
|
|
5,
|
|
"RUN corepack enable && corepack prepare npm@10.5.0 --activate\n"
|
|
]
|
|
],
|
|
"file_path": "/Dockerfile.test",
|
|
"file_abs_path": "/scan/Dockerfile.test",
|
|
"repo_file_path": "/Dockerfile.test",
|
|
"file_line_range": [
|
|
5,
|
|
5
|
|
],
|
|
"resource": "/Dockerfile.test.RUN",
|
|
"evaluations": null,
|
|
"check_class": "checkov.common.graph.checks_infra.base_check",
|
|
"fixed_definition": null,
|
|
"entity_tags": null,
|
|
"caller_file_path": null,
|
|
"caller_file_line_range": null,
|
|
"resource_address": null,
|
|
"severity": null,
|
|
"bc_category": null,
|
|
"benchmarks": null,
|
|
"description": null,
|
|
"short_description": null,
|
|
"vulnerability_details": null,
|
|
"connected_node": null,
|
|
"guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-pip-trusted-host",
|
|
"details": [],
|
|
"check_len": null,
|
|
"definition_context_file_path": null
|
|
},
|
|
{
|
|
"check_id": "CKV2_DOCKER_16",
|
|
"bc_check_id": null,
|
|
"check_name": "Ensure that certificate validation isn't disabled with pip via the 'PIP_TRUSTED_HOST' environment variable",
|
|
"check_result": {
|
|
"result": "PASSED",
|
|
"entity": {
|
|
"block_name_": "RUN",
|
|
"block_type_": "resource",
|
|
"file_path_": "/Dockerfile.test",
|
|
"config_": {
|
|
"content": "RUN npm install\n",
|
|
"value": "npm install",
|
|
"__startline__": 10,
|
|
"__endline__": 10
|
|
},
|
|
"label_": "resource: RUN",
|
|
"id_": "RUN",
|
|
"source_": "Dockerfile",
|
|
"content": "RUN npm install\n",
|
|
"value": "npm install",
|
|
"__startline__": 10,
|
|
"__endline__": 10,
|
|
"resource_type": "RUN",
|
|
"hash": "fb809e4860a3131df821aea9480445cc6e2f66dd52744dab5f3d2ef5b2848436"
|
|
},
|
|
"evaluated_keys": [
|
|
"value"
|
|
]
|
|
},
|
|
"code_block": [
|
|
[
|
|
11,
|
|
"RUN npm install\n"
|
|
]
|
|
],
|
|
"file_path": "/Dockerfile.test",
|
|
"file_abs_path": "/scan/Dockerfile.test",
|
|
"repo_file_path": "/Dockerfile.test",
|
|
"file_line_range": [
|
|
11,
|
|
11
|
|
],
|
|
"resource": "/Dockerfile.test.RUN",
|
|
"evaluations": null,
|
|
"check_class": "checkov.common.graph.checks_infra.base_check",
|
|
"fixed_definition": null,
|
|
"entity_tags": null,
|
|
"caller_file_path": null,
|
|
"caller_file_line_range": null,
|
|
"resource_address": null,
|
|
"severity": null,
|
|
"bc_category": null,
|
|
"benchmarks": null,
|
|
"description": null,
|
|
"short_description": null,
|
|
"vulnerability_details": null,
|
|
"connected_node": null,
|
|
"guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-pip-trusted-host",
|
|
"details": [],
|
|
"check_len": null,
|
|
"definition_context_file_path": null
|
|
},
|
|
{
|
|
"check_id": "CKV2_DOCKER_16",
|
|
"bc_check_id": null,
|
|
"check_name": "Ensure that certificate validation isn't disabled with pip via the 'PIP_TRUSTED_HOST' environment variable",
|
|
"check_result": {
|
|
"result": "PASSED",
|
|
"entity": {
|
|
"block_name_": "ENV",
|
|
"block_type_": "resource",
|
|
"file_path_": "/Dockerfile.test",
|
|
"config_": {
|
|
"content": "ENV NODE_ENV=test\n",
|
|
"value": "NODE_ENV=test",
|
|
"__startline__": 12,
|
|
"__endline__": 12
|
|
},
|
|
"label_": "resource: ENV",
|
|
"id_": "ENV",
|
|
"source_": "Dockerfile",
|
|
"content": "ENV NODE_ENV=test\n",
|
|
"value": "NODE_ENV=test",
|
|
"__startline__": 12,
|
|
"__endline__": 12,
|
|
"resource_type": "ENV",
|
|
"hash": "14d83a642c69d4cf67fcdbeb6dace7ba464024fdcad52f8129d63c78042457cb"
|
|
},
|
|
"evaluated_keys": [
|
|
"value"
|
|
]
|
|
},
|
|
"code_block": [
|
|
[
|
|
13,
|
|
"ENV NODE_ENV=test\n"
|
|
]
|
|
],
|
|
"file_path": "/Dockerfile.test",
|
|
"file_abs_path": "/scan/Dockerfile.test",
|
|
"repo_file_path": "/Dockerfile.test",
|
|
"file_line_range": [
|
|
13,
|
|
13
|
|
],
|
|
"resource": "/Dockerfile.test.ENV",
|
|
"evaluations": null,
|
|
"check_class": "checkov.common.graph.checks_infra.base_check",
|
|
"fixed_definition": null,
|
|
"entity_tags": null,
|
|
"caller_file_path": null,
|
|
"caller_file_line_range": null,
|
|
"resource_address": null,
|
|
"severity": null,
|
|
"bc_category": null,
|
|
"benchmarks": null,
|
|
"description": null,
|
|
"short_description": null,
|
|
"vulnerability_details": null,
|
|
"connected_node": null,
|
|
"guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-pip-trusted-host",
|
|
"details": [],
|
|
"check_len": null,
|
|
"definition_context_file_path": null
|
|
},
|
|
{
|
|
"check_id": "CKV2_DOCKER_16",
|
|
"bc_check_id": null,
|
|
"check_name": "Ensure that certificate validation isn't disabled with pip via the 'PIP_TRUSTED_HOST' environment variable",
|
|
"check_result": {
|
|
"result": "PASSED",
|
|
"entity": {
|
|
"block_name_": "RUN",
|
|
"block_type_": "resource",
|
|
"file_path_": "/Dockerfile.dev",
|
|
"config_": {
|
|
"content": "RUN npm install -g npm@10.5.0 --no-fund --no-audit\n",
|
|
"value": "npm install -g npm@10.5.0 --no-fund --no-audit",
|
|
"__startline__": 4,
|
|
"__endline__": 4
|
|
},
|
|
"label_": "resource: RUN",
|
|
"id_": "RUN",
|
|
"source_": "Dockerfile",
|
|
"content": "RUN npm install -g npm@10.5.0 --no-fund --no-audit\n",
|
|
"value": "npm install -g npm@10.5.0 --no-fund --no-audit",
|
|
"__startline__": 4,
|
|
"__endline__": 4,
|
|
"resource_type": "RUN",
|
|
"hash": "435bba968d1d0b4c410ea33851637829a16b2ad878f0b9531a737c7a444f91b9"
|
|
},
|
|
"evaluated_keys": [
|
|
"value"
|
|
]
|
|
},
|
|
"code_block": [
|
|
[
|
|
5,
|
|
"RUN npm install -g npm@10.5.0 --no-fund --no-audit\n"
|
|
]
|
|
],
|
|
"file_path": "/Dockerfile.dev",
|
|
"file_abs_path": "/scan/Dockerfile.dev",
|
|
"repo_file_path": "/Dockerfile.dev",
|
|
"file_line_range": [
|
|
5,
|
|
5
|
|
],
|
|
"resource": "/Dockerfile.dev.RUN",
|
|
"evaluations": null,
|
|
"check_class": "checkov.common.graph.checks_infra.base_check",
|
|
"fixed_definition": null,
|
|
"entity_tags": null,
|
|
"caller_file_path": null,
|
|
"caller_file_line_range": null,
|
|
"resource_address": null,
|
|
"severity": null,
|
|
"bc_category": null,
|
|
"benchmarks": null,
|
|
"description": null,
|
|
"short_description": null,
|
|
"vulnerability_details": null,
|
|
"connected_node": null,
|
|
"guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-pip-trusted-host",
|
|
"details": [],
|
|
"check_len": null,
|
|
"definition_context_file_path": null
|
|
},
|
|
{
|
|
"check_id": "CKV2_DOCKER_16",
|
|
"bc_check_id": null,
|
|
"check_name": "Ensure that certificate validation isn't disabled with pip via the 'PIP_TRUSTED_HOST' environment variable",
|
|
"check_result": {
|
|
"result": "PASSED",
|
|
"entity": {
|
|
"block_name_": "RUN",
|
|
"block_type_": "resource",
|
|
"file_path_": "/Dockerfile.dev",
|
|
"config_": {
|
|
"content": "RUN npm ci --no-fund --no-audit\n",
|
|
"value": "npm ci --no-fund --no-audit",
|
|
"__startline__": 10,
|
|
"__endline__": 10
|
|
},
|
|
"label_": "resource: RUN",
|
|
"id_": "RUN",
|
|
"source_": "Dockerfile",
|
|
"content": "RUN npm ci --no-fund --no-audit\n",
|
|
"value": "npm ci --no-fund --no-audit",
|
|
"__startline__": 10,
|
|
"__endline__": 10,
|
|
"resource_type": "RUN",
|
|
"hash": "57abb1bbe03890ab19f47e5f96b9cbcee02aab65f6980d523df42faf41b709fa"
|
|
},
|
|
"evaluated_keys": [
|
|
"value"
|
|
]
|
|
},
|
|
"code_block": [
|
|
[
|
|
11,
|
|
"RUN npm ci --no-fund --no-audit\n"
|
|
]
|
|
],
|
|
"file_path": "/Dockerfile.dev",
|
|
"file_abs_path": "/scan/Dockerfile.dev",
|
|
"repo_file_path": "/Dockerfile.dev",
|
|
"file_line_range": [
|
|
11,
|
|
11
|
|
],
|
|
"resource": "/Dockerfile.dev.RUN",
|
|
"evaluations": null,
|
|
"check_class": "checkov.common.graph.checks_infra.base_check",
|
|
"fixed_definition": null,
|
|
"entity_tags": null,
|
|
"caller_file_path": null,
|
|
"caller_file_line_range": null,
|
|
"resource_address": null,
|
|
"severity": null,
|
|
"bc_category": null,
|
|
"benchmarks": null,
|
|
"description": null,
|
|
"short_description": null,
|
|
"vulnerability_details": null,
|
|
"connected_node": null,
|
|
"guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-pip-trusted-host",
|
|
"details": [],
|
|
"check_len": null,
|
|
"definition_context_file_path": null
|
|
},
|
|
{
|
|
"check_id": "CKV2_DOCKER_5",
|
|
"bc_check_id": null,
|
|
"check_name": "Ensure that certificate validation isn't disabled with the PYTHONHTTPSVERIFY environment variable",
|
|
"check_result": {
|
|
"result": "PASSED",
|
|
"entity": {
|
|
"block_name_": "RUN",
|
|
"block_type_": "resource",
|
|
"file_path_": "/Dockerfile.production",
|
|
"config_": {
|
|
"content": "RUN corepack enable && corepack prepare npm@10.5.0 --activate\n",
|
|
"value": "corepack enable && corepack prepare npm@10.5.0 --activate",
|
|
"__startline__": 4,
|
|
"__endline__": 4
|
|
},
|
|
"label_": "resource: RUN",
|
|
"id_": "RUN",
|
|
"source_": "Dockerfile",
|
|
"content": "RUN corepack enable && corepack prepare npm@10.5.0 --activate\n",
|
|
"value": "corepack enable && corepack prepare npm@10.5.0 --activate",
|
|
"__startline__": 4,
|
|
"__endline__": 4,
|
|
"resource_type": "RUN",
|
|
"hash": "dbd32b6bad6b728919787011f82d60c50d7b2d1c079f814de2b1640696c98816"
|
|
},
|
|
"evaluated_keys": [
|
|
"value"
|
|
]
|
|
},
|
|
"code_block": [
|
|
[
|
|
5,
|
|
"RUN corepack enable && corepack prepare npm@10.5.0 --activate\n"
|
|
]
|
|
],
|
|
"file_path": "/Dockerfile.production",
|
|
"file_abs_path": "/scan/Dockerfile.production",
|
|
"repo_file_path": "/Dockerfile.production",
|
|
"file_line_range": [
|
|
5,
|
|
5
|
|
],
|
|
"resource": "/Dockerfile.production.RUN",
|
|
"evaluations": null,
|
|
"check_class": "checkov.common.graph.checks_infra.base_check",
|
|
"fixed_definition": null,
|
|
"entity_tags": null,
|
|
"caller_file_path": null,
|
|
"caller_file_line_range": null,
|
|
"resource_address": null,
|
|
"severity": null,
|
|
"bc_category": null,
|
|
"benchmarks": null,
|
|
"description": null,
|
|
"short_description": null,
|
|
"vulnerability_details": null,
|
|
"connected_node": null,
|
|
"guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-PYTHONHTTPSVERIFY-secure",
|
|
"details": [],
|
|
"check_len": null,
|
|
"definition_context_file_path": null
|
|
},
|
|
{
|
|
"check_id": "CKV2_DOCKER_5",
|
|
"bc_check_id": null,
|
|
"check_name": "Ensure that certificate validation isn't disabled with the PYTHONHTTPSVERIFY environment variable",
|
|
"check_result": {
|
|
"result": "PASSED",
|
|
"entity": {
|
|
"block_name_": "RUN",
|
|
"block_type_": "resource",
|
|
"file_path_": "/Dockerfile.production",
|
|
"config_": {
|
|
"content": "RUN npm install\n",
|
|
"value": "npm install",
|
|
"__startline__": 20,
|
|
"__endline__": 20
|
|
},
|
|
"label_": "resource: RUN",
|
|
"id_": "RUN",
|
|
"source_": "Dockerfile",
|
|
"content": "RUN npm install\n",
|
|
"value": "npm install",
|
|
"__startline__": 20,
|
|
"__endline__": 20,
|
|
"resource_type": "RUN",
|
|
"hash": "6979b14e6a853ac150ffef85c5e28fd49c956054ea2cb1d01440e13b17260c4a"
|
|
},
|
|
"evaluated_keys": [
|
|
"value"
|
|
]
|
|
},
|
|
"code_block": [
|
|
[
|
|
21,
|
|
"RUN npm install\n"
|
|
]
|
|
],
|
|
"file_path": "/Dockerfile.production",
|
|
"file_abs_path": "/scan/Dockerfile.production",
|
|
"repo_file_path": "/Dockerfile.production",
|
|
"file_line_range": [
|
|
21,
|
|
21
|
|
],
|
|
"resource": "/Dockerfile.production.RUN",
|
|
"evaluations": null,
|
|
"check_class": "checkov.common.graph.checks_infra.base_check",
|
|
"fixed_definition": null,
|
|
"entity_tags": null,
|
|
"caller_file_path": null,
|
|
"caller_file_line_range": null,
|
|
"resource_address": null,
|
|
"severity": null,
|
|
"bc_category": null,
|
|
"benchmarks": null,
|
|
"description": null,
|
|
"short_description": null,
|
|
"vulnerability_details": null,
|
|
"connected_node": null,
|
|
"guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-PYTHONHTTPSVERIFY-secure",
|
|
"details": [],
|
|
"check_len": null,
|
|
"definition_context_file_path": null
|
|
},
|
|
{
|
|
"check_id": "CKV2_DOCKER_5",
|
|
"bc_check_id": null,
|
|
"check_name": "Ensure that certificate validation isn't disabled with the PYTHONHTTPSVERIFY environment variable",
|
|
"check_result": {
|
|
"result": "PASSED",
|
|
"entity": {
|
|
"block_name_": "RUN",
|
|
"block_type_": "resource",
|
|
"file_path_": "/Dockerfile.production",
|
|
"config_": {
|
|
"content": "RUN npm run db:generate\n",
|
|
"value": "npm run db:generate",
|
|
"__startline__": 21,
|
|
"__endline__": 21
|
|
},
|
|
"label_": "resource: RUN",
|
|
"id_": "RUN",
|
|
"source_": "Dockerfile",
|
|
"content": "RUN npm run db:generate\n",
|
|
"value": "npm run db:generate",
|
|
"__startline__": 21,
|
|
"__endline__": 21,
|
|
"resource_type": "RUN",
|
|
"hash": "c1f9cc0c42260bb0183d7e7b9ec2edab99837111ad42dbbdd7fad09ff3e37ab0"
|
|
},
|
|
"evaluated_keys": [
|
|
"value"
|
|
]
|
|
},
|
|
"code_block": [
|
|
[
|
|
22,
|
|
"RUN npm run db:generate\n"
|
|
]
|
|
],
|
|
"file_path": "/Dockerfile.production",
|
|
"file_abs_path": "/scan/Dockerfile.production",
|
|
"repo_file_path": "/Dockerfile.production",
|
|
"file_line_range": [
|
|
22,
|
|
22
|
|
],
|
|
"resource": "/Dockerfile.production.RUN",
|
|
"evaluations": null,
|
|
"check_class": "checkov.common.graph.checks_infra.base_check",
|
|
"fixed_definition": null,
|
|
"entity_tags": null,
|
|
"caller_file_path": null,
|
|
"caller_file_line_range": null,
|
|
"resource_address": null,
|
|
"severity": null,
|
|
"bc_category": null,
|
|
"benchmarks": null,
|
|
"description": null,
|
|
"short_description": null,
|
|
"vulnerability_details": null,
|
|
"connected_node": null,
|
|
"guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-PYTHONHTTPSVERIFY-secure",
|
|
"details": [],
|
|
"check_len": null,
|
|
"definition_context_file_path": null
|
|
},
|
|
{
|
|
"check_id": "CKV2_DOCKER_5",
|
|
"bc_check_id": null,
|
|
"check_name": "Ensure that certificate validation isn't disabled with the PYTHONHTTPSVERIFY environment variable",
|
|
"check_result": {
|
|
"result": "PASSED",
|
|
"entity": {
|
|
"block_name_": "RUN",
|
|
"block_type_": "resource",
|
|
"file_path_": "/Dockerfile.production",
|
|
"config_": {
|
|
"content": "RUN npm run build\n",
|
|
"value": "npm run build",
|
|
"__startline__": 22,
|
|
"__endline__": 22
|
|
},
|
|
"label_": "resource: RUN",
|
|
"id_": "RUN",
|
|
"source_": "Dockerfile",
|
|
"content": "RUN npm run build\n",
|
|
"value": "npm run build",
|
|
"__startline__": 22,
|
|
"__endline__": 22,
|
|
"resource_type": "RUN",
|
|
"hash": "1bf185fb6038f1b491f2a2686de4dd9869ccdd9c3e34d2772cf43bd368377aa6"
|
|
},
|
|
"evaluated_keys": [
|
|
"value"
|
|
]
|
|
},
|
|
"code_block": [
|
|
[
|
|
23,
|
|
"RUN npm run build\n"
|
|
]
|
|
],
|
|
"file_path": "/Dockerfile.production",
|
|
"file_abs_path": "/scan/Dockerfile.production",
|
|
"repo_file_path": "/Dockerfile.production",
|
|
"file_line_range": [
|
|
23,
|
|
23
|
|
],
|
|
"resource": "/Dockerfile.production.RUN",
|
|
"evaluations": null,
|
|
"check_class": "checkov.common.graph.checks_infra.base_check",
|
|
"fixed_definition": null,
|
|
"entity_tags": null,
|
|
"caller_file_path": null,
|
|
"caller_file_line_range": null,
|
|
"resource_address": null,
|
|
"severity": null,
|
|
"bc_category": null,
|
|
"benchmarks": null,
|
|
"description": null,
|
|
"short_description": null,
|
|
"vulnerability_details": null,
|
|
"connected_node": null,
|
|
"guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-PYTHONHTTPSVERIFY-secure",
|
|
"details": [],
|
|
"check_len": null,
|
|
"definition_context_file_path": null
|
|
},
|
|
{
|
|
"check_id": "CKV2_DOCKER_5",
|
|
"bc_check_id": null,
|
|
"check_name": "Ensure that certificate validation isn't disabled with the PYTHONHTTPSVERIFY environment variable",
|
|
"check_result": {
|
|
"result": "PASSED",
|
|
"entity": {
|
|
"block_name_": "RUN",
|
|
"block_type_": "resource",
|
|
"file_path_": "/Dockerfile.production",
|
|
"config_": {
|
|
"content": "RUN corepack enable && corepack prepare npm@10.5.0 --activate\n",
|
|
"value": "corepack enable && corepack prepare npm@10.5.0 --activate",
|
|
"__startline__": 30,
|
|
"__endline__": 30
|
|
},
|
|
"label_": "resource: RUN",
|
|
"id_": "RUN",
|
|
"source_": "Dockerfile",
|
|
"content": "RUN corepack enable && corepack prepare npm@10.5.0 --activate\n",
|
|
"value": "corepack enable && corepack prepare npm@10.5.0 --activate",
|
|
"__startline__": 30,
|
|
"__endline__": 30,
|
|
"resource_type": "RUN",
|
|
"hash": "01c88e306f7db45ae7136e3bdb63c4b15978dd024f6ed18210961fc3db3df382"
|
|
},
|
|
"evaluated_keys": [
|
|
"value"
|
|
]
|
|
},
|
|
"code_block": [
|
|
[
|
|
31,
|
|
"RUN corepack enable && corepack prepare npm@10.5.0 --activate\n"
|
|
]
|
|
],
|
|
"file_path": "/Dockerfile.production",
|
|
"file_abs_path": "/scan/Dockerfile.production",
|
|
"repo_file_path": "/Dockerfile.production",
|
|
"file_line_range": [
|
|
31,
|
|
31
|
|
],
|
|
"resource": "/Dockerfile.production.RUN",
|
|
"evaluations": null,
|
|
"check_class": "checkov.common.graph.checks_infra.base_check",
|
|
"fixed_definition": null,
|
|
"entity_tags": null,
|
|
"caller_file_path": null,
|
|
"caller_file_line_range": null,
|
|
"resource_address": null,
|
|
"severity": null,
|
|
"bc_category": null,
|
|
"benchmarks": null,
|
|
"description": null,
|
|
"short_description": null,
|
|
"vulnerability_details": null,
|
|
"connected_node": null,
|
|
"guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-PYTHONHTTPSVERIFY-secure",
|
|
"details": [],
|
|
"check_len": null,
|
|
"definition_context_file_path": null
|
|
},
|
|
{
|
|
"check_id": "CKV2_DOCKER_5",
|
|
"bc_check_id": null,
|
|
"check_name": "Ensure that certificate validation isn't disabled with the PYTHONHTTPSVERIFY environment variable",
|
|
"check_result": {
|
|
"result": "PASSED",
|
|
"entity": {
|
|
"block_name_": "ARG",
|
|
"block_type_": "resource",
|
|
"file_path_": "/Dockerfile.production",
|
|
"config_": {
|
|
"content": "ARG NEXT_PUBLIC_API_URL\n",
|
|
"value": "NEXT_PUBLIC_API_URL",
|
|
"__startline__": 11,
|
|
"__endline__": 11
|
|
},
|
|
"label_": "resource: ARG",
|
|
"id_": "ARG",
|
|
"source_": "Dockerfile",
|
|
"content": "ARG NEXT_PUBLIC_API_URL\n",
|
|
"value": "NEXT_PUBLIC_API_URL",
|
|
"__startline__": 11,
|
|
"__endline__": 11,
|
|
"resource_type": "ARG",
|
|
"hash": "fded00a21c81cd45d8985324636a2acafc73bef594a45811ca0d68265da3f9dc"
|
|
},
|
|
"evaluated_keys": [
|
|
"value"
|
|
]
|
|
},
|
|
"code_block": [
|
|
[
|
|
12,
|
|
"ARG NEXT_PUBLIC_API_URL\n"
|
|
]
|
|
],
|
|
"file_path": "/Dockerfile.production",
|
|
"file_abs_path": "/scan/Dockerfile.production",
|
|
"repo_file_path": "/Dockerfile.production",
|
|
"file_line_range": [
|
|
12,
|
|
12
|
|
],
|
|
"resource": "/Dockerfile.production.ARG",
|
|
"evaluations": null,
|
|
"check_class": "checkov.common.graph.checks_infra.base_check",
|
|
"fixed_definition": null,
|
|
"entity_tags": null,
|
|
"caller_file_path": null,
|
|
"caller_file_line_range": null,
|
|
"resource_address": null,
|
|
"severity": null,
|
|
"bc_category": null,
|
|
"benchmarks": null,
|
|
"description": null,
|
|
"short_description": null,
|
|
"vulnerability_details": null,
|
|
"connected_node": null,
|
|
"guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-PYTHONHTTPSVERIFY-secure",
|
|
"details": [],
|
|
"check_len": null,
|
|
"definition_context_file_path": null
|
|
},
|
|
{
|
|
"check_id": "CKV2_DOCKER_5",
|
|
"bc_check_id": null,
|
|
"check_name": "Ensure that certificate validation isn't disabled with the PYTHONHTTPSVERIFY environment variable",
|
|
"check_result": {
|
|
"result": "PASSED",
|
|
"entity": {
|
|
"block_name_": "ARG",
|
|
"block_type_": "resource",
|
|
"file_path_": "/Dockerfile.production",
|
|
"config_": {
|
|
"content": "ARG NEXT_PUBLIC_MARKETPLACE_URL\n",
|
|
"value": "NEXT_PUBLIC_MARKETPLACE_URL",
|
|
"__startline__": 12,
|
|
"__endline__": 12
|
|
},
|
|
"label_": "resource: ARG",
|
|
"id_": "ARG",
|
|
"source_": "Dockerfile",
|
|
"content": "ARG NEXT_PUBLIC_MARKETPLACE_URL\n",
|
|
"value": "NEXT_PUBLIC_MARKETPLACE_URL",
|
|
"__startline__": 12,
|
|
"__endline__": 12,
|
|
"resource_type": "ARG",
|
|
"hash": "11d98758a432fc03021573afe4df769dc34ff0a4aec966f558b5e00c71c6cf3b"
|
|
},
|
|
"evaluated_keys": [
|
|
"value"
|
|
]
|
|
},
|
|
"code_block": [
|
|
[
|
|
13,
|
|
"ARG NEXT_PUBLIC_MARKETPLACE_URL\n"
|
|
]
|
|
],
|
|
"file_path": "/Dockerfile.production",
|
|
"file_abs_path": "/scan/Dockerfile.production",
|
|
"repo_file_path": "/Dockerfile.production",
|
|
"file_line_range": [
|
|
13,
|
|
13
|
|
],
|
|
"resource": "/Dockerfile.production.ARG",
|
|
"evaluations": null,
|
|
"check_class": "checkov.common.graph.checks_infra.base_check",
|
|
"fixed_definition": null,
|
|
"entity_tags": null,
|
|
"caller_file_path": null,
|
|
"caller_file_line_range": null,
|
|
"resource_address": null,
|
|
"severity": null,
|
|
"bc_category": null,
|
|
"benchmarks": null,
|
|
"description": null,
|
|
"short_description": null,
|
|
"vulnerability_details": null,
|
|
"connected_node": null,
|
|
"guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-PYTHONHTTPSVERIFY-secure",
|
|
"details": [],
|
|
"check_len": null,
|
|
"definition_context_file_path": null
|
|
},
|
|
{
|
|
"check_id": "CKV2_DOCKER_5",
|
|
"bc_check_id": null,
|
|
"check_name": "Ensure that certificate validation isn't disabled with the PYTHONHTTPSVERIFY environment variable",
|
|
"check_result": {
|
|
"result": "PASSED",
|
|
"entity": {
|
|
"block_name_": "ARG",
|
|
"block_type_": "resource",
|
|
"file_path_": "/Dockerfile.production",
|
|
"config_": {
|
|
"content": "ARG NEXT_PUBLIC_DASHBOARD_URL\n",
|
|
"value": "NEXT_PUBLIC_DASHBOARD_URL",
|
|
"__startline__": 13,
|
|
"__endline__": 13
|
|
},
|
|
"label_": "resource: ARG",
|
|
"id_": "ARG",
|
|
"source_": "Dockerfile",
|
|
"content": "ARG NEXT_PUBLIC_DASHBOARD_URL\n",
|
|
"value": "NEXT_PUBLIC_DASHBOARD_URL",
|
|
"__startline__": 13,
|
|
"__endline__": 13,
|
|
"resource_type": "ARG",
|
|
"hash": "4075db881e0d222faeb86e03db8a05d9a998deab344c05aee0e89d2426e01383"
|
|
},
|
|
"evaluated_keys": [
|
|
"value"
|
|
]
|
|
},
|
|
"code_block": [
|
|
[
|
|
14,
|
|
"ARG NEXT_PUBLIC_DASHBOARD_URL\n"
|
|
]
|
|
],
|
|
"file_path": "/Dockerfile.production",
|
|
"file_abs_path": "/scan/Dockerfile.production",
|
|
"repo_file_path": "/Dockerfile.production",
|
|
"file_line_range": [
|
|
14,
|
|
14
|
|
],
|
|
"resource": "/Dockerfile.production.ARG",
|
|
"evaluations": null,
|
|
"check_class": "checkov.common.graph.checks_infra.base_check",
|
|
"fixed_definition": null,
|
|
"entity_tags": null,
|
|
"caller_file_path": null,
|
|
"caller_file_line_range": null,
|
|
"resource_address": null,
|
|
"severity": null,
|
|
"bc_category": null,
|
|
"benchmarks": null,
|
|
"description": null,
|
|
"short_description": null,
|
|
"vulnerability_details": null,
|
|
"connected_node": null,
|
|
"guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-PYTHONHTTPSVERIFY-secure",
|
|
"details": [],
|
|
"check_len": null,
|
|
"definition_context_file_path": null
|
|
},
|
|
{
|
|
"check_id": "CKV2_DOCKER_5",
|
|
"bc_check_id": null,
|
|
"check_name": "Ensure that certificate validation isn't disabled with the PYTHONHTTPSVERIFY environment variable",
|
|
"check_result": {
|
|
"result": "PASSED",
|
|
"entity": {
|
|
"block_name_": "ARG",
|
|
"block_type_": "resource",
|
|
"file_path_": "/Dockerfile.production",
|
|
"config_": {
|
|
"content": "ARG NEXT_PUBLIC_ADMIN_URL\n",
|
|
"value": "NEXT_PUBLIC_ADMIN_URL",
|
|
"__startline__": 14,
|
|
"__endline__": 14
|
|
},
|
|
"label_": "resource: ARG",
|
|
"id_": "ARG",
|
|
"source_": "Dockerfile",
|
|
"content": "ARG NEXT_PUBLIC_ADMIN_URL\n",
|
|
"value": "NEXT_PUBLIC_ADMIN_URL",
|
|
"__startline__": 14,
|
|
"__endline__": 14,
|
|
"resource_type": "ARG",
|
|
"hash": "a4c9bf1c4e349946074fb4c606d0db63c06a809d125e58ddd09427e4d929fd6a"
|
|
},
|
|
"evaluated_keys": [
|
|
"value"
|
|
]
|
|
},
|
|
"code_block": [
|
|
[
|
|
15,
|
|
"ARG NEXT_PUBLIC_ADMIN_URL\n"
|
|
]
|
|
],
|
|
"file_path": "/Dockerfile.production",
|
|
"file_abs_path": "/scan/Dockerfile.production",
|
|
"repo_file_path": "/Dockerfile.production",
|
|
"file_line_range": [
|
|
15,
|
|
15
|
|
],
|
|
"resource": "/Dockerfile.production.ARG",
|
|
"evaluations": null,
|
|
"check_class": "checkov.common.graph.checks_infra.base_check",
|
|
"fixed_definition": null,
|
|
"entity_tags": null,
|
|
"caller_file_path": null,
|
|
"caller_file_line_range": null,
|
|
"resource_address": null,
|
|
"severity": null,
|
|
"bc_category": null,
|
|
"benchmarks": null,
|
|
"description": null,
|
|
"short_description": null,
|
|
"vulnerability_details": null,
|
|
"connected_node": null,
|
|
"guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-PYTHONHTTPSVERIFY-secure",
|
|
"details": [],
|
|
"check_len": null,
|
|
"definition_context_file_path": null
|
|
},
|
|
{
|
|
"check_id": "CKV2_DOCKER_5",
|
|
"bc_check_id": null,
|
|
"check_name": "Ensure that certificate validation isn't disabled with the PYTHONHTTPSVERIFY environment variable",
|
|
"check_result": {
|
|
"result": "PASSED",
|
|
"entity": {
|
|
"block_name_": "ENV",
|
|
"block_type_": "resource",
|
|
"file_path_": "/Dockerfile.production",
|
|
"config_": {
|
|
"content": "ENV NEXT_PUBLIC_API_URL=$NEXT_PUBLIC_API_URL \\\n NEXT_PUBLIC_MARKETPLACE_URL=$NEXT_PUBLIC_MARKETPLACE_URL \\\n NEXT_PUBLIC_DASHBOARD_URL=$NEXT_PUBLIC_DASHBOARD_URL \\\n NEXT_PUBLIC_ADMIN_URL=$NEXT_PUBLIC_ADMIN_URL\n",
|
|
"value": "NEXT_PUBLIC_API_URL=$NEXT_PUBLIC_API_URL NEXT_PUBLIC_MARKETPLACE_URL=$NEXT_PUBLIC_MARKETPLACE_URL NEXT_PUBLIC_DASHBOARD_URL=$NEXT_PUBLIC_DASHBOARD_URL NEXT_PUBLIC_ADMIN_URL=$NEXT_PUBLIC_ADMIN_URL",
|
|
"__startline__": 15,
|
|
"__endline__": 18
|
|
},
|
|
"label_": "resource: ENV",
|
|
"id_": "ENV",
|
|
"source_": "Dockerfile",
|
|
"content": "ENV NEXT_PUBLIC_API_URL=$NEXT_PUBLIC_API_URL \\\n NEXT_PUBLIC_MARKETPLACE_URL=$NEXT_PUBLIC_MARKETPLACE_URL \\\n NEXT_PUBLIC_DASHBOARD_URL=$NEXT_PUBLIC_DASHBOARD_URL \\\n NEXT_PUBLIC_ADMIN_URL=$NEXT_PUBLIC_ADMIN_URL\n",
|
|
"value": "NEXT_PUBLIC_API_URL=$NEXT_PUBLIC_API_URL NEXT_PUBLIC_MARKETPLACE_URL=$NEXT_PUBLIC_MARKETPLACE_URL NEXT_PUBLIC_DASHBOARD_URL=$NEXT_PUBLIC_DASHBOARD_URL NEXT_PUBLIC_ADMIN_URL=$NEXT_PUBLIC_ADMIN_URL",
|
|
"__startline__": 15,
|
|
"__endline__": 18,
|
|
"resource_type": "ENV",
|
|
"hash": "65abe3eb0aadfa3b1ed513b9e21f4f8c4524ec8c298e7123de46806870b90557"
|
|
},
|
|
"evaluated_keys": [
|
|
"value"
|
|
]
|
|
},
|
|
"code_block": [
|
|
[
|
|
16,
|
|
"ENV NEXT_PUBLIC_API_URL=$NEXT_PUBLIC_API_URL \\\n"
|
|
],
|
|
[
|
|
17,
|
|
" NEXT_PUBLIC_MARKETPLACE_URL=$NEXT_PUBLIC_MARKETPLACE_URL \\\n"
|
|
],
|
|
[
|
|
18,
|
|
" NEXT_PUBLIC_DASHBOARD_URL=$NEXT_PUBLIC_DASHBOARD_URL \\\n"
|
|
],
|
|
[
|
|
19,
|
|
" NEXT_PUBLIC_ADMIN_URL=$NEXT_PUBLIC_ADMIN_URL\n"
|
|
]
|
|
],
|
|
"file_path": "/Dockerfile.production",
|
|
"file_abs_path": "/scan/Dockerfile.production",
|
|
"repo_file_path": "/Dockerfile.production",
|
|
"file_line_range": [
|
|
16,
|
|
19
|
|
],
|
|
"resource": "/Dockerfile.production.ENV",
|
|
"evaluations": null,
|
|
"check_class": "checkov.common.graph.checks_infra.base_check",
|
|
"fixed_definition": null,
|
|
"entity_tags": null,
|
|
"caller_file_path": null,
|
|
"caller_file_line_range": null,
|
|
"resource_address": null,
|
|
"severity": null,
|
|
"bc_category": null,
|
|
"benchmarks": null,
|
|
"description": null,
|
|
"short_description": null,
|
|
"vulnerability_details": null,
|
|
"connected_node": null,
|
|
"guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-PYTHONHTTPSVERIFY-secure",
|
|
"details": [],
|
|
"check_len": null,
|
|
"definition_context_file_path": null
|
|
},
|
|
{
|
|
"check_id": "CKV2_DOCKER_5",
|
|
"bc_check_id": null,
|
|
"check_name": "Ensure that certificate validation isn't disabled with the PYTHONHTTPSVERIFY environment variable",
|
|
"check_result": {
|
|
"result": "PASSED",
|
|
"entity": {
|
|
"block_name_": "ENV",
|
|
"block_type_": "resource",
|
|
"file_path_": "/Dockerfile.production",
|
|
"config_": {
|
|
"content": "ENV NODE_ENV=production\n",
|
|
"value": "NODE_ENV=production",
|
|
"__startline__": 28,
|
|
"__endline__": 28
|
|
},
|
|
"label_": "resource: ENV",
|
|
"id_": "ENV",
|
|
"source_": "Dockerfile",
|
|
"content": "ENV NODE_ENV=production\n",
|
|
"value": "NODE_ENV=production",
|
|
"__startline__": 28,
|
|
"__endline__": 28,
|
|
"resource_type": "ENV",
|
|
"hash": "5a6afcff0e4c111b04ace6d372feb2943096034796456739be650482e87f3e0e"
|
|
},
|
|
"evaluated_keys": [
|
|
"value"
|
|
]
|
|
},
|
|
"code_block": [
|
|
[
|
|
29,
|
|
"ENV NODE_ENV=production\n"
|
|
]
|
|
],
|
|
"file_path": "/Dockerfile.production",
|
|
"file_abs_path": "/scan/Dockerfile.production",
|
|
"repo_file_path": "/Dockerfile.production",
|
|
"file_line_range": [
|
|
29,
|
|
29
|
|
],
|
|
"resource": "/Dockerfile.production.ENV",
|
|
"evaluations": null,
|
|
"check_class": "checkov.common.graph.checks_infra.base_check",
|
|
"fixed_definition": null,
|
|
"entity_tags": null,
|
|
"caller_file_path": null,
|
|
"caller_file_line_range": null,
|
|
"resource_address": null,
|
|
"severity": null,
|
|
"bc_category": null,
|
|
"benchmarks": null,
|
|
"description": null,
|
|
"short_description": null,
|
|
"vulnerability_details": null,
|
|
"connected_node": null,
|
|
"guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-PYTHONHTTPSVERIFY-secure",
|
|
"details": [],
|
|
"check_len": null,
|
|
"definition_context_file_path": null
|
|
},
|
|
{
|
|
"check_id": "CKV2_DOCKER_5",
|
|
"bc_check_id": null,
|
|
"check_name": "Ensure that certificate validation isn't disabled with the PYTHONHTTPSVERIFY environment variable",
|
|
"check_result": {
|
|
"result": "PASSED",
|
|
"entity": {
|
|
"block_name_": "RUN",
|
|
"block_type_": "resource",
|
|
"file_path_": "/Dockerfile.test",
|
|
"config_": {
|
|
"content": "RUN corepack enable && corepack prepare npm@10.5.0 --activate\n",
|
|
"value": "corepack enable && corepack prepare npm@10.5.0 --activate",
|
|
"__startline__": 4,
|
|
"__endline__": 4
|
|
},
|
|
"label_": "resource: RUN",
|
|
"id_": "RUN",
|
|
"source_": "Dockerfile",
|
|
"content": "RUN corepack enable && corepack prepare npm@10.5.0 --activate\n",
|
|
"value": "corepack enable && corepack prepare npm@10.5.0 --activate",
|
|
"__startline__": 4,
|
|
"__endline__": 4,
|
|
"resource_type": "RUN",
|
|
"hash": "1d5fb0a211498b8baf37e5744578ad03459da7798534298981f23fdefb7eb757"
|
|
},
|
|
"evaluated_keys": [
|
|
"value"
|
|
]
|
|
},
|
|
"code_block": [
|
|
[
|
|
5,
|
|
"RUN corepack enable && corepack prepare npm@10.5.0 --activate\n"
|
|
]
|
|
],
|
|
"file_path": "/Dockerfile.test",
|
|
"file_abs_path": "/scan/Dockerfile.test",
|
|
"repo_file_path": "/Dockerfile.test",
|
|
"file_line_range": [
|
|
5,
|
|
5
|
|
],
|
|
"resource": "/Dockerfile.test.RUN",
|
|
"evaluations": null,
|
|
"check_class": "checkov.common.graph.checks_infra.base_check",
|
|
"fixed_definition": null,
|
|
"entity_tags": null,
|
|
"caller_file_path": null,
|
|
"caller_file_line_range": null,
|
|
"resource_address": null,
|
|
"severity": null,
|
|
"bc_category": null,
|
|
"benchmarks": null,
|
|
"description": null,
|
|
"short_description": null,
|
|
"vulnerability_details": null,
|
|
"connected_node": null,
|
|
"guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-PYTHONHTTPSVERIFY-secure",
|
|
"details": [],
|
|
"check_len": null,
|
|
"definition_context_file_path": null
|
|
},
|
|
{
|
|
"check_id": "CKV2_DOCKER_5",
|
|
"bc_check_id": null,
|
|
"check_name": "Ensure that certificate validation isn't disabled with the PYTHONHTTPSVERIFY environment variable",
|
|
"check_result": {
|
|
"result": "PASSED",
|
|
"entity": {
|
|
"block_name_": "RUN",
|
|
"block_type_": "resource",
|
|
"file_path_": "/Dockerfile.test",
|
|
"config_": {
|
|
"content": "RUN npm install\n",
|
|
"value": "npm install",
|
|
"__startline__": 10,
|
|
"__endline__": 10
|
|
},
|
|
"label_": "resource: RUN",
|
|
"id_": "RUN",
|
|
"source_": "Dockerfile",
|
|
"content": "RUN npm install\n",
|
|
"value": "npm install",
|
|
"__startline__": 10,
|
|
"__endline__": 10,
|
|
"resource_type": "RUN",
|
|
"hash": "fb809e4860a3131df821aea9480445cc6e2f66dd52744dab5f3d2ef5b2848436"
|
|
},
|
|
"evaluated_keys": [
|
|
"value"
|
|
]
|
|
},
|
|
"code_block": [
|
|
[
|
|
11,
|
|
"RUN npm install\n"
|
|
]
|
|
],
|
|
"file_path": "/Dockerfile.test",
|
|
"file_abs_path": "/scan/Dockerfile.test",
|
|
"repo_file_path": "/Dockerfile.test",
|
|
"file_line_range": [
|
|
11,
|
|
11
|
|
],
|
|
"resource": "/Dockerfile.test.RUN",
|
|
"evaluations": null,
|
|
"check_class": "checkov.common.graph.checks_infra.base_check",
|
|
"fixed_definition": null,
|
|
"entity_tags": null,
|
|
"caller_file_path": null,
|
|
"caller_file_line_range": null,
|
|
"resource_address": null,
|
|
"severity": null,
|
|
"bc_category": null,
|
|
"benchmarks": null,
|
|
"description": null,
|
|
"short_description": null,
|
|
"vulnerability_details": null,
|
|
"connected_node": null,
|
|
"guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-PYTHONHTTPSVERIFY-secure",
|
|
"details": [],
|
|
"check_len": null,
|
|
"definition_context_file_path": null
|
|
},
|
|
{
|
|
"check_id": "CKV2_DOCKER_5",
|
|
"bc_check_id": null,
|
|
"check_name": "Ensure that certificate validation isn't disabled with the PYTHONHTTPSVERIFY environment variable",
|
|
"check_result": {
|
|
"result": "PASSED",
|
|
"entity": {
|
|
"block_name_": "ENV",
|
|
"block_type_": "resource",
|
|
"file_path_": "/Dockerfile.test",
|
|
"config_": {
|
|
"content": "ENV NODE_ENV=test\n",
|
|
"value": "NODE_ENV=test",
|
|
"__startline__": 12,
|
|
"__endline__": 12
|
|
},
|
|
"label_": "resource: ENV",
|
|
"id_": "ENV",
|
|
"source_": "Dockerfile",
|
|
"content": "ENV NODE_ENV=test\n",
|
|
"value": "NODE_ENV=test",
|
|
"__startline__": 12,
|
|
"__endline__": 12,
|
|
"resource_type": "ENV",
|
|
"hash": "14d83a642c69d4cf67fcdbeb6dace7ba464024fdcad52f8129d63c78042457cb"
|
|
},
|
|
"evaluated_keys": [
|
|
"value"
|
|
]
|
|
},
|
|
"code_block": [
|
|
[
|
|
13,
|
|
"ENV NODE_ENV=test\n"
|
|
]
|
|
],
|
|
"file_path": "/Dockerfile.test",
|
|
"file_abs_path": "/scan/Dockerfile.test",
|
|
"repo_file_path": "/Dockerfile.test",
|
|
"file_line_range": [
|
|
13,
|
|
13
|
|
],
|
|
"resource": "/Dockerfile.test.ENV",
|
|
"evaluations": null,
|
|
"check_class": "checkov.common.graph.checks_infra.base_check",
|
|
"fixed_definition": null,
|
|
"entity_tags": null,
|
|
"caller_file_path": null,
|
|
"caller_file_line_range": null,
|
|
"resource_address": null,
|
|
"severity": null,
|
|
"bc_category": null,
|
|
"benchmarks": null,
|
|
"description": null,
|
|
"short_description": null,
|
|
"vulnerability_details": null,
|
|
"connected_node": null,
|
|
"guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-PYTHONHTTPSVERIFY-secure",
|
|
"details": [],
|
|
"check_len": null,
|
|
"definition_context_file_path": null
|
|
},
|
|
{
|
|
"check_id": "CKV2_DOCKER_5",
|
|
"bc_check_id": null,
|
|
"check_name": "Ensure that certificate validation isn't disabled with the PYTHONHTTPSVERIFY environment variable",
|
|
"check_result": {
|
|
"result": "PASSED",
|
|
"entity": {
|
|
"block_name_": "RUN",
|
|
"block_type_": "resource",
|
|
"file_path_": "/Dockerfile.dev",
|
|
"config_": {
|
|
"content": "RUN npm install -g npm@10.5.0 --no-fund --no-audit\n",
|
|
"value": "npm install -g npm@10.5.0 --no-fund --no-audit",
|
|
"__startline__": 4,
|
|
"__endline__": 4
|
|
},
|
|
"label_": "resource: RUN",
|
|
"id_": "RUN",
|
|
"source_": "Dockerfile",
|
|
"content": "RUN npm install -g npm@10.5.0 --no-fund --no-audit\n",
|
|
"value": "npm install -g npm@10.5.0 --no-fund --no-audit",
|
|
"__startline__": 4,
|
|
"__endline__": 4,
|
|
"resource_type": "RUN",
|
|
"hash": "435bba968d1d0b4c410ea33851637829a16b2ad878f0b9531a737c7a444f91b9"
|
|
},
|
|
"evaluated_keys": [
|
|
"value"
|
|
]
|
|
},
|
|
"code_block": [
|
|
[
|
|
5,
|
|
"RUN npm install -g npm@10.5.0 --no-fund --no-audit\n"
|
|
]
|
|
],
|
|
"file_path": "/Dockerfile.dev",
|
|
"file_abs_path": "/scan/Dockerfile.dev",
|
|
"repo_file_path": "/Dockerfile.dev",
|
|
"file_line_range": [
|
|
5,
|
|
5
|
|
],
|
|
"resource": "/Dockerfile.dev.RUN",
|
|
"evaluations": null,
|
|
"check_class": "checkov.common.graph.checks_infra.base_check",
|
|
"fixed_definition": null,
|
|
"entity_tags": null,
|
|
"caller_file_path": null,
|
|
"caller_file_line_range": null,
|
|
"resource_address": null,
|
|
"severity": null,
|
|
"bc_category": null,
|
|
"benchmarks": null,
|
|
"description": null,
|
|
"short_description": null,
|
|
"vulnerability_details": null,
|
|
"connected_node": null,
|
|
"guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-PYTHONHTTPSVERIFY-secure",
|
|
"details": [],
|
|
"check_len": null,
|
|
"definition_context_file_path": null
|
|
},
|
|
{
|
|
"check_id": "CKV2_DOCKER_5",
|
|
"bc_check_id": null,
|
|
"check_name": "Ensure that certificate validation isn't disabled with the PYTHONHTTPSVERIFY environment variable",
|
|
"check_result": {
|
|
"result": "PASSED",
|
|
"entity": {
|
|
"block_name_": "RUN",
|
|
"block_type_": "resource",
|
|
"file_path_": "/Dockerfile.dev",
|
|
"config_": {
|
|
"content": "RUN npm ci --no-fund --no-audit\n",
|
|
"value": "npm ci --no-fund --no-audit",
|
|
"__startline__": 10,
|
|
"__endline__": 10
|
|
},
|
|
"label_": "resource: RUN",
|
|
"id_": "RUN",
|
|
"source_": "Dockerfile",
|
|
"content": "RUN npm ci --no-fund --no-audit\n",
|
|
"value": "npm ci --no-fund --no-audit",
|
|
"__startline__": 10,
|
|
"__endline__": 10,
|
|
"resource_type": "RUN",
|
|
"hash": "57abb1bbe03890ab19f47e5f96b9cbcee02aab65f6980d523df42faf41b709fa"
|
|
},
|
|
"evaluated_keys": [
|
|
"value"
|
|
]
|
|
},
|
|
"code_block": [
|
|
[
|
|
11,
|
|
"RUN npm ci --no-fund --no-audit\n"
|
|
]
|
|
],
|
|
"file_path": "/Dockerfile.dev",
|
|
"file_abs_path": "/scan/Dockerfile.dev",
|
|
"repo_file_path": "/Dockerfile.dev",
|
|
"file_line_range": [
|
|
11,
|
|
11
|
|
],
|
|
"resource": "/Dockerfile.dev.RUN",
|
|
"evaluations": null,
|
|
"check_class": "checkov.common.graph.checks_infra.base_check",
|
|
"fixed_definition": null,
|
|
"entity_tags": null,
|
|
"caller_file_path": null,
|
|
"caller_file_line_range": null,
|
|
"resource_address": null,
|
|
"severity": null,
|
|
"bc_category": null,
|
|
"benchmarks": null,
|
|
"description": null,
|
|
"short_description": null,
|
|
"vulnerability_details": null,
|
|
"connected_node": null,
|
|
"guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-PYTHONHTTPSVERIFY-secure",
|
|
"details": [],
|
|
"check_len": null,
|
|
"definition_context_file_path": null
|
|
},
|
|
{
|
|
"check_id": "CKV2_DOCKER_17",
|
|
"bc_check_id": null,
|
|
"check_name": "Ensure that 'chpasswd' is not used to set or remove passwords",
|
|
"check_result": {
|
|
"result": "PASSED",
|
|
"entity": {
|
|
"block_name_": "RUN",
|
|
"block_type_": "resource",
|
|
"file_path_": "/Dockerfile.production",
|
|
"config_": {
|
|
"content": "RUN corepack enable && corepack prepare npm@10.5.0 --activate\n",
|
|
"value": "corepack enable && corepack prepare npm@10.5.0 --activate",
|
|
"__startline__": 4,
|
|
"__endline__": 4
|
|
},
|
|
"label_": "resource: RUN",
|
|
"id_": "RUN",
|
|
"source_": "Dockerfile",
|
|
"content": "RUN corepack enable && corepack prepare npm@10.5.0 --activate\n",
|
|
"value": "corepack enable && corepack prepare npm@10.5.0 --activate",
|
|
"__startline__": 4,
|
|
"__endline__": 4,
|
|
"resource_type": "RUN",
|
|
"hash": "dbd32b6bad6b728919787011f82d60c50d7b2d1c079f814de2b1640696c98816"
|
|
},
|
|
"evaluated_keys": [
|
|
"value"
|
|
]
|
|
},
|
|
"code_block": [
|
|
[
|
|
5,
|
|
"RUN corepack enable && corepack prepare npm@10.5.0 --activate\n"
|
|
]
|
|
],
|
|
"file_path": "/Dockerfile.production",
|
|
"file_abs_path": "/scan/Dockerfile.production",
|
|
"repo_file_path": "/Dockerfile.production",
|
|
"file_line_range": [
|
|
5,
|
|
5
|
|
],
|
|
"resource": "/Dockerfile.production.RUN",
|
|
"evaluations": null,
|
|
"check_class": "checkov.common.graph.checks_infra.base_check",
|
|
"fixed_definition": null,
|
|
"entity_tags": null,
|
|
"caller_file_path": null,
|
|
"caller_file_line_range": null,
|
|
"resource_address": null,
|
|
"severity": null,
|
|
"bc_category": null,
|
|
"benchmarks": null,
|
|
"description": null,
|
|
"short_description": null,
|
|
"vulnerability_details": null,
|
|
"connected_node": null,
|
|
"guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/bc-docker-2-17",
|
|
"details": [],
|
|
"check_len": null,
|
|
"definition_context_file_path": null
|
|
},
|
|
{
|
|
"check_id": "CKV2_DOCKER_17",
|
|
"bc_check_id": null,
|
|
"check_name": "Ensure that 'chpasswd' is not used to set or remove passwords",
|
|
"check_result": {
|
|
"result": "PASSED",
|
|
"entity": {
|
|
"block_name_": "RUN",
|
|
"block_type_": "resource",
|
|
"file_path_": "/Dockerfile.production",
|
|
"config_": {
|
|
"content": "RUN npm install\n",
|
|
"value": "npm install",
|
|
"__startline__": 20,
|
|
"__endline__": 20
|
|
},
|
|
"label_": "resource: RUN",
|
|
"id_": "RUN",
|
|
"source_": "Dockerfile",
|
|
"content": "RUN npm install\n",
|
|
"value": "npm install",
|
|
"__startline__": 20,
|
|
"__endline__": 20,
|
|
"resource_type": "RUN",
|
|
"hash": "6979b14e6a853ac150ffef85c5e28fd49c956054ea2cb1d01440e13b17260c4a"
|
|
},
|
|
"evaluated_keys": [
|
|
"value"
|
|
]
|
|
},
|
|
"code_block": [
|
|
[
|
|
21,
|
|
"RUN npm install\n"
|
|
]
|
|
],
|
|
"file_path": "/Dockerfile.production",
|
|
"file_abs_path": "/scan/Dockerfile.production",
|
|
"repo_file_path": "/Dockerfile.production",
|
|
"file_line_range": [
|
|
21,
|
|
21
|
|
],
|
|
"resource": "/Dockerfile.production.RUN",
|
|
"evaluations": null,
|
|
"check_class": "checkov.common.graph.checks_infra.base_check",
|
|
"fixed_definition": null,
|
|
"entity_tags": null,
|
|
"caller_file_path": null,
|
|
"caller_file_line_range": null,
|
|
"resource_address": null,
|
|
"severity": null,
|
|
"bc_category": null,
|
|
"benchmarks": null,
|
|
"description": null,
|
|
"short_description": null,
|
|
"vulnerability_details": null,
|
|
"connected_node": null,
|
|
"guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/bc-docker-2-17",
|
|
"details": [],
|
|
"check_len": null,
|
|
"definition_context_file_path": null
|
|
},
|
|
{
|
|
"check_id": "CKV2_DOCKER_17",
|
|
"bc_check_id": null,
|
|
"check_name": "Ensure that 'chpasswd' is not used to set or remove passwords",
|
|
"check_result": {
|
|
"result": "PASSED",
|
|
"entity": {
|
|
"block_name_": "RUN",
|
|
"block_type_": "resource",
|
|
"file_path_": "/Dockerfile.production",
|
|
"config_": {
|
|
"content": "RUN npm run db:generate\n",
|
|
"value": "npm run db:generate",
|
|
"__startline__": 21,
|
|
"__endline__": 21
|
|
},
|
|
"label_": "resource: RUN",
|
|
"id_": "RUN",
|
|
"source_": "Dockerfile",
|
|
"content": "RUN npm run db:generate\n",
|
|
"value": "npm run db:generate",
|
|
"__startline__": 21,
|
|
"__endline__": 21,
|
|
"resource_type": "RUN",
|
|
"hash": "c1f9cc0c42260bb0183d7e7b9ec2edab99837111ad42dbbdd7fad09ff3e37ab0"
|
|
},
|
|
"evaluated_keys": [
|
|
"value"
|
|
]
|
|
},
|
|
"code_block": [
|
|
[
|
|
22,
|
|
"RUN npm run db:generate\n"
|
|
]
|
|
],
|
|
"file_path": "/Dockerfile.production",
|
|
"file_abs_path": "/scan/Dockerfile.production",
|
|
"repo_file_path": "/Dockerfile.production",
|
|
"file_line_range": [
|
|
22,
|
|
22
|
|
],
|
|
"resource": "/Dockerfile.production.RUN",
|
|
"evaluations": null,
|
|
"check_class": "checkov.common.graph.checks_infra.base_check",
|
|
"fixed_definition": null,
|
|
"entity_tags": null,
|
|
"caller_file_path": null,
|
|
"caller_file_line_range": null,
|
|
"resource_address": null,
|
|
"severity": null,
|
|
"bc_category": null,
|
|
"benchmarks": null,
|
|
"description": null,
|
|
"short_description": null,
|
|
"vulnerability_details": null,
|
|
"connected_node": null,
|
|
"guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/bc-docker-2-17",
|
|
"details": [],
|
|
"check_len": null,
|
|
"definition_context_file_path": null
|
|
},
|
|
{
|
|
"check_id": "CKV2_DOCKER_17",
|
|
"bc_check_id": null,
|
|
"check_name": "Ensure that 'chpasswd' is not used to set or remove passwords",
|
|
"check_result": {
|
|
"result": "PASSED",
|
|
"entity": {
|
|
"block_name_": "RUN",
|
|
"block_type_": "resource",
|
|
"file_path_": "/Dockerfile.production",
|
|
"config_": {
|
|
"content": "RUN npm run build\n",
|
|
"value": "npm run build",
|
|
"__startline__": 22,
|
|
"__endline__": 22
|
|
},
|
|
"label_": "resource: RUN",
|
|
"id_": "RUN",
|
|
"source_": "Dockerfile",
|
|
"content": "RUN npm run build\n",
|
|
"value": "npm run build",
|
|
"__startline__": 22,
|
|
"__endline__": 22,
|
|
"resource_type": "RUN",
|
|
"hash": "1bf185fb6038f1b491f2a2686de4dd9869ccdd9c3e34d2772cf43bd368377aa6"
|
|
},
|
|
"evaluated_keys": [
|
|
"value"
|
|
]
|
|
},
|
|
"code_block": [
|
|
[
|
|
23,
|
|
"RUN npm run build\n"
|
|
]
|
|
],
|
|
"file_path": "/Dockerfile.production",
|
|
"file_abs_path": "/scan/Dockerfile.production",
|
|
"repo_file_path": "/Dockerfile.production",
|
|
"file_line_range": [
|
|
23,
|
|
23
|
|
],
|
|
"resource": "/Dockerfile.production.RUN",
|
|
"evaluations": null,
|
|
"check_class": "checkov.common.graph.checks_infra.base_check",
|
|
"fixed_definition": null,
|
|
"entity_tags": null,
|
|
"caller_file_path": null,
|
|
"caller_file_line_range": null,
|
|
"resource_address": null,
|
|
"severity": null,
|
|
"bc_category": null,
|
|
"benchmarks": null,
|
|
"description": null,
|
|
"short_description": null,
|
|
"vulnerability_details": null,
|
|
"connected_node": null,
|
|
"guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/bc-docker-2-17",
|
|
"details": [],
|
|
"check_len": null,
|
|
"definition_context_file_path": null
|
|
},
|
|
{
|
|
"check_id": "CKV2_DOCKER_17",
|
|
"bc_check_id": null,
|
|
"check_name": "Ensure that 'chpasswd' is not used to set or remove passwords",
|
|
"check_result": {
|
|
"result": "PASSED",
|
|
"entity": {
|
|
"block_name_": "RUN",
|
|
"block_type_": "resource",
|
|
"file_path_": "/Dockerfile.production",
|
|
"config_": {
|
|
"content": "RUN corepack enable && corepack prepare npm@10.5.0 --activate\n",
|
|
"value": "corepack enable && corepack prepare npm@10.5.0 --activate",
|
|
"__startline__": 30,
|
|
"__endline__": 30
|
|
},
|
|
"label_": "resource: RUN",
|
|
"id_": "RUN",
|
|
"source_": "Dockerfile",
|
|
"content": "RUN corepack enable && corepack prepare npm@10.5.0 --activate\n",
|
|
"value": "corepack enable && corepack prepare npm@10.5.0 --activate",
|
|
"__startline__": 30,
|
|
"__endline__": 30,
|
|
"resource_type": "RUN",
|
|
"hash": "01c88e306f7db45ae7136e3bdb63c4b15978dd024f6ed18210961fc3db3df382"
|
|
},
|
|
"evaluated_keys": [
|
|
"value"
|
|
]
|
|
},
|
|
"code_block": [
|
|
[
|
|
31,
|
|
"RUN corepack enable && corepack prepare npm@10.5.0 --activate\n"
|
|
]
|
|
],
|
|
"file_path": "/Dockerfile.production",
|
|
"file_abs_path": "/scan/Dockerfile.production",
|
|
"repo_file_path": "/Dockerfile.production",
|
|
"file_line_range": [
|
|
31,
|
|
31
|
|
],
|
|
"resource": "/Dockerfile.production.RUN",
|
|
"evaluations": null,
|
|
"check_class": "checkov.common.graph.checks_infra.base_check",
|
|
"fixed_definition": null,
|
|
"entity_tags": null,
|
|
"caller_file_path": null,
|
|
"caller_file_line_range": null,
|
|
"resource_address": null,
|
|
"severity": null,
|
|
"bc_category": null,
|
|
"benchmarks": null,
|
|
"description": null,
|
|
"short_description": null,
|
|
"vulnerability_details": null,
|
|
"connected_node": null,
|
|
"guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/bc-docker-2-17",
|
|
"details": [],
|
|
"check_len": null,
|
|
"definition_context_file_path": null
|
|
},
|
|
{
|
|
"check_id": "CKV2_DOCKER_17",
|
|
"bc_check_id": null,
|
|
"check_name": "Ensure that 'chpasswd' is not used to set or remove passwords",
|
|
"check_result": {
|
|
"result": "PASSED",
|
|
"entity": {
|
|
"block_name_": "RUN",
|
|
"block_type_": "resource",
|
|
"file_path_": "/Dockerfile.test",
|
|
"config_": {
|
|
"content": "RUN corepack enable && corepack prepare npm@10.5.0 --activate\n",
|
|
"value": "corepack enable && corepack prepare npm@10.5.0 --activate",
|
|
"__startline__": 4,
|
|
"__endline__": 4
|
|
},
|
|
"label_": "resource: RUN",
|
|
"id_": "RUN",
|
|
"source_": "Dockerfile",
|
|
"content": "RUN corepack enable && corepack prepare npm@10.5.0 --activate\n",
|
|
"value": "corepack enable && corepack prepare npm@10.5.0 --activate",
|
|
"__startline__": 4,
|
|
"__endline__": 4,
|
|
"resource_type": "RUN",
|
|
"hash": "1d5fb0a211498b8baf37e5744578ad03459da7798534298981f23fdefb7eb757"
|
|
},
|
|
"evaluated_keys": [
|
|
"value"
|
|
]
|
|
},
|
|
"code_block": [
|
|
[
|
|
5,
|
|
"RUN corepack enable && corepack prepare npm@10.5.0 --activate\n"
|
|
]
|
|
],
|
|
"file_path": "/Dockerfile.test",
|
|
"file_abs_path": "/scan/Dockerfile.test",
|
|
"repo_file_path": "/Dockerfile.test",
|
|
"file_line_range": [
|
|
5,
|
|
5
|
|
],
|
|
"resource": "/Dockerfile.test.RUN",
|
|
"evaluations": null,
|
|
"check_class": "checkov.common.graph.checks_infra.base_check",
|
|
"fixed_definition": null,
|
|
"entity_tags": null,
|
|
"caller_file_path": null,
|
|
"caller_file_line_range": null,
|
|
"resource_address": null,
|
|
"severity": null,
|
|
"bc_category": null,
|
|
"benchmarks": null,
|
|
"description": null,
|
|
"short_description": null,
|
|
"vulnerability_details": null,
|
|
"connected_node": null,
|
|
"guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/bc-docker-2-17",
|
|
"details": [],
|
|
"check_len": null,
|
|
"definition_context_file_path": null
|
|
},
|
|
{
|
|
"check_id": "CKV2_DOCKER_17",
|
|
"bc_check_id": null,
|
|
"check_name": "Ensure that 'chpasswd' is not used to set or remove passwords",
|
|
"check_result": {
|
|
"result": "PASSED",
|
|
"entity": {
|
|
"block_name_": "RUN",
|
|
"block_type_": "resource",
|
|
"file_path_": "/Dockerfile.test",
|
|
"config_": {
|
|
"content": "RUN npm install\n",
|
|
"value": "npm install",
|
|
"__startline__": 10,
|
|
"__endline__": 10
|
|
},
|
|
"label_": "resource: RUN",
|
|
"id_": "RUN",
|
|
"source_": "Dockerfile",
|
|
"content": "RUN npm install\n",
|
|
"value": "npm install",
|
|
"__startline__": 10,
|
|
"__endline__": 10,
|
|
"resource_type": "RUN",
|
|
"hash": "fb809e4860a3131df821aea9480445cc6e2f66dd52744dab5f3d2ef5b2848436"
|
|
},
|
|
"evaluated_keys": [
|
|
"value"
|
|
]
|
|
},
|
|
"code_block": [
|
|
[
|
|
11,
|
|
"RUN npm install\n"
|
|
]
|
|
],
|
|
"file_path": "/Dockerfile.test",
|
|
"file_abs_path": "/scan/Dockerfile.test",
|
|
"repo_file_path": "/Dockerfile.test",
|
|
"file_line_range": [
|
|
11,
|
|
11
|
|
],
|
|
"resource": "/Dockerfile.test.RUN",
|
|
"evaluations": null,
|
|
"check_class": "checkov.common.graph.checks_infra.base_check",
|
|
"fixed_definition": null,
|
|
"entity_tags": null,
|
|
"caller_file_path": null,
|
|
"caller_file_line_range": null,
|
|
"resource_address": null,
|
|
"severity": null,
|
|
"bc_category": null,
|
|
"benchmarks": null,
|
|
"description": null,
|
|
"short_description": null,
|
|
"vulnerability_details": null,
|
|
"connected_node": null,
|
|
"guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/bc-docker-2-17",
|
|
"details": [],
|
|
"check_len": null,
|
|
"definition_context_file_path": null
|
|
},
|
|
{
|
|
"check_id": "CKV2_DOCKER_17",
|
|
"bc_check_id": null,
|
|
"check_name": "Ensure that 'chpasswd' is not used to set or remove passwords",
|
|
"check_result": {
|
|
"result": "PASSED",
|
|
"entity": {
|
|
"block_name_": "RUN",
|
|
"block_type_": "resource",
|
|
"file_path_": "/Dockerfile.dev",
|
|
"config_": {
|
|
"content": "RUN npm install -g npm@10.5.0 --no-fund --no-audit\n",
|
|
"value": "npm install -g npm@10.5.0 --no-fund --no-audit",
|
|
"__startline__": 4,
|
|
"__endline__": 4
|
|
},
|
|
"label_": "resource: RUN",
|
|
"id_": "RUN",
|
|
"source_": "Dockerfile",
|
|
"content": "RUN npm install -g npm@10.5.0 --no-fund --no-audit\n",
|
|
"value": "npm install -g npm@10.5.0 --no-fund --no-audit",
|
|
"__startline__": 4,
|
|
"__endline__": 4,
|
|
"resource_type": "RUN",
|
|
"hash": "435bba968d1d0b4c410ea33851637829a16b2ad878f0b9531a737c7a444f91b9"
|
|
},
|
|
"evaluated_keys": [
|
|
"value"
|
|
]
|
|
},
|
|
"code_block": [
|
|
[
|
|
5,
|
|
"RUN npm install -g npm@10.5.0 --no-fund --no-audit\n"
|
|
]
|
|
],
|
|
"file_path": "/Dockerfile.dev",
|
|
"file_abs_path": "/scan/Dockerfile.dev",
|
|
"repo_file_path": "/Dockerfile.dev",
|
|
"file_line_range": [
|
|
5,
|
|
5
|
|
],
|
|
"resource": "/Dockerfile.dev.RUN",
|
|
"evaluations": null,
|
|
"check_class": "checkov.common.graph.checks_infra.base_check",
|
|
"fixed_definition": null,
|
|
"entity_tags": null,
|
|
"caller_file_path": null,
|
|
"caller_file_line_range": null,
|
|
"resource_address": null,
|
|
"severity": null,
|
|
"bc_category": null,
|
|
"benchmarks": null,
|
|
"description": null,
|
|
"short_description": null,
|
|
"vulnerability_details": null,
|
|
"connected_node": null,
|
|
"guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/bc-docker-2-17",
|
|
"details": [],
|
|
"check_len": null,
|
|
"definition_context_file_path": null
|
|
},
|
|
{
|
|
"check_id": "CKV2_DOCKER_17",
|
|
"bc_check_id": null,
|
|
"check_name": "Ensure that 'chpasswd' is not used to set or remove passwords",
|
|
"check_result": {
|
|
"result": "PASSED",
|
|
"entity": {
|
|
"block_name_": "RUN",
|
|
"block_type_": "resource",
|
|
"file_path_": "/Dockerfile.dev",
|
|
"config_": {
|
|
"content": "RUN npm ci --no-fund --no-audit\n",
|
|
"value": "npm ci --no-fund --no-audit",
|
|
"__startline__": 10,
|
|
"__endline__": 10
|
|
},
|
|
"label_": "resource: RUN",
|
|
"id_": "RUN",
|
|
"source_": "Dockerfile",
|
|
"content": "RUN npm ci --no-fund --no-audit\n",
|
|
"value": "npm ci --no-fund --no-audit",
|
|
"__startline__": 10,
|
|
"__endline__": 10,
|
|
"resource_type": "RUN",
|
|
"hash": "57abb1bbe03890ab19f47e5f96b9cbcee02aab65f6980d523df42faf41b709fa"
|
|
},
|
|
"evaluated_keys": [
|
|
"value"
|
|
]
|
|
},
|
|
"code_block": [
|
|
[
|
|
11,
|
|
"RUN npm ci --no-fund --no-audit\n"
|
|
]
|
|
],
|
|
"file_path": "/Dockerfile.dev",
|
|
"file_abs_path": "/scan/Dockerfile.dev",
|
|
"repo_file_path": "/Dockerfile.dev",
|
|
"file_line_range": [
|
|
11,
|
|
11
|
|
],
|
|
"resource": "/Dockerfile.dev.RUN",
|
|
"evaluations": null,
|
|
"check_class": "checkov.common.graph.checks_infra.base_check",
|
|
"fixed_definition": null,
|
|
"entity_tags": null,
|
|
"caller_file_path": null,
|
|
"caller_file_line_range": null,
|
|
"resource_address": null,
|
|
"severity": null,
|
|
"bc_category": null,
|
|
"benchmarks": null,
|
|
"description": null,
|
|
"short_description": null,
|
|
"vulnerability_details": null,
|
|
"connected_node": null,
|
|
"guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/bc-docker-2-17",
|
|
"details": [],
|
|
"check_len": null,
|
|
"definition_context_file_path": null
|
|
},
|
|
{
|
|
"check_id": "CKV2_DOCKER_12",
|
|
"bc_check_id": null,
|
|
"check_name": "Ensure that certificate validation isn't disabled for npm via the 'NPM_CONFIG_STRICT_SSL' environment variable",
|
|
"check_result": {
|
|
"result": "PASSED",
|
|
"entity": {
|
|
"block_name_": "RUN",
|
|
"block_type_": "resource",
|
|
"file_path_": "/Dockerfile.production",
|
|
"config_": {
|
|
"content": "RUN corepack enable && corepack prepare npm@10.5.0 --activate\n",
|
|
"value": "corepack enable && corepack prepare npm@10.5.0 --activate",
|
|
"__startline__": 4,
|
|
"__endline__": 4
|
|
},
|
|
"label_": "resource: RUN",
|
|
"id_": "RUN",
|
|
"source_": "Dockerfile",
|
|
"content": "RUN corepack enable && corepack prepare npm@10.5.0 --activate\n",
|
|
"value": "corepack enable && corepack prepare npm@10.5.0 --activate",
|
|
"__startline__": 4,
|
|
"__endline__": 4,
|
|
"resource_type": "RUN",
|
|
"hash": "dbd32b6bad6b728919787011f82d60c50d7b2d1c079f814de2b1640696c98816"
|
|
},
|
|
"evaluated_keys": [
|
|
"value"
|
|
]
|
|
},
|
|
"code_block": [
|
|
[
|
|
5,
|
|
"RUN corepack enable && corepack prepare npm@10.5.0 --activate\n"
|
|
]
|
|
],
|
|
"file_path": "/Dockerfile.production",
|
|
"file_abs_path": "/scan/Dockerfile.production",
|
|
"repo_file_path": "/Dockerfile.production",
|
|
"file_line_range": [
|
|
5,
|
|
5
|
|
],
|
|
"resource": "/Dockerfile.production.RUN",
|
|
"evaluations": null,
|
|
"check_class": "checkov.common.graph.checks_infra.base_check",
|
|
"fixed_definition": null,
|
|
"entity_tags": null,
|
|
"caller_file_path": null,
|
|
"caller_file_line_range": null,
|
|
"resource_address": null,
|
|
"severity": null,
|
|
"bc_category": null,
|
|
"benchmarks": null,
|
|
"description": null,
|
|
"short_description": null,
|
|
"vulnerability_details": null,
|
|
"connected_node": null,
|
|
"guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-npm-strict-ssl",
|
|
"details": [],
|
|
"check_len": null,
|
|
"definition_context_file_path": null
|
|
},
|
|
{
|
|
"check_id": "CKV2_DOCKER_12",
|
|
"bc_check_id": null,
|
|
"check_name": "Ensure that certificate validation isn't disabled for npm via the 'NPM_CONFIG_STRICT_SSL' environment variable",
|
|
"check_result": {
|
|
"result": "PASSED",
|
|
"entity": {
|
|
"block_name_": "RUN",
|
|
"block_type_": "resource",
|
|
"file_path_": "/Dockerfile.production",
|
|
"config_": {
|
|
"content": "RUN npm install\n",
|
|
"value": "npm install",
|
|
"__startline__": 20,
|
|
"__endline__": 20
|
|
},
|
|
"label_": "resource: RUN",
|
|
"id_": "RUN",
|
|
"source_": "Dockerfile",
|
|
"content": "RUN npm install\n",
|
|
"value": "npm install",
|
|
"__startline__": 20,
|
|
"__endline__": 20,
|
|
"resource_type": "RUN",
|
|
"hash": "6979b14e6a853ac150ffef85c5e28fd49c956054ea2cb1d01440e13b17260c4a"
|
|
},
|
|
"evaluated_keys": [
|
|
"value"
|
|
]
|
|
},
|
|
"code_block": [
|
|
[
|
|
21,
|
|
"RUN npm install\n"
|
|
]
|
|
],
|
|
"file_path": "/Dockerfile.production",
|
|
"file_abs_path": "/scan/Dockerfile.production",
|
|
"repo_file_path": "/Dockerfile.production",
|
|
"file_line_range": [
|
|
21,
|
|
21
|
|
],
|
|
"resource": "/Dockerfile.production.RUN",
|
|
"evaluations": null,
|
|
"check_class": "checkov.common.graph.checks_infra.base_check",
|
|
"fixed_definition": null,
|
|
"entity_tags": null,
|
|
"caller_file_path": null,
|
|
"caller_file_line_range": null,
|
|
"resource_address": null,
|
|
"severity": null,
|
|
"bc_category": null,
|
|
"benchmarks": null,
|
|
"description": null,
|
|
"short_description": null,
|
|
"vulnerability_details": null,
|
|
"connected_node": null,
|
|
"guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-npm-strict-ssl",
|
|
"details": [],
|
|
"check_len": null,
|
|
"definition_context_file_path": null
|
|
},
|
|
{
|
|
"check_id": "CKV2_DOCKER_12",
|
|
"bc_check_id": null,
|
|
"check_name": "Ensure that certificate validation isn't disabled for npm via the 'NPM_CONFIG_STRICT_SSL' environment variable",
|
|
"check_result": {
|
|
"result": "PASSED",
|
|
"entity": {
|
|
"block_name_": "RUN",
|
|
"block_type_": "resource",
|
|
"file_path_": "/Dockerfile.production",
|
|
"config_": {
|
|
"content": "RUN npm run db:generate\n",
|
|
"value": "npm run db:generate",
|
|
"__startline__": 21,
|
|
"__endline__": 21
|
|
},
|
|
"label_": "resource: RUN",
|
|
"id_": "RUN",
|
|
"source_": "Dockerfile",
|
|
"content": "RUN npm run db:generate\n",
|
|
"value": "npm run db:generate",
|
|
"__startline__": 21,
|
|
"__endline__": 21,
|
|
"resource_type": "RUN",
|
|
"hash": "c1f9cc0c42260bb0183d7e7b9ec2edab99837111ad42dbbdd7fad09ff3e37ab0"
|
|
},
|
|
"evaluated_keys": [
|
|
"value"
|
|
]
|
|
},
|
|
"code_block": [
|
|
[
|
|
22,
|
|
"RUN npm run db:generate\n"
|
|
]
|
|
],
|
|
"file_path": "/Dockerfile.production",
|
|
"file_abs_path": "/scan/Dockerfile.production",
|
|
"repo_file_path": "/Dockerfile.production",
|
|
"file_line_range": [
|
|
22,
|
|
22
|
|
],
|
|
"resource": "/Dockerfile.production.RUN",
|
|
"evaluations": null,
|
|
"check_class": "checkov.common.graph.checks_infra.base_check",
|
|
"fixed_definition": null,
|
|
"entity_tags": null,
|
|
"caller_file_path": null,
|
|
"caller_file_line_range": null,
|
|
"resource_address": null,
|
|
"severity": null,
|
|
"bc_category": null,
|
|
"benchmarks": null,
|
|
"description": null,
|
|
"short_description": null,
|
|
"vulnerability_details": null,
|
|
"connected_node": null,
|
|
"guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-npm-strict-ssl",
|
|
"details": [],
|
|
"check_len": null,
|
|
"definition_context_file_path": null
|
|
},
|
|
{
|
|
"check_id": "CKV2_DOCKER_12",
|
|
"bc_check_id": null,
|
|
"check_name": "Ensure that certificate validation isn't disabled for npm via the 'NPM_CONFIG_STRICT_SSL' environment variable",
|
|
"check_result": {
|
|
"result": "PASSED",
|
|
"entity": {
|
|
"block_name_": "RUN",
|
|
"block_type_": "resource",
|
|
"file_path_": "/Dockerfile.production",
|
|
"config_": {
|
|
"content": "RUN npm run build\n",
|
|
"value": "npm run build",
|
|
"__startline__": 22,
|
|
"__endline__": 22
|
|
},
|
|
"label_": "resource: RUN",
|
|
"id_": "RUN",
|
|
"source_": "Dockerfile",
|
|
"content": "RUN npm run build\n",
|
|
"value": "npm run build",
|
|
"__startline__": 22,
|
|
"__endline__": 22,
|
|
"resource_type": "RUN",
|
|
"hash": "1bf185fb6038f1b491f2a2686de4dd9869ccdd9c3e34d2772cf43bd368377aa6"
|
|
},
|
|
"evaluated_keys": [
|
|
"value"
|
|
]
|
|
},
|
|
"code_block": [
|
|
[
|
|
23,
|
|
"RUN npm run build\n"
|
|
]
|
|
],
|
|
"file_path": "/Dockerfile.production",
|
|
"file_abs_path": "/scan/Dockerfile.production",
|
|
"repo_file_path": "/Dockerfile.production",
|
|
"file_line_range": [
|
|
23,
|
|
23
|
|
],
|
|
"resource": "/Dockerfile.production.RUN",
|
|
"evaluations": null,
|
|
"check_class": "checkov.common.graph.checks_infra.base_check",
|
|
"fixed_definition": null,
|
|
"entity_tags": null,
|
|
"caller_file_path": null,
|
|
"caller_file_line_range": null,
|
|
"resource_address": null,
|
|
"severity": null,
|
|
"bc_category": null,
|
|
"benchmarks": null,
|
|
"description": null,
|
|
"short_description": null,
|
|
"vulnerability_details": null,
|
|
"connected_node": null,
|
|
"guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-npm-strict-ssl",
|
|
"details": [],
|
|
"check_len": null,
|
|
"definition_context_file_path": null
|
|
},
|
|
{
|
|
"check_id": "CKV2_DOCKER_12",
|
|
"bc_check_id": null,
|
|
"check_name": "Ensure that certificate validation isn't disabled for npm via the 'NPM_CONFIG_STRICT_SSL' environment variable",
|
|
"check_result": {
|
|
"result": "PASSED",
|
|
"entity": {
|
|
"block_name_": "RUN",
|
|
"block_type_": "resource",
|
|
"file_path_": "/Dockerfile.production",
|
|
"config_": {
|
|
"content": "RUN corepack enable && corepack prepare npm@10.5.0 --activate\n",
|
|
"value": "corepack enable && corepack prepare npm@10.5.0 --activate",
|
|
"__startline__": 30,
|
|
"__endline__": 30
|
|
},
|
|
"label_": "resource: RUN",
|
|
"id_": "RUN",
|
|
"source_": "Dockerfile",
|
|
"content": "RUN corepack enable && corepack prepare npm@10.5.0 --activate\n",
|
|
"value": "corepack enable && corepack prepare npm@10.5.0 --activate",
|
|
"__startline__": 30,
|
|
"__endline__": 30,
|
|
"resource_type": "RUN",
|
|
"hash": "01c88e306f7db45ae7136e3bdb63c4b15978dd024f6ed18210961fc3db3df382"
|
|
},
|
|
"evaluated_keys": [
|
|
"value"
|
|
]
|
|
},
|
|
"code_block": [
|
|
[
|
|
31,
|
|
"RUN corepack enable && corepack prepare npm@10.5.0 --activate\n"
|
|
]
|
|
],
|
|
"file_path": "/Dockerfile.production",
|
|
"file_abs_path": "/scan/Dockerfile.production",
|
|
"repo_file_path": "/Dockerfile.production",
|
|
"file_line_range": [
|
|
31,
|
|
31
|
|
],
|
|
"resource": "/Dockerfile.production.RUN",
|
|
"evaluations": null,
|
|
"check_class": "checkov.common.graph.checks_infra.base_check",
|
|
"fixed_definition": null,
|
|
"entity_tags": null,
|
|
"caller_file_path": null,
|
|
"caller_file_line_range": null,
|
|
"resource_address": null,
|
|
"severity": null,
|
|
"bc_category": null,
|
|
"benchmarks": null,
|
|
"description": null,
|
|
"short_description": null,
|
|
"vulnerability_details": null,
|
|
"connected_node": null,
|
|
"guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-npm-strict-ssl",
|
|
"details": [],
|
|
"check_len": null,
|
|
"definition_context_file_path": null
|
|
},
|
|
{
|
|
"check_id": "CKV2_DOCKER_12",
|
|
"bc_check_id": null,
|
|
"check_name": "Ensure that certificate validation isn't disabled for npm via the 'NPM_CONFIG_STRICT_SSL' environment variable",
|
|
"check_result": {
|
|
"result": "PASSED",
|
|
"entity": {
|
|
"block_name_": "ARG",
|
|
"block_type_": "resource",
|
|
"file_path_": "/Dockerfile.production",
|
|
"config_": {
|
|
"content": "ARG NEXT_PUBLIC_API_URL\n",
|
|
"value": "NEXT_PUBLIC_API_URL",
|
|
"__startline__": 11,
|
|
"__endline__": 11
|
|
},
|
|
"label_": "resource: ARG",
|
|
"id_": "ARG",
|
|
"source_": "Dockerfile",
|
|
"content": "ARG NEXT_PUBLIC_API_URL\n",
|
|
"value": "NEXT_PUBLIC_API_URL",
|
|
"__startline__": 11,
|
|
"__endline__": 11,
|
|
"resource_type": "ARG",
|
|
"hash": "fded00a21c81cd45d8985324636a2acafc73bef594a45811ca0d68265da3f9dc"
|
|
},
|
|
"evaluated_keys": [
|
|
"value"
|
|
]
|
|
},
|
|
"code_block": [
|
|
[
|
|
12,
|
|
"ARG NEXT_PUBLIC_API_URL\n"
|
|
]
|
|
],
|
|
"file_path": "/Dockerfile.production",
|
|
"file_abs_path": "/scan/Dockerfile.production",
|
|
"repo_file_path": "/Dockerfile.production",
|
|
"file_line_range": [
|
|
12,
|
|
12
|
|
],
|
|
"resource": "/Dockerfile.production.ARG",
|
|
"evaluations": null,
|
|
"check_class": "checkov.common.graph.checks_infra.base_check",
|
|
"fixed_definition": null,
|
|
"entity_tags": null,
|
|
"caller_file_path": null,
|
|
"caller_file_line_range": null,
|
|
"resource_address": null,
|
|
"severity": null,
|
|
"bc_category": null,
|
|
"benchmarks": null,
|
|
"description": null,
|
|
"short_description": null,
|
|
"vulnerability_details": null,
|
|
"connected_node": null,
|
|
"guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-npm-strict-ssl",
|
|
"details": [],
|
|
"check_len": null,
|
|
"definition_context_file_path": null
|
|
},
|
|
{
|
|
"check_id": "CKV2_DOCKER_12",
|
|
"bc_check_id": null,
|
|
"check_name": "Ensure that certificate validation isn't disabled for npm via the 'NPM_CONFIG_STRICT_SSL' environment variable",
|
|
"check_result": {
|
|
"result": "PASSED",
|
|
"entity": {
|
|
"block_name_": "ARG",
|
|
"block_type_": "resource",
|
|
"file_path_": "/Dockerfile.production",
|
|
"config_": {
|
|
"content": "ARG NEXT_PUBLIC_MARKETPLACE_URL\n",
|
|
"value": "NEXT_PUBLIC_MARKETPLACE_URL",
|
|
"__startline__": 12,
|
|
"__endline__": 12
|
|
},
|
|
"label_": "resource: ARG",
|
|
"id_": "ARG",
|
|
"source_": "Dockerfile",
|
|
"content": "ARG NEXT_PUBLIC_MARKETPLACE_URL\n",
|
|
"value": "NEXT_PUBLIC_MARKETPLACE_URL",
|
|
"__startline__": 12,
|
|
"__endline__": 12,
|
|
"resource_type": "ARG",
|
|
"hash": "11d98758a432fc03021573afe4df769dc34ff0a4aec966f558b5e00c71c6cf3b"
|
|
},
|
|
"evaluated_keys": [
|
|
"value"
|
|
]
|
|
},
|
|
"code_block": [
|
|
[
|
|
13,
|
|
"ARG NEXT_PUBLIC_MARKETPLACE_URL\n"
|
|
]
|
|
],
|
|
"file_path": "/Dockerfile.production",
|
|
"file_abs_path": "/scan/Dockerfile.production",
|
|
"repo_file_path": "/Dockerfile.production",
|
|
"file_line_range": [
|
|
13,
|
|
13
|
|
],
|
|
"resource": "/Dockerfile.production.ARG",
|
|
"evaluations": null,
|
|
"check_class": "checkov.common.graph.checks_infra.base_check",
|
|
"fixed_definition": null,
|
|
"entity_tags": null,
|
|
"caller_file_path": null,
|
|
"caller_file_line_range": null,
|
|
"resource_address": null,
|
|
"severity": null,
|
|
"bc_category": null,
|
|
"benchmarks": null,
|
|
"description": null,
|
|
"short_description": null,
|
|
"vulnerability_details": null,
|
|
"connected_node": null,
|
|
"guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-npm-strict-ssl",
|
|
"details": [],
|
|
"check_len": null,
|
|
"definition_context_file_path": null
|
|
},
|
|
{
|
|
"check_id": "CKV2_DOCKER_12",
|
|
"bc_check_id": null,
|
|
"check_name": "Ensure that certificate validation isn't disabled for npm via the 'NPM_CONFIG_STRICT_SSL' environment variable",
|
|
"check_result": {
|
|
"result": "PASSED",
|
|
"entity": {
|
|
"block_name_": "ARG",
|
|
"block_type_": "resource",
|
|
"file_path_": "/Dockerfile.production",
|
|
"config_": {
|
|
"content": "ARG NEXT_PUBLIC_DASHBOARD_URL\n",
|
|
"value": "NEXT_PUBLIC_DASHBOARD_URL",
|
|
"__startline__": 13,
|
|
"__endline__": 13
|
|
},
|
|
"label_": "resource: ARG",
|
|
"id_": "ARG",
|
|
"source_": "Dockerfile",
|
|
"content": "ARG NEXT_PUBLIC_DASHBOARD_URL\n",
|
|
"value": "NEXT_PUBLIC_DASHBOARD_URL",
|
|
"__startline__": 13,
|
|
"__endline__": 13,
|
|
"resource_type": "ARG",
|
|
"hash": "4075db881e0d222faeb86e03db8a05d9a998deab344c05aee0e89d2426e01383"
|
|
},
|
|
"evaluated_keys": [
|
|
"value"
|
|
]
|
|
},
|
|
"code_block": [
|
|
[
|
|
14,
|
|
"ARG NEXT_PUBLIC_DASHBOARD_URL\n"
|
|
]
|
|
],
|
|
"file_path": "/Dockerfile.production",
|
|
"file_abs_path": "/scan/Dockerfile.production",
|
|
"repo_file_path": "/Dockerfile.production",
|
|
"file_line_range": [
|
|
14,
|
|
14
|
|
],
|
|
"resource": "/Dockerfile.production.ARG",
|
|
"evaluations": null,
|
|
"check_class": "checkov.common.graph.checks_infra.base_check",
|
|
"fixed_definition": null,
|
|
"entity_tags": null,
|
|
"caller_file_path": null,
|
|
"caller_file_line_range": null,
|
|
"resource_address": null,
|
|
"severity": null,
|
|
"bc_category": null,
|
|
"benchmarks": null,
|
|
"description": null,
|
|
"short_description": null,
|
|
"vulnerability_details": null,
|
|
"connected_node": null,
|
|
"guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-npm-strict-ssl",
|
|
"details": [],
|
|
"check_len": null,
|
|
"definition_context_file_path": null
|
|
},
|
|
{
|
|
"check_id": "CKV2_DOCKER_12",
|
|
"bc_check_id": null,
|
|
"check_name": "Ensure that certificate validation isn't disabled for npm via the 'NPM_CONFIG_STRICT_SSL' environment variable",
|
|
"check_result": {
|
|
"result": "PASSED",
|
|
"entity": {
|
|
"block_name_": "ARG",
|
|
"block_type_": "resource",
|
|
"file_path_": "/Dockerfile.production",
|
|
"config_": {
|
|
"content": "ARG NEXT_PUBLIC_ADMIN_URL\n",
|
|
"value": "NEXT_PUBLIC_ADMIN_URL",
|
|
"__startline__": 14,
|
|
"__endline__": 14
|
|
},
|
|
"label_": "resource: ARG",
|
|
"id_": "ARG",
|
|
"source_": "Dockerfile",
|
|
"content": "ARG NEXT_PUBLIC_ADMIN_URL\n",
|
|
"value": "NEXT_PUBLIC_ADMIN_URL",
|
|
"__startline__": 14,
|
|
"__endline__": 14,
|
|
"resource_type": "ARG",
|
|
"hash": "a4c9bf1c4e349946074fb4c606d0db63c06a809d125e58ddd09427e4d929fd6a"
|
|
},
|
|
"evaluated_keys": [
|
|
"value"
|
|
]
|
|
},
|
|
"code_block": [
|
|
[
|
|
15,
|
|
"ARG NEXT_PUBLIC_ADMIN_URL\n"
|
|
]
|
|
],
|
|
"file_path": "/Dockerfile.production",
|
|
"file_abs_path": "/scan/Dockerfile.production",
|
|
"repo_file_path": "/Dockerfile.production",
|
|
"file_line_range": [
|
|
15,
|
|
15
|
|
],
|
|
"resource": "/Dockerfile.production.ARG",
|
|
"evaluations": null,
|
|
"check_class": "checkov.common.graph.checks_infra.base_check",
|
|
"fixed_definition": null,
|
|
"entity_tags": null,
|
|
"caller_file_path": null,
|
|
"caller_file_line_range": null,
|
|
"resource_address": null,
|
|
"severity": null,
|
|
"bc_category": null,
|
|
"benchmarks": null,
|
|
"description": null,
|
|
"short_description": null,
|
|
"vulnerability_details": null,
|
|
"connected_node": null,
|
|
"guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-npm-strict-ssl",
|
|
"details": [],
|
|
"check_len": null,
|
|
"definition_context_file_path": null
|
|
},
|
|
{
|
|
"check_id": "CKV2_DOCKER_12",
|
|
"bc_check_id": null,
|
|
"check_name": "Ensure that certificate validation isn't disabled for npm via the 'NPM_CONFIG_STRICT_SSL' environment variable",
|
|
"check_result": {
|
|
"result": "PASSED",
|
|
"entity": {
|
|
"block_name_": "ENV",
|
|
"block_type_": "resource",
|
|
"file_path_": "/Dockerfile.production",
|
|
"config_": {
|
|
"content": "ENV NEXT_PUBLIC_API_URL=$NEXT_PUBLIC_API_URL \\\n NEXT_PUBLIC_MARKETPLACE_URL=$NEXT_PUBLIC_MARKETPLACE_URL \\\n NEXT_PUBLIC_DASHBOARD_URL=$NEXT_PUBLIC_DASHBOARD_URL \\\n NEXT_PUBLIC_ADMIN_URL=$NEXT_PUBLIC_ADMIN_URL\n",
|
|
"value": "NEXT_PUBLIC_API_URL=$NEXT_PUBLIC_API_URL NEXT_PUBLIC_MARKETPLACE_URL=$NEXT_PUBLIC_MARKETPLACE_URL NEXT_PUBLIC_DASHBOARD_URL=$NEXT_PUBLIC_DASHBOARD_URL NEXT_PUBLIC_ADMIN_URL=$NEXT_PUBLIC_ADMIN_URL",
|
|
"__startline__": 15,
|
|
"__endline__": 18
|
|
},
|
|
"label_": "resource: ENV",
|
|
"id_": "ENV",
|
|
"source_": "Dockerfile",
|
|
"content": "ENV NEXT_PUBLIC_API_URL=$NEXT_PUBLIC_API_URL \\\n NEXT_PUBLIC_MARKETPLACE_URL=$NEXT_PUBLIC_MARKETPLACE_URL \\\n NEXT_PUBLIC_DASHBOARD_URL=$NEXT_PUBLIC_DASHBOARD_URL \\\n NEXT_PUBLIC_ADMIN_URL=$NEXT_PUBLIC_ADMIN_URL\n",
|
|
"value": "NEXT_PUBLIC_API_URL=$NEXT_PUBLIC_API_URL NEXT_PUBLIC_MARKETPLACE_URL=$NEXT_PUBLIC_MARKETPLACE_URL NEXT_PUBLIC_DASHBOARD_URL=$NEXT_PUBLIC_DASHBOARD_URL NEXT_PUBLIC_ADMIN_URL=$NEXT_PUBLIC_ADMIN_URL",
|
|
"__startline__": 15,
|
|
"__endline__": 18,
|
|
"resource_type": "ENV",
|
|
"hash": "65abe3eb0aadfa3b1ed513b9e21f4f8c4524ec8c298e7123de46806870b90557"
|
|
},
|
|
"evaluated_keys": [
|
|
"value"
|
|
]
|
|
},
|
|
"code_block": [
|
|
[
|
|
16,
|
|
"ENV NEXT_PUBLIC_API_URL=$NEXT_PUBLIC_API_URL \\\n"
|
|
],
|
|
[
|
|
17,
|
|
" NEXT_PUBLIC_MARKETPLACE_URL=$NEXT_PUBLIC_MARKETPLACE_URL \\\n"
|
|
],
|
|
[
|
|
18,
|
|
" NEXT_PUBLIC_DASHBOARD_URL=$NEXT_PUBLIC_DASHBOARD_URL \\\n"
|
|
],
|
|
[
|
|
19,
|
|
" NEXT_PUBLIC_ADMIN_URL=$NEXT_PUBLIC_ADMIN_URL\n"
|
|
]
|
|
],
|
|
"file_path": "/Dockerfile.production",
|
|
"file_abs_path": "/scan/Dockerfile.production",
|
|
"repo_file_path": "/Dockerfile.production",
|
|
"file_line_range": [
|
|
16,
|
|
19
|
|
],
|
|
"resource": "/Dockerfile.production.ENV",
|
|
"evaluations": null,
|
|
"check_class": "checkov.common.graph.checks_infra.base_check",
|
|
"fixed_definition": null,
|
|
"entity_tags": null,
|
|
"caller_file_path": null,
|
|
"caller_file_line_range": null,
|
|
"resource_address": null,
|
|
"severity": null,
|
|
"bc_category": null,
|
|
"benchmarks": null,
|
|
"description": null,
|
|
"short_description": null,
|
|
"vulnerability_details": null,
|
|
"connected_node": null,
|
|
"guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-npm-strict-ssl",
|
|
"details": [],
|
|
"check_len": null,
|
|
"definition_context_file_path": null
|
|
},
|
|
{
|
|
"check_id": "CKV2_DOCKER_12",
|
|
"bc_check_id": null,
|
|
"check_name": "Ensure that certificate validation isn't disabled for npm via the 'NPM_CONFIG_STRICT_SSL' environment variable",
|
|
"check_result": {
|
|
"result": "PASSED",
|
|
"entity": {
|
|
"block_name_": "ENV",
|
|
"block_type_": "resource",
|
|
"file_path_": "/Dockerfile.production",
|
|
"config_": {
|
|
"content": "ENV NODE_ENV=production\n",
|
|
"value": "NODE_ENV=production",
|
|
"__startline__": 28,
|
|
"__endline__": 28
|
|
},
|
|
"label_": "resource: ENV",
|
|
"id_": "ENV",
|
|
"source_": "Dockerfile",
|
|
"content": "ENV NODE_ENV=production\n",
|
|
"value": "NODE_ENV=production",
|
|
"__startline__": 28,
|
|
"__endline__": 28,
|
|
"resource_type": "ENV",
|
|
"hash": "5a6afcff0e4c111b04ace6d372feb2943096034796456739be650482e87f3e0e"
|
|
},
|
|
"evaluated_keys": [
|
|
"value"
|
|
]
|
|
},
|
|
"code_block": [
|
|
[
|
|
29,
|
|
"ENV NODE_ENV=production\n"
|
|
]
|
|
],
|
|
"file_path": "/Dockerfile.production",
|
|
"file_abs_path": "/scan/Dockerfile.production",
|
|
"repo_file_path": "/Dockerfile.production",
|
|
"file_line_range": [
|
|
29,
|
|
29
|
|
],
|
|
"resource": "/Dockerfile.production.ENV",
|
|
"evaluations": null,
|
|
"check_class": "checkov.common.graph.checks_infra.base_check",
|
|
"fixed_definition": null,
|
|
"entity_tags": null,
|
|
"caller_file_path": null,
|
|
"caller_file_line_range": null,
|
|
"resource_address": null,
|
|
"severity": null,
|
|
"bc_category": null,
|
|
"benchmarks": null,
|
|
"description": null,
|
|
"short_description": null,
|
|
"vulnerability_details": null,
|
|
"connected_node": null,
|
|
"guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-npm-strict-ssl",
|
|
"details": [],
|
|
"check_len": null,
|
|
"definition_context_file_path": null
|
|
},
|
|
{
|
|
"check_id": "CKV2_DOCKER_12",
|
|
"bc_check_id": null,
|
|
"check_name": "Ensure that certificate validation isn't disabled for npm via the 'NPM_CONFIG_STRICT_SSL' environment variable",
|
|
"check_result": {
|
|
"result": "PASSED",
|
|
"entity": {
|
|
"block_name_": "RUN",
|
|
"block_type_": "resource",
|
|
"file_path_": "/Dockerfile.test",
|
|
"config_": {
|
|
"content": "RUN corepack enable && corepack prepare npm@10.5.0 --activate\n",
|
|
"value": "corepack enable && corepack prepare npm@10.5.0 --activate",
|
|
"__startline__": 4,
|
|
"__endline__": 4
|
|
},
|
|
"label_": "resource: RUN",
|
|
"id_": "RUN",
|
|
"source_": "Dockerfile",
|
|
"content": "RUN corepack enable && corepack prepare npm@10.5.0 --activate\n",
|
|
"value": "corepack enable && corepack prepare npm@10.5.0 --activate",
|
|
"__startline__": 4,
|
|
"__endline__": 4,
|
|
"resource_type": "RUN",
|
|
"hash": "1d5fb0a211498b8baf37e5744578ad03459da7798534298981f23fdefb7eb757"
|
|
},
|
|
"evaluated_keys": [
|
|
"value"
|
|
]
|
|
},
|
|
"code_block": [
|
|
[
|
|
5,
|
|
"RUN corepack enable && corepack prepare npm@10.5.0 --activate\n"
|
|
]
|
|
],
|
|
"file_path": "/Dockerfile.test",
|
|
"file_abs_path": "/scan/Dockerfile.test",
|
|
"repo_file_path": "/Dockerfile.test",
|
|
"file_line_range": [
|
|
5,
|
|
5
|
|
],
|
|
"resource": "/Dockerfile.test.RUN",
|
|
"evaluations": null,
|
|
"check_class": "checkov.common.graph.checks_infra.base_check",
|
|
"fixed_definition": null,
|
|
"entity_tags": null,
|
|
"caller_file_path": null,
|
|
"caller_file_line_range": null,
|
|
"resource_address": null,
|
|
"severity": null,
|
|
"bc_category": null,
|
|
"benchmarks": null,
|
|
"description": null,
|
|
"short_description": null,
|
|
"vulnerability_details": null,
|
|
"connected_node": null,
|
|
"guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-npm-strict-ssl",
|
|
"details": [],
|
|
"check_len": null,
|
|
"definition_context_file_path": null
|
|
},
|
|
{
|
|
"check_id": "CKV2_DOCKER_12",
|
|
"bc_check_id": null,
|
|
"check_name": "Ensure that certificate validation isn't disabled for npm via the 'NPM_CONFIG_STRICT_SSL' environment variable",
|
|
"check_result": {
|
|
"result": "PASSED",
|
|
"entity": {
|
|
"block_name_": "RUN",
|
|
"block_type_": "resource",
|
|
"file_path_": "/Dockerfile.test",
|
|
"config_": {
|
|
"content": "RUN npm install\n",
|
|
"value": "npm install",
|
|
"__startline__": 10,
|
|
"__endline__": 10
|
|
},
|
|
"label_": "resource: RUN",
|
|
"id_": "RUN",
|
|
"source_": "Dockerfile",
|
|
"content": "RUN npm install\n",
|
|
"value": "npm install",
|
|
"__startline__": 10,
|
|
"__endline__": 10,
|
|
"resource_type": "RUN",
|
|
"hash": "fb809e4860a3131df821aea9480445cc6e2f66dd52744dab5f3d2ef5b2848436"
|
|
},
|
|
"evaluated_keys": [
|
|
"value"
|
|
]
|
|
},
|
|
"code_block": [
|
|
[
|
|
11,
|
|
"RUN npm install\n"
|
|
]
|
|
],
|
|
"file_path": "/Dockerfile.test",
|
|
"file_abs_path": "/scan/Dockerfile.test",
|
|
"repo_file_path": "/Dockerfile.test",
|
|
"file_line_range": [
|
|
11,
|
|
11
|
|
],
|
|
"resource": "/Dockerfile.test.RUN",
|
|
"evaluations": null,
|
|
"check_class": "checkov.common.graph.checks_infra.base_check",
|
|
"fixed_definition": null,
|
|
"entity_tags": null,
|
|
"caller_file_path": null,
|
|
"caller_file_line_range": null,
|
|
"resource_address": null,
|
|
"severity": null,
|
|
"bc_category": null,
|
|
"benchmarks": null,
|
|
"description": null,
|
|
"short_description": null,
|
|
"vulnerability_details": null,
|
|
"connected_node": null,
|
|
"guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-npm-strict-ssl",
|
|
"details": [],
|
|
"check_len": null,
|
|
"definition_context_file_path": null
|
|
},
|
|
{
|
|
"check_id": "CKV2_DOCKER_12",
|
|
"bc_check_id": null,
|
|
"check_name": "Ensure that certificate validation isn't disabled for npm via the 'NPM_CONFIG_STRICT_SSL' environment variable",
|
|
"check_result": {
|
|
"result": "PASSED",
|
|
"entity": {
|
|
"block_name_": "ENV",
|
|
"block_type_": "resource",
|
|
"file_path_": "/Dockerfile.test",
|
|
"config_": {
|
|
"content": "ENV NODE_ENV=test\n",
|
|
"value": "NODE_ENV=test",
|
|
"__startline__": 12,
|
|
"__endline__": 12
|
|
},
|
|
"label_": "resource: ENV",
|
|
"id_": "ENV",
|
|
"source_": "Dockerfile",
|
|
"content": "ENV NODE_ENV=test\n",
|
|
"value": "NODE_ENV=test",
|
|
"__startline__": 12,
|
|
"__endline__": 12,
|
|
"resource_type": "ENV",
|
|
"hash": "14d83a642c69d4cf67fcdbeb6dace7ba464024fdcad52f8129d63c78042457cb"
|
|
},
|
|
"evaluated_keys": [
|
|
"value"
|
|
]
|
|
},
|
|
"code_block": [
|
|
[
|
|
13,
|
|
"ENV NODE_ENV=test\n"
|
|
]
|
|
],
|
|
"file_path": "/Dockerfile.test",
|
|
"file_abs_path": "/scan/Dockerfile.test",
|
|
"repo_file_path": "/Dockerfile.test",
|
|
"file_line_range": [
|
|
13,
|
|
13
|
|
],
|
|
"resource": "/Dockerfile.test.ENV",
|
|
"evaluations": null,
|
|
"check_class": "checkov.common.graph.checks_infra.base_check",
|
|
"fixed_definition": null,
|
|
"entity_tags": null,
|
|
"caller_file_path": null,
|
|
"caller_file_line_range": null,
|
|
"resource_address": null,
|
|
"severity": null,
|
|
"bc_category": null,
|
|
"benchmarks": null,
|
|
"description": null,
|
|
"short_description": null,
|
|
"vulnerability_details": null,
|
|
"connected_node": null,
|
|
"guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-npm-strict-ssl",
|
|
"details": [],
|
|
"check_len": null,
|
|
"definition_context_file_path": null
|
|
},
|
|
{
|
|
"check_id": "CKV2_DOCKER_12",
|
|
"bc_check_id": null,
|
|
"check_name": "Ensure that certificate validation isn't disabled for npm via the 'NPM_CONFIG_STRICT_SSL' environment variable",
|
|
"check_result": {
|
|
"result": "PASSED",
|
|
"entity": {
|
|
"block_name_": "RUN",
|
|
"block_type_": "resource",
|
|
"file_path_": "/Dockerfile.dev",
|
|
"config_": {
|
|
"content": "RUN npm install -g npm@10.5.0 --no-fund --no-audit\n",
|
|
"value": "npm install -g npm@10.5.0 --no-fund --no-audit",
|
|
"__startline__": 4,
|
|
"__endline__": 4
|
|
},
|
|
"label_": "resource: RUN",
|
|
"id_": "RUN",
|
|
"source_": "Dockerfile",
|
|
"content": "RUN npm install -g npm@10.5.0 --no-fund --no-audit\n",
|
|
"value": "npm install -g npm@10.5.0 --no-fund --no-audit",
|
|
"__startline__": 4,
|
|
"__endline__": 4,
|
|
"resource_type": "RUN",
|
|
"hash": "435bba968d1d0b4c410ea33851637829a16b2ad878f0b9531a737c7a444f91b9"
|
|
},
|
|
"evaluated_keys": [
|
|
"value"
|
|
]
|
|
},
|
|
"code_block": [
|
|
[
|
|
5,
|
|
"RUN npm install -g npm@10.5.0 --no-fund --no-audit\n"
|
|
]
|
|
],
|
|
"file_path": "/Dockerfile.dev",
|
|
"file_abs_path": "/scan/Dockerfile.dev",
|
|
"repo_file_path": "/Dockerfile.dev",
|
|
"file_line_range": [
|
|
5,
|
|
5
|
|
],
|
|
"resource": "/Dockerfile.dev.RUN",
|
|
"evaluations": null,
|
|
"check_class": "checkov.common.graph.checks_infra.base_check",
|
|
"fixed_definition": null,
|
|
"entity_tags": null,
|
|
"caller_file_path": null,
|
|
"caller_file_line_range": null,
|
|
"resource_address": null,
|
|
"severity": null,
|
|
"bc_category": null,
|
|
"benchmarks": null,
|
|
"description": null,
|
|
"short_description": null,
|
|
"vulnerability_details": null,
|
|
"connected_node": null,
|
|
"guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-npm-strict-ssl",
|
|
"details": [],
|
|
"check_len": null,
|
|
"definition_context_file_path": null
|
|
},
|
|
{
|
|
"check_id": "CKV2_DOCKER_12",
|
|
"bc_check_id": null,
|
|
"check_name": "Ensure that certificate validation isn't disabled for npm via the 'NPM_CONFIG_STRICT_SSL' environment variable",
|
|
"check_result": {
|
|
"result": "PASSED",
|
|
"entity": {
|
|
"block_name_": "RUN",
|
|
"block_type_": "resource",
|
|
"file_path_": "/Dockerfile.dev",
|
|
"config_": {
|
|
"content": "RUN npm ci --no-fund --no-audit\n",
|
|
"value": "npm ci --no-fund --no-audit",
|
|
"__startline__": 10,
|
|
"__endline__": 10
|
|
},
|
|
"label_": "resource: RUN",
|
|
"id_": "RUN",
|
|
"source_": "Dockerfile",
|
|
"content": "RUN npm ci --no-fund --no-audit\n",
|
|
"value": "npm ci --no-fund --no-audit",
|
|
"__startline__": 10,
|
|
"__endline__": 10,
|
|
"resource_type": "RUN",
|
|
"hash": "57abb1bbe03890ab19f47e5f96b9cbcee02aab65f6980d523df42faf41b709fa"
|
|
},
|
|
"evaluated_keys": [
|
|
"value"
|
|
]
|
|
},
|
|
"code_block": [
|
|
[
|
|
11,
|
|
"RUN npm ci --no-fund --no-audit\n"
|
|
]
|
|
],
|
|
"file_path": "/Dockerfile.dev",
|
|
"file_abs_path": "/scan/Dockerfile.dev",
|
|
"repo_file_path": "/Dockerfile.dev",
|
|
"file_line_range": [
|
|
11,
|
|
11
|
|
],
|
|
"resource": "/Dockerfile.dev.RUN",
|
|
"evaluations": null,
|
|
"check_class": "checkov.common.graph.checks_infra.base_check",
|
|
"fixed_definition": null,
|
|
"entity_tags": null,
|
|
"caller_file_path": null,
|
|
"caller_file_line_range": null,
|
|
"resource_address": null,
|
|
"severity": null,
|
|
"bc_category": null,
|
|
"benchmarks": null,
|
|
"description": null,
|
|
"short_description": null,
|
|
"vulnerability_details": null,
|
|
"connected_node": null,
|
|
"guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-npm-strict-ssl",
|
|
"details": [],
|
|
"check_len": null,
|
|
"definition_context_file_path": null
|
|
},
|
|
{
|
|
"check_id": "CKV2_DOCKER_14",
|
|
"bc_check_id": null,
|
|
"check_name": "Ensure that certificate validation isn't disabled for git by setting the environment variable 'GIT_SSL_NO_VERIFY' to any value",
|
|
"check_result": {
|
|
"result": "PASSED",
|
|
"entity": {
|
|
"block_name_": "RUN",
|
|
"block_type_": "resource",
|
|
"file_path_": "/Dockerfile.production",
|
|
"config_": {
|
|
"content": "RUN corepack enable && corepack prepare npm@10.5.0 --activate\n",
|
|
"value": "corepack enable && corepack prepare npm@10.5.0 --activate",
|
|
"__startline__": 4,
|
|
"__endline__": 4
|
|
},
|
|
"label_": "resource: RUN",
|
|
"id_": "RUN",
|
|
"source_": "Dockerfile",
|
|
"content": "RUN corepack enable && corepack prepare npm@10.5.0 --activate\n",
|
|
"value": "corepack enable && corepack prepare npm@10.5.0 --activate",
|
|
"__startline__": 4,
|
|
"__endline__": 4,
|
|
"resource_type": "RUN",
|
|
"hash": "dbd32b6bad6b728919787011f82d60c50d7b2d1c079f814de2b1640696c98816"
|
|
},
|
|
"evaluated_keys": [
|
|
"value"
|
|
]
|
|
},
|
|
"code_block": [
|
|
[
|
|
5,
|
|
"RUN corepack enable && corepack prepare npm@10.5.0 --activate\n"
|
|
]
|
|
],
|
|
"file_path": "/Dockerfile.production",
|
|
"file_abs_path": "/scan/Dockerfile.production",
|
|
"repo_file_path": "/Dockerfile.production",
|
|
"file_line_range": [
|
|
5,
|
|
5
|
|
],
|
|
"resource": "/Dockerfile.production.RUN",
|
|
"evaluations": null,
|
|
"check_class": "checkov.common.graph.checks_infra.base_check",
|
|
"fixed_definition": null,
|
|
"entity_tags": null,
|
|
"caller_file_path": null,
|
|
"caller_file_line_range": null,
|
|
"resource_address": null,
|
|
"severity": null,
|
|
"bc_category": null,
|
|
"benchmarks": null,
|
|
"description": null,
|
|
"short_description": null,
|
|
"vulnerability_details": null,
|
|
"connected_node": null,
|
|
"guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-git-ssl",
|
|
"details": [],
|
|
"check_len": null,
|
|
"definition_context_file_path": null
|
|
},
|
|
{
|
|
"check_id": "CKV2_DOCKER_14",
|
|
"bc_check_id": null,
|
|
"check_name": "Ensure that certificate validation isn't disabled for git by setting the environment variable 'GIT_SSL_NO_VERIFY' to any value",
|
|
"check_result": {
|
|
"result": "PASSED",
|
|
"entity": {
|
|
"block_name_": "RUN",
|
|
"block_type_": "resource",
|
|
"file_path_": "/Dockerfile.production",
|
|
"config_": {
|
|
"content": "RUN npm install\n",
|
|
"value": "npm install",
|
|
"__startline__": 20,
|
|
"__endline__": 20
|
|
},
|
|
"label_": "resource: RUN",
|
|
"id_": "RUN",
|
|
"source_": "Dockerfile",
|
|
"content": "RUN npm install\n",
|
|
"value": "npm install",
|
|
"__startline__": 20,
|
|
"__endline__": 20,
|
|
"resource_type": "RUN",
|
|
"hash": "6979b14e6a853ac150ffef85c5e28fd49c956054ea2cb1d01440e13b17260c4a"
|
|
},
|
|
"evaluated_keys": [
|
|
"value"
|
|
]
|
|
},
|
|
"code_block": [
|
|
[
|
|
21,
|
|
"RUN npm install\n"
|
|
]
|
|
],
|
|
"file_path": "/Dockerfile.production",
|
|
"file_abs_path": "/scan/Dockerfile.production",
|
|
"repo_file_path": "/Dockerfile.production",
|
|
"file_line_range": [
|
|
21,
|
|
21
|
|
],
|
|
"resource": "/Dockerfile.production.RUN",
|
|
"evaluations": null,
|
|
"check_class": "checkov.common.graph.checks_infra.base_check",
|
|
"fixed_definition": null,
|
|
"entity_tags": null,
|
|
"caller_file_path": null,
|
|
"caller_file_line_range": null,
|
|
"resource_address": null,
|
|
"severity": null,
|
|
"bc_category": null,
|
|
"benchmarks": null,
|
|
"description": null,
|
|
"short_description": null,
|
|
"vulnerability_details": null,
|
|
"connected_node": null,
|
|
"guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-git-ssl",
|
|
"details": [],
|
|
"check_len": null,
|
|
"definition_context_file_path": null
|
|
},
|
|
{
|
|
"check_id": "CKV2_DOCKER_14",
|
|
"bc_check_id": null,
|
|
"check_name": "Ensure that certificate validation isn't disabled for git by setting the environment variable 'GIT_SSL_NO_VERIFY' to any value",
|
|
"check_result": {
|
|
"result": "PASSED",
|
|
"entity": {
|
|
"block_name_": "RUN",
|
|
"block_type_": "resource",
|
|
"file_path_": "/Dockerfile.production",
|
|
"config_": {
|
|
"content": "RUN npm run db:generate\n",
|
|
"value": "npm run db:generate",
|
|
"__startline__": 21,
|
|
"__endline__": 21
|
|
},
|
|
"label_": "resource: RUN",
|
|
"id_": "RUN",
|
|
"source_": "Dockerfile",
|
|
"content": "RUN npm run db:generate\n",
|
|
"value": "npm run db:generate",
|
|
"__startline__": 21,
|
|
"__endline__": 21,
|
|
"resource_type": "RUN",
|
|
"hash": "c1f9cc0c42260bb0183d7e7b9ec2edab99837111ad42dbbdd7fad09ff3e37ab0"
|
|
},
|
|
"evaluated_keys": [
|
|
"value"
|
|
]
|
|
},
|
|
"code_block": [
|
|
[
|
|
22,
|
|
"RUN npm run db:generate\n"
|
|
]
|
|
],
|
|
"file_path": "/Dockerfile.production",
|
|
"file_abs_path": "/scan/Dockerfile.production",
|
|
"repo_file_path": "/Dockerfile.production",
|
|
"file_line_range": [
|
|
22,
|
|
22
|
|
],
|
|
"resource": "/Dockerfile.production.RUN",
|
|
"evaluations": null,
|
|
"check_class": "checkov.common.graph.checks_infra.base_check",
|
|
"fixed_definition": null,
|
|
"entity_tags": null,
|
|
"caller_file_path": null,
|
|
"caller_file_line_range": null,
|
|
"resource_address": null,
|
|
"severity": null,
|
|
"bc_category": null,
|
|
"benchmarks": null,
|
|
"description": null,
|
|
"short_description": null,
|
|
"vulnerability_details": null,
|
|
"connected_node": null,
|
|
"guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-git-ssl",
|
|
"details": [],
|
|
"check_len": null,
|
|
"definition_context_file_path": null
|
|
},
|
|
{
|
|
"check_id": "CKV2_DOCKER_14",
|
|
"bc_check_id": null,
|
|
"check_name": "Ensure that certificate validation isn't disabled for git by setting the environment variable 'GIT_SSL_NO_VERIFY' to any value",
|
|
"check_result": {
|
|
"result": "PASSED",
|
|
"entity": {
|
|
"block_name_": "RUN",
|
|
"block_type_": "resource",
|
|
"file_path_": "/Dockerfile.production",
|
|
"config_": {
|
|
"content": "RUN npm run build\n",
|
|
"value": "npm run build",
|
|
"__startline__": 22,
|
|
"__endline__": 22
|
|
},
|
|
"label_": "resource: RUN",
|
|
"id_": "RUN",
|
|
"source_": "Dockerfile",
|
|
"content": "RUN npm run build\n",
|
|
"value": "npm run build",
|
|
"__startline__": 22,
|
|
"__endline__": 22,
|
|
"resource_type": "RUN",
|
|
"hash": "1bf185fb6038f1b491f2a2686de4dd9869ccdd9c3e34d2772cf43bd368377aa6"
|
|
},
|
|
"evaluated_keys": [
|
|
"value"
|
|
]
|
|
},
|
|
"code_block": [
|
|
[
|
|
23,
|
|
"RUN npm run build\n"
|
|
]
|
|
],
|
|
"file_path": "/Dockerfile.production",
|
|
"file_abs_path": "/scan/Dockerfile.production",
|
|
"repo_file_path": "/Dockerfile.production",
|
|
"file_line_range": [
|
|
23,
|
|
23
|
|
],
|
|
"resource": "/Dockerfile.production.RUN",
|
|
"evaluations": null,
|
|
"check_class": "checkov.common.graph.checks_infra.base_check",
|
|
"fixed_definition": null,
|
|
"entity_tags": null,
|
|
"caller_file_path": null,
|
|
"caller_file_line_range": null,
|
|
"resource_address": null,
|
|
"severity": null,
|
|
"bc_category": null,
|
|
"benchmarks": null,
|
|
"description": null,
|
|
"short_description": null,
|
|
"vulnerability_details": null,
|
|
"connected_node": null,
|
|
"guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-git-ssl",
|
|
"details": [],
|
|
"check_len": null,
|
|
"definition_context_file_path": null
|
|
},
|
|
{
|
|
"check_id": "CKV2_DOCKER_14",
|
|
"bc_check_id": null,
|
|
"check_name": "Ensure that certificate validation isn't disabled for git by setting the environment variable 'GIT_SSL_NO_VERIFY' to any value",
|
|
"check_result": {
|
|
"result": "PASSED",
|
|
"entity": {
|
|
"block_name_": "RUN",
|
|
"block_type_": "resource",
|
|
"file_path_": "/Dockerfile.production",
|
|
"config_": {
|
|
"content": "RUN corepack enable && corepack prepare npm@10.5.0 --activate\n",
|
|
"value": "corepack enable && corepack prepare npm@10.5.0 --activate",
|
|
"__startline__": 30,
|
|
"__endline__": 30
|
|
},
|
|
"label_": "resource: RUN",
|
|
"id_": "RUN",
|
|
"source_": "Dockerfile",
|
|
"content": "RUN corepack enable && corepack prepare npm@10.5.0 --activate\n",
|
|
"value": "corepack enable && corepack prepare npm@10.5.0 --activate",
|
|
"__startline__": 30,
|
|
"__endline__": 30,
|
|
"resource_type": "RUN",
|
|
"hash": "01c88e306f7db45ae7136e3bdb63c4b15978dd024f6ed18210961fc3db3df382"
|
|
},
|
|
"evaluated_keys": [
|
|
"value"
|
|
]
|
|
},
|
|
"code_block": [
|
|
[
|
|
31,
|
|
"RUN corepack enable && corepack prepare npm@10.5.0 --activate\n"
|
|
]
|
|
],
|
|
"file_path": "/Dockerfile.production",
|
|
"file_abs_path": "/scan/Dockerfile.production",
|
|
"repo_file_path": "/Dockerfile.production",
|
|
"file_line_range": [
|
|
31,
|
|
31
|
|
],
|
|
"resource": "/Dockerfile.production.RUN",
|
|
"evaluations": null,
|
|
"check_class": "checkov.common.graph.checks_infra.base_check",
|
|
"fixed_definition": null,
|
|
"entity_tags": null,
|
|
"caller_file_path": null,
|
|
"caller_file_line_range": null,
|
|
"resource_address": null,
|
|
"severity": null,
|
|
"bc_category": null,
|
|
"benchmarks": null,
|
|
"description": null,
|
|
"short_description": null,
|
|
"vulnerability_details": null,
|
|
"connected_node": null,
|
|
"guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-git-ssl",
|
|
"details": [],
|
|
"check_len": null,
|
|
"definition_context_file_path": null
|
|
},
|
|
{
|
|
"check_id": "CKV2_DOCKER_14",
|
|
"bc_check_id": null,
|
|
"check_name": "Ensure that certificate validation isn't disabled for git by setting the environment variable 'GIT_SSL_NO_VERIFY' to any value",
|
|
"check_result": {
|
|
"result": "PASSED",
|
|
"entity": {
|
|
"block_name_": "ARG",
|
|
"block_type_": "resource",
|
|
"file_path_": "/Dockerfile.production",
|
|
"config_": {
|
|
"content": "ARG NEXT_PUBLIC_API_URL\n",
|
|
"value": "NEXT_PUBLIC_API_URL",
|
|
"__startline__": 11,
|
|
"__endline__": 11
|
|
},
|
|
"label_": "resource: ARG",
|
|
"id_": "ARG",
|
|
"source_": "Dockerfile",
|
|
"content": "ARG NEXT_PUBLIC_API_URL\n",
|
|
"value": "NEXT_PUBLIC_API_URL",
|
|
"__startline__": 11,
|
|
"__endline__": 11,
|
|
"resource_type": "ARG",
|
|
"hash": "fded00a21c81cd45d8985324636a2acafc73bef594a45811ca0d68265da3f9dc"
|
|
},
|
|
"evaluated_keys": [
|
|
"value"
|
|
]
|
|
},
|
|
"code_block": [
|
|
[
|
|
12,
|
|
"ARG NEXT_PUBLIC_API_URL\n"
|
|
]
|
|
],
|
|
"file_path": "/Dockerfile.production",
|
|
"file_abs_path": "/scan/Dockerfile.production",
|
|
"repo_file_path": "/Dockerfile.production",
|
|
"file_line_range": [
|
|
12,
|
|
12
|
|
],
|
|
"resource": "/Dockerfile.production.ARG",
|
|
"evaluations": null,
|
|
"check_class": "checkov.common.graph.checks_infra.base_check",
|
|
"fixed_definition": null,
|
|
"entity_tags": null,
|
|
"caller_file_path": null,
|
|
"caller_file_line_range": null,
|
|
"resource_address": null,
|
|
"severity": null,
|
|
"bc_category": null,
|
|
"benchmarks": null,
|
|
"description": null,
|
|
"short_description": null,
|
|
"vulnerability_details": null,
|
|
"connected_node": null,
|
|
"guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-git-ssl",
|
|
"details": [],
|
|
"check_len": null,
|
|
"definition_context_file_path": null
|
|
},
|
|
{
|
|
"check_id": "CKV2_DOCKER_14",
|
|
"bc_check_id": null,
|
|
"check_name": "Ensure that certificate validation isn't disabled for git by setting the environment variable 'GIT_SSL_NO_VERIFY' to any value",
|
|
"check_result": {
|
|
"result": "PASSED",
|
|
"entity": {
|
|
"block_name_": "ARG",
|
|
"block_type_": "resource",
|
|
"file_path_": "/Dockerfile.production",
|
|
"config_": {
|
|
"content": "ARG NEXT_PUBLIC_MARKETPLACE_URL\n",
|
|
"value": "NEXT_PUBLIC_MARKETPLACE_URL",
|
|
"__startline__": 12,
|
|
"__endline__": 12
|
|
},
|
|
"label_": "resource: ARG",
|
|
"id_": "ARG",
|
|
"source_": "Dockerfile",
|
|
"content": "ARG NEXT_PUBLIC_MARKETPLACE_URL\n",
|
|
"value": "NEXT_PUBLIC_MARKETPLACE_URL",
|
|
"__startline__": 12,
|
|
"__endline__": 12,
|
|
"resource_type": "ARG",
|
|
"hash": "11d98758a432fc03021573afe4df769dc34ff0a4aec966f558b5e00c71c6cf3b"
|
|
},
|
|
"evaluated_keys": [
|
|
"value"
|
|
]
|
|
},
|
|
"code_block": [
|
|
[
|
|
13,
|
|
"ARG NEXT_PUBLIC_MARKETPLACE_URL\n"
|
|
]
|
|
],
|
|
"file_path": "/Dockerfile.production",
|
|
"file_abs_path": "/scan/Dockerfile.production",
|
|
"repo_file_path": "/Dockerfile.production",
|
|
"file_line_range": [
|
|
13,
|
|
13
|
|
],
|
|
"resource": "/Dockerfile.production.ARG",
|
|
"evaluations": null,
|
|
"check_class": "checkov.common.graph.checks_infra.base_check",
|
|
"fixed_definition": null,
|
|
"entity_tags": null,
|
|
"caller_file_path": null,
|
|
"caller_file_line_range": null,
|
|
"resource_address": null,
|
|
"severity": null,
|
|
"bc_category": null,
|
|
"benchmarks": null,
|
|
"description": null,
|
|
"short_description": null,
|
|
"vulnerability_details": null,
|
|
"connected_node": null,
|
|
"guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-git-ssl",
|
|
"details": [],
|
|
"check_len": null,
|
|
"definition_context_file_path": null
|
|
},
|
|
{
|
|
"check_id": "CKV2_DOCKER_14",
|
|
"bc_check_id": null,
|
|
"check_name": "Ensure that certificate validation isn't disabled for git by setting the environment variable 'GIT_SSL_NO_VERIFY' to any value",
|
|
"check_result": {
|
|
"result": "PASSED",
|
|
"entity": {
|
|
"block_name_": "ARG",
|
|
"block_type_": "resource",
|
|
"file_path_": "/Dockerfile.production",
|
|
"config_": {
|
|
"content": "ARG NEXT_PUBLIC_DASHBOARD_URL\n",
|
|
"value": "NEXT_PUBLIC_DASHBOARD_URL",
|
|
"__startline__": 13,
|
|
"__endline__": 13
|
|
},
|
|
"label_": "resource: ARG",
|
|
"id_": "ARG",
|
|
"source_": "Dockerfile",
|
|
"content": "ARG NEXT_PUBLIC_DASHBOARD_URL\n",
|
|
"value": "NEXT_PUBLIC_DASHBOARD_URL",
|
|
"__startline__": 13,
|
|
"__endline__": 13,
|
|
"resource_type": "ARG",
|
|
"hash": "4075db881e0d222faeb86e03db8a05d9a998deab344c05aee0e89d2426e01383"
|
|
},
|
|
"evaluated_keys": [
|
|
"value"
|
|
]
|
|
},
|
|
"code_block": [
|
|
[
|
|
14,
|
|
"ARG NEXT_PUBLIC_DASHBOARD_URL\n"
|
|
]
|
|
],
|
|
"file_path": "/Dockerfile.production",
|
|
"file_abs_path": "/scan/Dockerfile.production",
|
|
"repo_file_path": "/Dockerfile.production",
|
|
"file_line_range": [
|
|
14,
|
|
14
|
|
],
|
|
"resource": "/Dockerfile.production.ARG",
|
|
"evaluations": null,
|
|
"check_class": "checkov.common.graph.checks_infra.base_check",
|
|
"fixed_definition": null,
|
|
"entity_tags": null,
|
|
"caller_file_path": null,
|
|
"caller_file_line_range": null,
|
|
"resource_address": null,
|
|
"severity": null,
|
|
"bc_category": null,
|
|
"benchmarks": null,
|
|
"description": null,
|
|
"short_description": null,
|
|
"vulnerability_details": null,
|
|
"connected_node": null,
|
|
"guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-git-ssl",
|
|
"details": [],
|
|
"check_len": null,
|
|
"definition_context_file_path": null
|
|
},
|
|
{
|
|
"check_id": "CKV2_DOCKER_14",
|
|
"bc_check_id": null,
|
|
"check_name": "Ensure that certificate validation isn't disabled for git by setting the environment variable 'GIT_SSL_NO_VERIFY' to any value",
|
|
"check_result": {
|
|
"result": "PASSED",
|
|
"entity": {
|
|
"block_name_": "ARG",
|
|
"block_type_": "resource",
|
|
"file_path_": "/Dockerfile.production",
|
|
"config_": {
|
|
"content": "ARG NEXT_PUBLIC_ADMIN_URL\n",
|
|
"value": "NEXT_PUBLIC_ADMIN_URL",
|
|
"__startline__": 14,
|
|
"__endline__": 14
|
|
},
|
|
"label_": "resource: ARG",
|
|
"id_": "ARG",
|
|
"source_": "Dockerfile",
|
|
"content": "ARG NEXT_PUBLIC_ADMIN_URL\n",
|
|
"value": "NEXT_PUBLIC_ADMIN_URL",
|
|
"__startline__": 14,
|
|
"__endline__": 14,
|
|
"resource_type": "ARG",
|
|
"hash": "a4c9bf1c4e349946074fb4c606d0db63c06a809d125e58ddd09427e4d929fd6a"
|
|
},
|
|
"evaluated_keys": [
|
|
"value"
|
|
]
|
|
},
|
|
"code_block": [
|
|
[
|
|
15,
|
|
"ARG NEXT_PUBLIC_ADMIN_URL\n"
|
|
]
|
|
],
|
|
"file_path": "/Dockerfile.production",
|
|
"file_abs_path": "/scan/Dockerfile.production",
|
|
"repo_file_path": "/Dockerfile.production",
|
|
"file_line_range": [
|
|
15,
|
|
15
|
|
],
|
|
"resource": "/Dockerfile.production.ARG",
|
|
"evaluations": null,
|
|
"check_class": "checkov.common.graph.checks_infra.base_check",
|
|
"fixed_definition": null,
|
|
"entity_tags": null,
|
|
"caller_file_path": null,
|
|
"caller_file_line_range": null,
|
|
"resource_address": null,
|
|
"severity": null,
|
|
"bc_category": null,
|
|
"benchmarks": null,
|
|
"description": null,
|
|
"short_description": null,
|
|
"vulnerability_details": null,
|
|
"connected_node": null,
|
|
"guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-git-ssl",
|
|
"details": [],
|
|
"check_len": null,
|
|
"definition_context_file_path": null
|
|
},
|
|
{
|
|
"check_id": "CKV2_DOCKER_14",
|
|
"bc_check_id": null,
|
|
"check_name": "Ensure that certificate validation isn't disabled for git by setting the environment variable 'GIT_SSL_NO_VERIFY' to any value",
|
|
"check_result": {
|
|
"result": "PASSED",
|
|
"entity": {
|
|
"block_name_": "ENV",
|
|
"block_type_": "resource",
|
|
"file_path_": "/Dockerfile.production",
|
|
"config_": {
|
|
"content": "ENV NEXT_PUBLIC_API_URL=$NEXT_PUBLIC_API_URL \\\n NEXT_PUBLIC_MARKETPLACE_URL=$NEXT_PUBLIC_MARKETPLACE_URL \\\n NEXT_PUBLIC_DASHBOARD_URL=$NEXT_PUBLIC_DASHBOARD_URL \\\n NEXT_PUBLIC_ADMIN_URL=$NEXT_PUBLIC_ADMIN_URL\n",
|
|
"value": "NEXT_PUBLIC_API_URL=$NEXT_PUBLIC_API_URL NEXT_PUBLIC_MARKETPLACE_URL=$NEXT_PUBLIC_MARKETPLACE_URL NEXT_PUBLIC_DASHBOARD_URL=$NEXT_PUBLIC_DASHBOARD_URL NEXT_PUBLIC_ADMIN_URL=$NEXT_PUBLIC_ADMIN_URL",
|
|
"__startline__": 15,
|
|
"__endline__": 18
|
|
},
|
|
"label_": "resource: ENV",
|
|
"id_": "ENV",
|
|
"source_": "Dockerfile",
|
|
"content": "ENV NEXT_PUBLIC_API_URL=$NEXT_PUBLIC_API_URL \\\n NEXT_PUBLIC_MARKETPLACE_URL=$NEXT_PUBLIC_MARKETPLACE_URL \\\n NEXT_PUBLIC_DASHBOARD_URL=$NEXT_PUBLIC_DASHBOARD_URL \\\n NEXT_PUBLIC_ADMIN_URL=$NEXT_PUBLIC_ADMIN_URL\n",
|
|
"value": "NEXT_PUBLIC_API_URL=$NEXT_PUBLIC_API_URL NEXT_PUBLIC_MARKETPLACE_URL=$NEXT_PUBLIC_MARKETPLACE_URL NEXT_PUBLIC_DASHBOARD_URL=$NEXT_PUBLIC_DASHBOARD_URL NEXT_PUBLIC_ADMIN_URL=$NEXT_PUBLIC_ADMIN_URL",
|
|
"__startline__": 15,
|
|
"__endline__": 18,
|
|
"resource_type": "ENV",
|
|
"hash": "65abe3eb0aadfa3b1ed513b9e21f4f8c4524ec8c298e7123de46806870b90557"
|
|
},
|
|
"evaluated_keys": [
|
|
"value"
|
|
]
|
|
},
|
|
"code_block": [
|
|
[
|
|
16,
|
|
"ENV NEXT_PUBLIC_API_URL=$NEXT_PUBLIC_API_URL \\\n"
|
|
],
|
|
[
|
|
17,
|
|
" NEXT_PUBLIC_MARKETPLACE_URL=$NEXT_PUBLIC_MARKETPLACE_URL \\\n"
|
|
],
|
|
[
|
|
18,
|
|
" NEXT_PUBLIC_DASHBOARD_URL=$NEXT_PUBLIC_DASHBOARD_URL \\\n"
|
|
],
|
|
[
|
|
19,
|
|
" NEXT_PUBLIC_ADMIN_URL=$NEXT_PUBLIC_ADMIN_URL\n"
|
|
]
|
|
],
|
|
"file_path": "/Dockerfile.production",
|
|
"file_abs_path": "/scan/Dockerfile.production",
|
|
"repo_file_path": "/Dockerfile.production",
|
|
"file_line_range": [
|
|
16,
|
|
19
|
|
],
|
|
"resource": "/Dockerfile.production.ENV",
|
|
"evaluations": null,
|
|
"check_class": "checkov.common.graph.checks_infra.base_check",
|
|
"fixed_definition": null,
|
|
"entity_tags": null,
|
|
"caller_file_path": null,
|
|
"caller_file_line_range": null,
|
|
"resource_address": null,
|
|
"severity": null,
|
|
"bc_category": null,
|
|
"benchmarks": null,
|
|
"description": null,
|
|
"short_description": null,
|
|
"vulnerability_details": null,
|
|
"connected_node": null,
|
|
"guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-git-ssl",
|
|
"details": [],
|
|
"check_len": null,
|
|
"definition_context_file_path": null
|
|
},
|
|
{
|
|
"check_id": "CKV2_DOCKER_14",
|
|
"bc_check_id": null,
|
|
"check_name": "Ensure that certificate validation isn't disabled for git by setting the environment variable 'GIT_SSL_NO_VERIFY' to any value",
|
|
"check_result": {
|
|
"result": "PASSED",
|
|
"entity": {
|
|
"block_name_": "ENV",
|
|
"block_type_": "resource",
|
|
"file_path_": "/Dockerfile.production",
|
|
"config_": {
|
|
"content": "ENV NODE_ENV=production\n",
|
|
"value": "NODE_ENV=production",
|
|
"__startline__": 28,
|
|
"__endline__": 28
|
|
},
|
|
"label_": "resource: ENV",
|
|
"id_": "ENV",
|
|
"source_": "Dockerfile",
|
|
"content": "ENV NODE_ENV=production\n",
|
|
"value": "NODE_ENV=production",
|
|
"__startline__": 28,
|
|
"__endline__": 28,
|
|
"resource_type": "ENV",
|
|
"hash": "5a6afcff0e4c111b04ace6d372feb2943096034796456739be650482e87f3e0e"
|
|
},
|
|
"evaluated_keys": [
|
|
"value"
|
|
]
|
|
},
|
|
"code_block": [
|
|
[
|
|
29,
|
|
"ENV NODE_ENV=production\n"
|
|
]
|
|
],
|
|
"file_path": "/Dockerfile.production",
|
|
"file_abs_path": "/scan/Dockerfile.production",
|
|
"repo_file_path": "/Dockerfile.production",
|
|
"file_line_range": [
|
|
29,
|
|
29
|
|
],
|
|
"resource": "/Dockerfile.production.ENV",
|
|
"evaluations": null,
|
|
"check_class": "checkov.common.graph.checks_infra.base_check",
|
|
"fixed_definition": null,
|
|
"entity_tags": null,
|
|
"caller_file_path": null,
|
|
"caller_file_line_range": null,
|
|
"resource_address": null,
|
|
"severity": null,
|
|
"bc_category": null,
|
|
"benchmarks": null,
|
|
"description": null,
|
|
"short_description": null,
|
|
"vulnerability_details": null,
|
|
"connected_node": null,
|
|
"guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-git-ssl",
|
|
"details": [],
|
|
"check_len": null,
|
|
"definition_context_file_path": null
|
|
},
|
|
{
|
|
"check_id": "CKV2_DOCKER_14",
|
|
"bc_check_id": null,
|
|
"check_name": "Ensure that certificate validation isn't disabled for git by setting the environment variable 'GIT_SSL_NO_VERIFY' to any value",
|
|
"check_result": {
|
|
"result": "PASSED",
|
|
"entity": {
|
|
"block_name_": "RUN",
|
|
"block_type_": "resource",
|
|
"file_path_": "/Dockerfile.test",
|
|
"config_": {
|
|
"content": "RUN corepack enable && corepack prepare npm@10.5.0 --activate\n",
|
|
"value": "corepack enable && corepack prepare npm@10.5.0 --activate",
|
|
"__startline__": 4,
|
|
"__endline__": 4
|
|
},
|
|
"label_": "resource: RUN",
|
|
"id_": "RUN",
|
|
"source_": "Dockerfile",
|
|
"content": "RUN corepack enable && corepack prepare npm@10.5.0 --activate\n",
|
|
"value": "corepack enable && corepack prepare npm@10.5.0 --activate",
|
|
"__startline__": 4,
|
|
"__endline__": 4,
|
|
"resource_type": "RUN",
|
|
"hash": "1d5fb0a211498b8baf37e5744578ad03459da7798534298981f23fdefb7eb757"
|
|
},
|
|
"evaluated_keys": [
|
|
"value"
|
|
]
|
|
},
|
|
"code_block": [
|
|
[
|
|
5,
|
|
"RUN corepack enable && corepack prepare npm@10.5.0 --activate\n"
|
|
]
|
|
],
|
|
"file_path": "/Dockerfile.test",
|
|
"file_abs_path": "/scan/Dockerfile.test",
|
|
"repo_file_path": "/Dockerfile.test",
|
|
"file_line_range": [
|
|
5,
|
|
5
|
|
],
|
|
"resource": "/Dockerfile.test.RUN",
|
|
"evaluations": null,
|
|
"check_class": "checkov.common.graph.checks_infra.base_check",
|
|
"fixed_definition": null,
|
|
"entity_tags": null,
|
|
"caller_file_path": null,
|
|
"caller_file_line_range": null,
|
|
"resource_address": null,
|
|
"severity": null,
|
|
"bc_category": null,
|
|
"benchmarks": null,
|
|
"description": null,
|
|
"short_description": null,
|
|
"vulnerability_details": null,
|
|
"connected_node": null,
|
|
"guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-git-ssl",
|
|
"details": [],
|
|
"check_len": null,
|
|
"definition_context_file_path": null
|
|
},
|
|
{
|
|
"check_id": "CKV2_DOCKER_14",
|
|
"bc_check_id": null,
|
|
"check_name": "Ensure that certificate validation isn't disabled for git by setting the environment variable 'GIT_SSL_NO_VERIFY' to any value",
|
|
"check_result": {
|
|
"result": "PASSED",
|
|
"entity": {
|
|
"block_name_": "RUN",
|
|
"block_type_": "resource",
|
|
"file_path_": "/Dockerfile.test",
|
|
"config_": {
|
|
"content": "RUN npm install\n",
|
|
"value": "npm install",
|
|
"__startline__": 10,
|
|
"__endline__": 10
|
|
},
|
|
"label_": "resource: RUN",
|
|
"id_": "RUN",
|
|
"source_": "Dockerfile",
|
|
"content": "RUN npm install\n",
|
|
"value": "npm install",
|
|
"__startline__": 10,
|
|
"__endline__": 10,
|
|
"resource_type": "RUN",
|
|
"hash": "fb809e4860a3131df821aea9480445cc6e2f66dd52744dab5f3d2ef5b2848436"
|
|
},
|
|
"evaluated_keys": [
|
|
"value"
|
|
]
|
|
},
|
|
"code_block": [
|
|
[
|
|
11,
|
|
"RUN npm install\n"
|
|
]
|
|
],
|
|
"file_path": "/Dockerfile.test",
|
|
"file_abs_path": "/scan/Dockerfile.test",
|
|
"repo_file_path": "/Dockerfile.test",
|
|
"file_line_range": [
|
|
11,
|
|
11
|
|
],
|
|
"resource": "/Dockerfile.test.RUN",
|
|
"evaluations": null,
|
|
"check_class": "checkov.common.graph.checks_infra.base_check",
|
|
"fixed_definition": null,
|
|
"entity_tags": null,
|
|
"caller_file_path": null,
|
|
"caller_file_line_range": null,
|
|
"resource_address": null,
|
|
"severity": null,
|
|
"bc_category": null,
|
|
"benchmarks": null,
|
|
"description": null,
|
|
"short_description": null,
|
|
"vulnerability_details": null,
|
|
"connected_node": null,
|
|
"guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-git-ssl",
|
|
"details": [],
|
|
"check_len": null,
|
|
"definition_context_file_path": null
|
|
},
|
|
{
|
|
"check_id": "CKV2_DOCKER_14",
|
|
"bc_check_id": null,
|
|
"check_name": "Ensure that certificate validation isn't disabled for git by setting the environment variable 'GIT_SSL_NO_VERIFY' to any value",
|
|
"check_result": {
|
|
"result": "PASSED",
|
|
"entity": {
|
|
"block_name_": "ENV",
|
|
"block_type_": "resource",
|
|
"file_path_": "/Dockerfile.test",
|
|
"config_": {
|
|
"content": "ENV NODE_ENV=test\n",
|
|
"value": "NODE_ENV=test",
|
|
"__startline__": 12,
|
|
"__endline__": 12
|
|
},
|
|
"label_": "resource: ENV",
|
|
"id_": "ENV",
|
|
"source_": "Dockerfile",
|
|
"content": "ENV NODE_ENV=test\n",
|
|
"value": "NODE_ENV=test",
|
|
"__startline__": 12,
|
|
"__endline__": 12,
|
|
"resource_type": "ENV",
|
|
"hash": "14d83a642c69d4cf67fcdbeb6dace7ba464024fdcad52f8129d63c78042457cb"
|
|
},
|
|
"evaluated_keys": [
|
|
"value"
|
|
]
|
|
},
|
|
"code_block": [
|
|
[
|
|
13,
|
|
"ENV NODE_ENV=test\n"
|
|
]
|
|
],
|
|
"file_path": "/Dockerfile.test",
|
|
"file_abs_path": "/scan/Dockerfile.test",
|
|
"repo_file_path": "/Dockerfile.test",
|
|
"file_line_range": [
|
|
13,
|
|
13
|
|
],
|
|
"resource": "/Dockerfile.test.ENV",
|
|
"evaluations": null,
|
|
"check_class": "checkov.common.graph.checks_infra.base_check",
|
|
"fixed_definition": null,
|
|
"entity_tags": null,
|
|
"caller_file_path": null,
|
|
"caller_file_line_range": null,
|
|
"resource_address": null,
|
|
"severity": null,
|
|
"bc_category": null,
|
|
"benchmarks": null,
|
|
"description": null,
|
|
"short_description": null,
|
|
"vulnerability_details": null,
|
|
"connected_node": null,
|
|
"guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-git-ssl",
|
|
"details": [],
|
|
"check_len": null,
|
|
"definition_context_file_path": null
|
|
},
|
|
{
|
|
"check_id": "CKV2_DOCKER_14",
|
|
"bc_check_id": null,
|
|
"check_name": "Ensure that certificate validation isn't disabled for git by setting the environment variable 'GIT_SSL_NO_VERIFY' to any value",
|
|
"check_result": {
|
|
"result": "PASSED",
|
|
"entity": {
|
|
"block_name_": "RUN",
|
|
"block_type_": "resource",
|
|
"file_path_": "/Dockerfile.dev",
|
|
"config_": {
|
|
"content": "RUN npm install -g npm@10.5.0 --no-fund --no-audit\n",
|
|
"value": "npm install -g npm@10.5.0 --no-fund --no-audit",
|
|
"__startline__": 4,
|
|
"__endline__": 4
|
|
},
|
|
"label_": "resource: RUN",
|
|
"id_": "RUN",
|
|
"source_": "Dockerfile",
|
|
"content": "RUN npm install -g npm@10.5.0 --no-fund --no-audit\n",
|
|
"value": "npm install -g npm@10.5.0 --no-fund --no-audit",
|
|
"__startline__": 4,
|
|
"__endline__": 4,
|
|
"resource_type": "RUN",
|
|
"hash": "435bba968d1d0b4c410ea33851637829a16b2ad878f0b9531a737c7a444f91b9"
|
|
},
|
|
"evaluated_keys": [
|
|
"value"
|
|
]
|
|
},
|
|
"code_block": [
|
|
[
|
|
5,
|
|
"RUN npm install -g npm@10.5.0 --no-fund --no-audit\n"
|
|
]
|
|
],
|
|
"file_path": "/Dockerfile.dev",
|
|
"file_abs_path": "/scan/Dockerfile.dev",
|
|
"repo_file_path": "/Dockerfile.dev",
|
|
"file_line_range": [
|
|
5,
|
|
5
|
|
],
|
|
"resource": "/Dockerfile.dev.RUN",
|
|
"evaluations": null,
|
|
"check_class": "checkov.common.graph.checks_infra.base_check",
|
|
"fixed_definition": null,
|
|
"entity_tags": null,
|
|
"caller_file_path": null,
|
|
"caller_file_line_range": null,
|
|
"resource_address": null,
|
|
"severity": null,
|
|
"bc_category": null,
|
|
"benchmarks": null,
|
|
"description": null,
|
|
"short_description": null,
|
|
"vulnerability_details": null,
|
|
"connected_node": null,
|
|
"guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-git-ssl",
|
|
"details": [],
|
|
"check_len": null,
|
|
"definition_context_file_path": null
|
|
},
|
|
{
|
|
"check_id": "CKV2_DOCKER_14",
|
|
"bc_check_id": null,
|
|
"check_name": "Ensure that certificate validation isn't disabled for git by setting the environment variable 'GIT_SSL_NO_VERIFY' to any value",
|
|
"check_result": {
|
|
"result": "PASSED",
|
|
"entity": {
|
|
"block_name_": "RUN",
|
|
"block_type_": "resource",
|
|
"file_path_": "/Dockerfile.dev",
|
|
"config_": {
|
|
"content": "RUN npm ci --no-fund --no-audit\n",
|
|
"value": "npm ci --no-fund --no-audit",
|
|
"__startline__": 10,
|
|
"__endline__": 10
|
|
},
|
|
"label_": "resource: RUN",
|
|
"id_": "RUN",
|
|
"source_": "Dockerfile",
|
|
"content": "RUN npm ci --no-fund --no-audit\n",
|
|
"value": "npm ci --no-fund --no-audit",
|
|
"__startline__": 10,
|
|
"__endline__": 10,
|
|
"resource_type": "RUN",
|
|
"hash": "57abb1bbe03890ab19f47e5f96b9cbcee02aab65f6980d523df42faf41b709fa"
|
|
},
|
|
"evaluated_keys": [
|
|
"value"
|
|
]
|
|
},
|
|
"code_block": [
|
|
[
|
|
11,
|
|
"RUN npm ci --no-fund --no-audit\n"
|
|
]
|
|
],
|
|
"file_path": "/Dockerfile.dev",
|
|
"file_abs_path": "/scan/Dockerfile.dev",
|
|
"repo_file_path": "/Dockerfile.dev",
|
|
"file_line_range": [
|
|
11,
|
|
11
|
|
],
|
|
"resource": "/Dockerfile.dev.RUN",
|
|
"evaluations": null,
|
|
"check_class": "checkov.common.graph.checks_infra.base_check",
|
|
"fixed_definition": null,
|
|
"entity_tags": null,
|
|
"caller_file_path": null,
|
|
"caller_file_line_range": null,
|
|
"resource_address": null,
|
|
"severity": null,
|
|
"bc_category": null,
|
|
"benchmarks": null,
|
|
"description": null,
|
|
"short_description": null,
|
|
"vulnerability_details": null,
|
|
"connected_node": null,
|
|
"guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-git-ssl",
|
|
"details": [],
|
|
"check_len": null,
|
|
"definition_context_file_path": null
|
|
},
|
|
{
|
|
"check_id": "CKV2_DOCKER_6",
|
|
"bc_check_id": null,
|
|
"check_name": "Ensure that certificate validation isn't disabled with the NODE_TLS_REJECT_UNAUTHORIZED environment variable",
|
|
"check_result": {
|
|
"result": "PASSED",
|
|
"entity": {
|
|
"block_name_": "RUN",
|
|
"block_type_": "resource",
|
|
"file_path_": "/Dockerfile.production",
|
|
"config_": {
|
|
"content": "RUN corepack enable && corepack prepare npm@10.5.0 --activate\n",
|
|
"value": "corepack enable && corepack prepare npm@10.5.0 --activate",
|
|
"__startline__": 4,
|
|
"__endline__": 4
|
|
},
|
|
"label_": "resource: RUN",
|
|
"id_": "RUN",
|
|
"source_": "Dockerfile",
|
|
"content": "RUN corepack enable && corepack prepare npm@10.5.0 --activate\n",
|
|
"value": "corepack enable && corepack prepare npm@10.5.0 --activate",
|
|
"__startline__": 4,
|
|
"__endline__": 4,
|
|
"resource_type": "RUN",
|
|
"hash": "dbd32b6bad6b728919787011f82d60c50d7b2d1c079f814de2b1640696c98816"
|
|
},
|
|
"evaluated_keys": [
|
|
"value"
|
|
]
|
|
},
|
|
"code_block": [
|
|
[
|
|
5,
|
|
"RUN corepack enable && corepack prepare npm@10.5.0 --activate\n"
|
|
]
|
|
],
|
|
"file_path": "/Dockerfile.production",
|
|
"file_abs_path": "/scan/Dockerfile.production",
|
|
"repo_file_path": "/Dockerfile.production",
|
|
"file_line_range": [
|
|
5,
|
|
5
|
|
],
|
|
"resource": "/Dockerfile.production.RUN",
|
|
"evaluations": null,
|
|
"check_class": "checkov.common.graph.checks_infra.base_check",
|
|
"fixed_definition": null,
|
|
"entity_tags": null,
|
|
"caller_file_path": null,
|
|
"caller_file_line_range": null,
|
|
"resource_address": null,
|
|
"severity": null,
|
|
"bc_category": null,
|
|
"benchmarks": null,
|
|
"description": null,
|
|
"short_description": null,
|
|
"vulnerability_details": null,
|
|
"connected_node": null,
|
|
"guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-node-tls-secure",
|
|
"details": [],
|
|
"check_len": null,
|
|
"definition_context_file_path": null
|
|
},
|
|
{
|
|
"check_id": "CKV2_DOCKER_6",
|
|
"bc_check_id": null,
|
|
"check_name": "Ensure that certificate validation isn't disabled with the NODE_TLS_REJECT_UNAUTHORIZED environment variable",
|
|
"check_result": {
|
|
"result": "PASSED",
|
|
"entity": {
|
|
"block_name_": "RUN",
|
|
"block_type_": "resource",
|
|
"file_path_": "/Dockerfile.production",
|
|
"config_": {
|
|
"content": "RUN npm install\n",
|
|
"value": "npm install",
|
|
"__startline__": 20,
|
|
"__endline__": 20
|
|
},
|
|
"label_": "resource: RUN",
|
|
"id_": "RUN",
|
|
"source_": "Dockerfile",
|
|
"content": "RUN npm install\n",
|
|
"value": "npm install",
|
|
"__startline__": 20,
|
|
"__endline__": 20,
|
|
"resource_type": "RUN",
|
|
"hash": "6979b14e6a853ac150ffef85c5e28fd49c956054ea2cb1d01440e13b17260c4a"
|
|
},
|
|
"evaluated_keys": [
|
|
"value"
|
|
]
|
|
},
|
|
"code_block": [
|
|
[
|
|
21,
|
|
"RUN npm install\n"
|
|
]
|
|
],
|
|
"file_path": "/Dockerfile.production",
|
|
"file_abs_path": "/scan/Dockerfile.production",
|
|
"repo_file_path": "/Dockerfile.production",
|
|
"file_line_range": [
|
|
21,
|
|
21
|
|
],
|
|
"resource": "/Dockerfile.production.RUN",
|
|
"evaluations": null,
|
|
"check_class": "checkov.common.graph.checks_infra.base_check",
|
|
"fixed_definition": null,
|
|
"entity_tags": null,
|
|
"caller_file_path": null,
|
|
"caller_file_line_range": null,
|
|
"resource_address": null,
|
|
"severity": null,
|
|
"bc_category": null,
|
|
"benchmarks": null,
|
|
"description": null,
|
|
"short_description": null,
|
|
"vulnerability_details": null,
|
|
"connected_node": null,
|
|
"guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-node-tls-secure",
|
|
"details": [],
|
|
"check_len": null,
|
|
"definition_context_file_path": null
|
|
},
|
|
{
|
|
"check_id": "CKV2_DOCKER_6",
|
|
"bc_check_id": null,
|
|
"check_name": "Ensure that certificate validation isn't disabled with the NODE_TLS_REJECT_UNAUTHORIZED environment variable",
|
|
"check_result": {
|
|
"result": "PASSED",
|
|
"entity": {
|
|
"block_name_": "RUN",
|
|
"block_type_": "resource",
|
|
"file_path_": "/Dockerfile.production",
|
|
"config_": {
|
|
"content": "RUN npm run db:generate\n",
|
|
"value": "npm run db:generate",
|
|
"__startline__": 21,
|
|
"__endline__": 21
|
|
},
|
|
"label_": "resource: RUN",
|
|
"id_": "RUN",
|
|
"source_": "Dockerfile",
|
|
"content": "RUN npm run db:generate\n",
|
|
"value": "npm run db:generate",
|
|
"__startline__": 21,
|
|
"__endline__": 21,
|
|
"resource_type": "RUN",
|
|
"hash": "c1f9cc0c42260bb0183d7e7b9ec2edab99837111ad42dbbdd7fad09ff3e37ab0"
|
|
},
|
|
"evaluated_keys": [
|
|
"value"
|
|
]
|
|
},
|
|
"code_block": [
|
|
[
|
|
22,
|
|
"RUN npm run db:generate\n"
|
|
]
|
|
],
|
|
"file_path": "/Dockerfile.production",
|
|
"file_abs_path": "/scan/Dockerfile.production",
|
|
"repo_file_path": "/Dockerfile.production",
|
|
"file_line_range": [
|
|
22,
|
|
22
|
|
],
|
|
"resource": "/Dockerfile.production.RUN",
|
|
"evaluations": null,
|
|
"check_class": "checkov.common.graph.checks_infra.base_check",
|
|
"fixed_definition": null,
|
|
"entity_tags": null,
|
|
"caller_file_path": null,
|
|
"caller_file_line_range": null,
|
|
"resource_address": null,
|
|
"severity": null,
|
|
"bc_category": null,
|
|
"benchmarks": null,
|
|
"description": null,
|
|
"short_description": null,
|
|
"vulnerability_details": null,
|
|
"connected_node": null,
|
|
"guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-node-tls-secure",
|
|
"details": [],
|
|
"check_len": null,
|
|
"definition_context_file_path": null
|
|
},
|
|
{
|
|
"check_id": "CKV2_DOCKER_6",
|
|
"bc_check_id": null,
|
|
"check_name": "Ensure that certificate validation isn't disabled with the NODE_TLS_REJECT_UNAUTHORIZED environment variable",
|
|
"check_result": {
|
|
"result": "PASSED",
|
|
"entity": {
|
|
"block_name_": "RUN",
|
|
"block_type_": "resource",
|
|
"file_path_": "/Dockerfile.production",
|
|
"config_": {
|
|
"content": "RUN npm run build\n",
|
|
"value": "npm run build",
|
|
"__startline__": 22,
|
|
"__endline__": 22
|
|
},
|
|
"label_": "resource: RUN",
|
|
"id_": "RUN",
|
|
"source_": "Dockerfile",
|
|
"content": "RUN npm run build\n",
|
|
"value": "npm run build",
|
|
"__startline__": 22,
|
|
"__endline__": 22,
|
|
"resource_type": "RUN",
|
|
"hash": "1bf185fb6038f1b491f2a2686de4dd9869ccdd9c3e34d2772cf43bd368377aa6"
|
|
},
|
|
"evaluated_keys": [
|
|
"value"
|
|
]
|
|
},
|
|
"code_block": [
|
|
[
|
|
23,
|
|
"RUN npm run build\n"
|
|
]
|
|
],
|
|
"file_path": "/Dockerfile.production",
|
|
"file_abs_path": "/scan/Dockerfile.production",
|
|
"repo_file_path": "/Dockerfile.production",
|
|
"file_line_range": [
|
|
23,
|
|
23
|
|
],
|
|
"resource": "/Dockerfile.production.RUN",
|
|
"evaluations": null,
|
|
"check_class": "checkov.common.graph.checks_infra.base_check",
|
|
"fixed_definition": null,
|
|
"entity_tags": null,
|
|
"caller_file_path": null,
|
|
"caller_file_line_range": null,
|
|
"resource_address": null,
|
|
"severity": null,
|
|
"bc_category": null,
|
|
"benchmarks": null,
|
|
"description": null,
|
|
"short_description": null,
|
|
"vulnerability_details": null,
|
|
"connected_node": null,
|
|
"guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-node-tls-secure",
|
|
"details": [],
|
|
"check_len": null,
|
|
"definition_context_file_path": null
|
|
},
|
|
{
|
|
"check_id": "CKV2_DOCKER_6",
|
|
"bc_check_id": null,
|
|
"check_name": "Ensure that certificate validation isn't disabled with the NODE_TLS_REJECT_UNAUTHORIZED environment variable",
|
|
"check_result": {
|
|
"result": "PASSED",
|
|
"entity": {
|
|
"block_name_": "RUN",
|
|
"block_type_": "resource",
|
|
"file_path_": "/Dockerfile.production",
|
|
"config_": {
|
|
"content": "RUN corepack enable && corepack prepare npm@10.5.0 --activate\n",
|
|
"value": "corepack enable && corepack prepare npm@10.5.0 --activate",
|
|
"__startline__": 30,
|
|
"__endline__": 30
|
|
},
|
|
"label_": "resource: RUN",
|
|
"id_": "RUN",
|
|
"source_": "Dockerfile",
|
|
"content": "RUN corepack enable && corepack prepare npm@10.5.0 --activate\n",
|
|
"value": "corepack enable && corepack prepare npm@10.5.0 --activate",
|
|
"__startline__": 30,
|
|
"__endline__": 30,
|
|
"resource_type": "RUN",
|
|
"hash": "01c88e306f7db45ae7136e3bdb63c4b15978dd024f6ed18210961fc3db3df382"
|
|
},
|
|
"evaluated_keys": [
|
|
"value"
|
|
]
|
|
},
|
|
"code_block": [
|
|
[
|
|
31,
|
|
"RUN corepack enable && corepack prepare npm@10.5.0 --activate\n"
|
|
]
|
|
],
|
|
"file_path": "/Dockerfile.production",
|
|
"file_abs_path": "/scan/Dockerfile.production",
|
|
"repo_file_path": "/Dockerfile.production",
|
|
"file_line_range": [
|
|
31,
|
|
31
|
|
],
|
|
"resource": "/Dockerfile.production.RUN",
|
|
"evaluations": null,
|
|
"check_class": "checkov.common.graph.checks_infra.base_check",
|
|
"fixed_definition": null,
|
|
"entity_tags": null,
|
|
"caller_file_path": null,
|
|
"caller_file_line_range": null,
|
|
"resource_address": null,
|
|
"severity": null,
|
|
"bc_category": null,
|
|
"benchmarks": null,
|
|
"description": null,
|
|
"short_description": null,
|
|
"vulnerability_details": null,
|
|
"connected_node": null,
|
|
"guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-node-tls-secure",
|
|
"details": [],
|
|
"check_len": null,
|
|
"definition_context_file_path": null
|
|
},
|
|
{
|
|
"check_id": "CKV2_DOCKER_6",
|
|
"bc_check_id": null,
|
|
"check_name": "Ensure that certificate validation isn't disabled with the NODE_TLS_REJECT_UNAUTHORIZED environment variable",
|
|
"check_result": {
|
|
"result": "PASSED",
|
|
"entity": {
|
|
"block_name_": "ARG",
|
|
"block_type_": "resource",
|
|
"file_path_": "/Dockerfile.production",
|
|
"config_": {
|
|
"content": "ARG NEXT_PUBLIC_API_URL\n",
|
|
"value": "NEXT_PUBLIC_API_URL",
|
|
"__startline__": 11,
|
|
"__endline__": 11
|
|
},
|
|
"label_": "resource: ARG",
|
|
"id_": "ARG",
|
|
"source_": "Dockerfile",
|
|
"content": "ARG NEXT_PUBLIC_API_URL\n",
|
|
"value": "NEXT_PUBLIC_API_URL",
|
|
"__startline__": 11,
|
|
"__endline__": 11,
|
|
"resource_type": "ARG",
|
|
"hash": "fded00a21c81cd45d8985324636a2acafc73bef594a45811ca0d68265da3f9dc"
|
|
},
|
|
"evaluated_keys": [
|
|
"value"
|
|
]
|
|
},
|
|
"code_block": [
|
|
[
|
|
12,
|
|
"ARG NEXT_PUBLIC_API_URL\n"
|
|
]
|
|
],
|
|
"file_path": "/Dockerfile.production",
|
|
"file_abs_path": "/scan/Dockerfile.production",
|
|
"repo_file_path": "/Dockerfile.production",
|
|
"file_line_range": [
|
|
12,
|
|
12
|
|
],
|
|
"resource": "/Dockerfile.production.ARG",
|
|
"evaluations": null,
|
|
"check_class": "checkov.common.graph.checks_infra.base_check",
|
|
"fixed_definition": null,
|
|
"entity_tags": null,
|
|
"caller_file_path": null,
|
|
"caller_file_line_range": null,
|
|
"resource_address": null,
|
|
"severity": null,
|
|
"bc_category": null,
|
|
"benchmarks": null,
|
|
"description": null,
|
|
"short_description": null,
|
|
"vulnerability_details": null,
|
|
"connected_node": null,
|
|
"guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-node-tls-secure",
|
|
"details": [],
|
|
"check_len": null,
|
|
"definition_context_file_path": null
|
|
},
|
|
{
|
|
"check_id": "CKV2_DOCKER_6",
|
|
"bc_check_id": null,
|
|
"check_name": "Ensure that certificate validation isn't disabled with the NODE_TLS_REJECT_UNAUTHORIZED environment variable",
|
|
"check_result": {
|
|
"result": "PASSED",
|
|
"entity": {
|
|
"block_name_": "ARG",
|
|
"block_type_": "resource",
|
|
"file_path_": "/Dockerfile.production",
|
|
"config_": {
|
|
"content": "ARG NEXT_PUBLIC_MARKETPLACE_URL\n",
|
|
"value": "NEXT_PUBLIC_MARKETPLACE_URL",
|
|
"__startline__": 12,
|
|
"__endline__": 12
|
|
},
|
|
"label_": "resource: ARG",
|
|
"id_": "ARG",
|
|
"source_": "Dockerfile",
|
|
"content": "ARG NEXT_PUBLIC_MARKETPLACE_URL\n",
|
|
"value": "NEXT_PUBLIC_MARKETPLACE_URL",
|
|
"__startline__": 12,
|
|
"__endline__": 12,
|
|
"resource_type": "ARG",
|
|
"hash": "11d98758a432fc03021573afe4df769dc34ff0a4aec966f558b5e00c71c6cf3b"
|
|
},
|
|
"evaluated_keys": [
|
|
"value"
|
|
]
|
|
},
|
|
"code_block": [
|
|
[
|
|
13,
|
|
"ARG NEXT_PUBLIC_MARKETPLACE_URL\n"
|
|
]
|
|
],
|
|
"file_path": "/Dockerfile.production",
|
|
"file_abs_path": "/scan/Dockerfile.production",
|
|
"repo_file_path": "/Dockerfile.production",
|
|
"file_line_range": [
|
|
13,
|
|
13
|
|
],
|
|
"resource": "/Dockerfile.production.ARG",
|
|
"evaluations": null,
|
|
"check_class": "checkov.common.graph.checks_infra.base_check",
|
|
"fixed_definition": null,
|
|
"entity_tags": null,
|
|
"caller_file_path": null,
|
|
"caller_file_line_range": null,
|
|
"resource_address": null,
|
|
"severity": null,
|
|
"bc_category": null,
|
|
"benchmarks": null,
|
|
"description": null,
|
|
"short_description": null,
|
|
"vulnerability_details": null,
|
|
"connected_node": null,
|
|
"guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-node-tls-secure",
|
|
"details": [],
|
|
"check_len": null,
|
|
"definition_context_file_path": null
|
|
},
|
|
{
|
|
"check_id": "CKV2_DOCKER_6",
|
|
"bc_check_id": null,
|
|
"check_name": "Ensure that certificate validation isn't disabled with the NODE_TLS_REJECT_UNAUTHORIZED environment variable",
|
|
"check_result": {
|
|
"result": "PASSED",
|
|
"entity": {
|
|
"block_name_": "ARG",
|
|
"block_type_": "resource",
|
|
"file_path_": "/Dockerfile.production",
|
|
"config_": {
|
|
"content": "ARG NEXT_PUBLIC_DASHBOARD_URL\n",
|
|
"value": "NEXT_PUBLIC_DASHBOARD_URL",
|
|
"__startline__": 13,
|
|
"__endline__": 13
|
|
},
|
|
"label_": "resource: ARG",
|
|
"id_": "ARG",
|
|
"source_": "Dockerfile",
|
|
"content": "ARG NEXT_PUBLIC_DASHBOARD_URL\n",
|
|
"value": "NEXT_PUBLIC_DASHBOARD_URL",
|
|
"__startline__": 13,
|
|
"__endline__": 13,
|
|
"resource_type": "ARG",
|
|
"hash": "4075db881e0d222faeb86e03db8a05d9a998deab344c05aee0e89d2426e01383"
|
|
},
|
|
"evaluated_keys": [
|
|
"value"
|
|
]
|
|
},
|
|
"code_block": [
|
|
[
|
|
14,
|
|
"ARG NEXT_PUBLIC_DASHBOARD_URL\n"
|
|
]
|
|
],
|
|
"file_path": "/Dockerfile.production",
|
|
"file_abs_path": "/scan/Dockerfile.production",
|
|
"repo_file_path": "/Dockerfile.production",
|
|
"file_line_range": [
|
|
14,
|
|
14
|
|
],
|
|
"resource": "/Dockerfile.production.ARG",
|
|
"evaluations": null,
|
|
"check_class": "checkov.common.graph.checks_infra.base_check",
|
|
"fixed_definition": null,
|
|
"entity_tags": null,
|
|
"caller_file_path": null,
|
|
"caller_file_line_range": null,
|
|
"resource_address": null,
|
|
"severity": null,
|
|
"bc_category": null,
|
|
"benchmarks": null,
|
|
"description": null,
|
|
"short_description": null,
|
|
"vulnerability_details": null,
|
|
"connected_node": null,
|
|
"guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-node-tls-secure",
|
|
"details": [],
|
|
"check_len": null,
|
|
"definition_context_file_path": null
|
|
},
|
|
{
|
|
"check_id": "CKV2_DOCKER_6",
|
|
"bc_check_id": null,
|
|
"check_name": "Ensure that certificate validation isn't disabled with the NODE_TLS_REJECT_UNAUTHORIZED environment variable",
|
|
"check_result": {
|
|
"result": "PASSED",
|
|
"entity": {
|
|
"block_name_": "ARG",
|
|
"block_type_": "resource",
|
|
"file_path_": "/Dockerfile.production",
|
|
"config_": {
|
|
"content": "ARG NEXT_PUBLIC_ADMIN_URL\n",
|
|
"value": "NEXT_PUBLIC_ADMIN_URL",
|
|
"__startline__": 14,
|
|
"__endline__": 14
|
|
},
|
|
"label_": "resource: ARG",
|
|
"id_": "ARG",
|
|
"source_": "Dockerfile",
|
|
"content": "ARG NEXT_PUBLIC_ADMIN_URL\n",
|
|
"value": "NEXT_PUBLIC_ADMIN_URL",
|
|
"__startline__": 14,
|
|
"__endline__": 14,
|
|
"resource_type": "ARG",
|
|
"hash": "a4c9bf1c4e349946074fb4c606d0db63c06a809d125e58ddd09427e4d929fd6a"
|
|
},
|
|
"evaluated_keys": [
|
|
"value"
|
|
]
|
|
},
|
|
"code_block": [
|
|
[
|
|
15,
|
|
"ARG NEXT_PUBLIC_ADMIN_URL\n"
|
|
]
|
|
],
|
|
"file_path": "/Dockerfile.production",
|
|
"file_abs_path": "/scan/Dockerfile.production",
|
|
"repo_file_path": "/Dockerfile.production",
|
|
"file_line_range": [
|
|
15,
|
|
15
|
|
],
|
|
"resource": "/Dockerfile.production.ARG",
|
|
"evaluations": null,
|
|
"check_class": "checkov.common.graph.checks_infra.base_check",
|
|
"fixed_definition": null,
|
|
"entity_tags": null,
|
|
"caller_file_path": null,
|
|
"caller_file_line_range": null,
|
|
"resource_address": null,
|
|
"severity": null,
|
|
"bc_category": null,
|
|
"benchmarks": null,
|
|
"description": null,
|
|
"short_description": null,
|
|
"vulnerability_details": null,
|
|
"connected_node": null,
|
|
"guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-node-tls-secure",
|
|
"details": [],
|
|
"check_len": null,
|
|
"definition_context_file_path": null
|
|
},
|
|
{
|
|
"check_id": "CKV2_DOCKER_6",
|
|
"bc_check_id": null,
|
|
"check_name": "Ensure that certificate validation isn't disabled with the NODE_TLS_REJECT_UNAUTHORIZED environment variable",
|
|
"check_result": {
|
|
"result": "PASSED",
|
|
"entity": {
|
|
"block_name_": "ENV",
|
|
"block_type_": "resource",
|
|
"file_path_": "/Dockerfile.production",
|
|
"config_": {
|
|
"content": "ENV NEXT_PUBLIC_API_URL=$NEXT_PUBLIC_API_URL \\\n NEXT_PUBLIC_MARKETPLACE_URL=$NEXT_PUBLIC_MARKETPLACE_URL \\\n NEXT_PUBLIC_DASHBOARD_URL=$NEXT_PUBLIC_DASHBOARD_URL \\\n NEXT_PUBLIC_ADMIN_URL=$NEXT_PUBLIC_ADMIN_URL\n",
|
|
"value": "NEXT_PUBLIC_API_URL=$NEXT_PUBLIC_API_URL NEXT_PUBLIC_MARKETPLACE_URL=$NEXT_PUBLIC_MARKETPLACE_URL NEXT_PUBLIC_DASHBOARD_URL=$NEXT_PUBLIC_DASHBOARD_URL NEXT_PUBLIC_ADMIN_URL=$NEXT_PUBLIC_ADMIN_URL",
|
|
"__startline__": 15,
|
|
"__endline__": 18
|
|
},
|
|
"label_": "resource: ENV",
|
|
"id_": "ENV",
|
|
"source_": "Dockerfile",
|
|
"content": "ENV NEXT_PUBLIC_API_URL=$NEXT_PUBLIC_API_URL \\\n NEXT_PUBLIC_MARKETPLACE_URL=$NEXT_PUBLIC_MARKETPLACE_URL \\\n NEXT_PUBLIC_DASHBOARD_URL=$NEXT_PUBLIC_DASHBOARD_URL \\\n NEXT_PUBLIC_ADMIN_URL=$NEXT_PUBLIC_ADMIN_URL\n",
|
|
"value": "NEXT_PUBLIC_API_URL=$NEXT_PUBLIC_API_URL NEXT_PUBLIC_MARKETPLACE_URL=$NEXT_PUBLIC_MARKETPLACE_URL NEXT_PUBLIC_DASHBOARD_URL=$NEXT_PUBLIC_DASHBOARD_URL NEXT_PUBLIC_ADMIN_URL=$NEXT_PUBLIC_ADMIN_URL",
|
|
"__startline__": 15,
|
|
"__endline__": 18,
|
|
"resource_type": "ENV",
|
|
"hash": "65abe3eb0aadfa3b1ed513b9e21f4f8c4524ec8c298e7123de46806870b90557"
|
|
},
|
|
"evaluated_keys": [
|
|
"value"
|
|
]
|
|
},
|
|
"code_block": [
|
|
[
|
|
16,
|
|
"ENV NEXT_PUBLIC_API_URL=$NEXT_PUBLIC_API_URL \\\n"
|
|
],
|
|
[
|
|
17,
|
|
" NEXT_PUBLIC_MARKETPLACE_URL=$NEXT_PUBLIC_MARKETPLACE_URL \\\n"
|
|
],
|
|
[
|
|
18,
|
|
" NEXT_PUBLIC_DASHBOARD_URL=$NEXT_PUBLIC_DASHBOARD_URL \\\n"
|
|
],
|
|
[
|
|
19,
|
|
" NEXT_PUBLIC_ADMIN_URL=$NEXT_PUBLIC_ADMIN_URL\n"
|
|
]
|
|
],
|
|
"file_path": "/Dockerfile.production",
|
|
"file_abs_path": "/scan/Dockerfile.production",
|
|
"repo_file_path": "/Dockerfile.production",
|
|
"file_line_range": [
|
|
16,
|
|
19
|
|
],
|
|
"resource": "/Dockerfile.production.ENV",
|
|
"evaluations": null,
|
|
"check_class": "checkov.common.graph.checks_infra.base_check",
|
|
"fixed_definition": null,
|
|
"entity_tags": null,
|
|
"caller_file_path": null,
|
|
"caller_file_line_range": null,
|
|
"resource_address": null,
|
|
"severity": null,
|
|
"bc_category": null,
|
|
"benchmarks": null,
|
|
"description": null,
|
|
"short_description": null,
|
|
"vulnerability_details": null,
|
|
"connected_node": null,
|
|
"guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-node-tls-secure",
|
|
"details": [],
|
|
"check_len": null,
|
|
"definition_context_file_path": null
|
|
},
|
|
{
|
|
"check_id": "CKV2_DOCKER_6",
|
|
"bc_check_id": null,
|
|
"check_name": "Ensure that certificate validation isn't disabled with the NODE_TLS_REJECT_UNAUTHORIZED environment variable",
|
|
"check_result": {
|
|
"result": "PASSED",
|
|
"entity": {
|
|
"block_name_": "ENV",
|
|
"block_type_": "resource",
|
|
"file_path_": "/Dockerfile.production",
|
|
"config_": {
|
|
"content": "ENV NODE_ENV=production\n",
|
|
"value": "NODE_ENV=production",
|
|
"__startline__": 28,
|
|
"__endline__": 28
|
|
},
|
|
"label_": "resource: ENV",
|
|
"id_": "ENV",
|
|
"source_": "Dockerfile",
|
|
"content": "ENV NODE_ENV=production\n",
|
|
"value": "NODE_ENV=production",
|
|
"__startline__": 28,
|
|
"__endline__": 28,
|
|
"resource_type": "ENV",
|
|
"hash": "5a6afcff0e4c111b04ace6d372feb2943096034796456739be650482e87f3e0e"
|
|
},
|
|
"evaluated_keys": [
|
|
"value"
|
|
]
|
|
},
|
|
"code_block": [
|
|
[
|
|
29,
|
|
"ENV NODE_ENV=production\n"
|
|
]
|
|
],
|
|
"file_path": "/Dockerfile.production",
|
|
"file_abs_path": "/scan/Dockerfile.production",
|
|
"repo_file_path": "/Dockerfile.production",
|
|
"file_line_range": [
|
|
29,
|
|
29
|
|
],
|
|
"resource": "/Dockerfile.production.ENV",
|
|
"evaluations": null,
|
|
"check_class": "checkov.common.graph.checks_infra.base_check",
|
|
"fixed_definition": null,
|
|
"entity_tags": null,
|
|
"caller_file_path": null,
|
|
"caller_file_line_range": null,
|
|
"resource_address": null,
|
|
"severity": null,
|
|
"bc_category": null,
|
|
"benchmarks": null,
|
|
"description": null,
|
|
"short_description": null,
|
|
"vulnerability_details": null,
|
|
"connected_node": null,
|
|
"guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-node-tls-secure",
|
|
"details": [],
|
|
"check_len": null,
|
|
"definition_context_file_path": null
|
|
},
|
|
{
|
|
"check_id": "CKV2_DOCKER_6",
|
|
"bc_check_id": null,
|
|
"check_name": "Ensure that certificate validation isn't disabled with the NODE_TLS_REJECT_UNAUTHORIZED environment variable",
|
|
"check_result": {
|
|
"result": "PASSED",
|
|
"entity": {
|
|
"block_name_": "RUN",
|
|
"block_type_": "resource",
|
|
"file_path_": "/Dockerfile.test",
|
|
"config_": {
|
|
"content": "RUN corepack enable && corepack prepare npm@10.5.0 --activate\n",
|
|
"value": "corepack enable && corepack prepare npm@10.5.0 --activate",
|
|
"__startline__": 4,
|
|
"__endline__": 4
|
|
},
|
|
"label_": "resource: RUN",
|
|
"id_": "RUN",
|
|
"source_": "Dockerfile",
|
|
"content": "RUN corepack enable && corepack prepare npm@10.5.0 --activate\n",
|
|
"value": "corepack enable && corepack prepare npm@10.5.0 --activate",
|
|
"__startline__": 4,
|
|
"__endline__": 4,
|
|
"resource_type": "RUN",
|
|
"hash": "1d5fb0a211498b8baf37e5744578ad03459da7798534298981f23fdefb7eb757"
|
|
},
|
|
"evaluated_keys": [
|
|
"value"
|
|
]
|
|
},
|
|
"code_block": [
|
|
[
|
|
5,
|
|
"RUN corepack enable && corepack prepare npm@10.5.0 --activate\n"
|
|
]
|
|
],
|
|
"file_path": "/Dockerfile.test",
|
|
"file_abs_path": "/scan/Dockerfile.test",
|
|
"repo_file_path": "/Dockerfile.test",
|
|
"file_line_range": [
|
|
5,
|
|
5
|
|
],
|
|
"resource": "/Dockerfile.test.RUN",
|
|
"evaluations": null,
|
|
"check_class": "checkov.common.graph.checks_infra.base_check",
|
|
"fixed_definition": null,
|
|
"entity_tags": null,
|
|
"caller_file_path": null,
|
|
"caller_file_line_range": null,
|
|
"resource_address": null,
|
|
"severity": null,
|
|
"bc_category": null,
|
|
"benchmarks": null,
|
|
"description": null,
|
|
"short_description": null,
|
|
"vulnerability_details": null,
|
|
"connected_node": null,
|
|
"guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-node-tls-secure",
|
|
"details": [],
|
|
"check_len": null,
|
|
"definition_context_file_path": null
|
|
},
|
|
{
|
|
"check_id": "CKV2_DOCKER_6",
|
|
"bc_check_id": null,
|
|
"check_name": "Ensure that certificate validation isn't disabled with the NODE_TLS_REJECT_UNAUTHORIZED environment variable",
|
|
"check_result": {
|
|
"result": "PASSED",
|
|
"entity": {
|
|
"block_name_": "RUN",
|
|
"block_type_": "resource",
|
|
"file_path_": "/Dockerfile.test",
|
|
"config_": {
|
|
"content": "RUN npm install\n",
|
|
"value": "npm install",
|
|
"__startline__": 10,
|
|
"__endline__": 10
|
|
},
|
|
"label_": "resource: RUN",
|
|
"id_": "RUN",
|
|
"source_": "Dockerfile",
|
|
"content": "RUN npm install\n",
|
|
"value": "npm install",
|
|
"__startline__": 10,
|
|
"__endline__": 10,
|
|
"resource_type": "RUN",
|
|
"hash": "fb809e4860a3131df821aea9480445cc6e2f66dd52744dab5f3d2ef5b2848436"
|
|
},
|
|
"evaluated_keys": [
|
|
"value"
|
|
]
|
|
},
|
|
"code_block": [
|
|
[
|
|
11,
|
|
"RUN npm install\n"
|
|
]
|
|
],
|
|
"file_path": "/Dockerfile.test",
|
|
"file_abs_path": "/scan/Dockerfile.test",
|
|
"repo_file_path": "/Dockerfile.test",
|
|
"file_line_range": [
|
|
11,
|
|
11
|
|
],
|
|
"resource": "/Dockerfile.test.RUN",
|
|
"evaluations": null,
|
|
"check_class": "checkov.common.graph.checks_infra.base_check",
|
|
"fixed_definition": null,
|
|
"entity_tags": null,
|
|
"caller_file_path": null,
|
|
"caller_file_line_range": null,
|
|
"resource_address": null,
|
|
"severity": null,
|
|
"bc_category": null,
|
|
"benchmarks": null,
|
|
"description": null,
|
|
"short_description": null,
|
|
"vulnerability_details": null,
|
|
"connected_node": null,
|
|
"guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-node-tls-secure",
|
|
"details": [],
|
|
"check_len": null,
|
|
"definition_context_file_path": null
|
|
},
|
|
{
|
|
"check_id": "CKV2_DOCKER_6",
|
|
"bc_check_id": null,
|
|
"check_name": "Ensure that certificate validation isn't disabled with the NODE_TLS_REJECT_UNAUTHORIZED environment variable",
|
|
"check_result": {
|
|
"result": "PASSED",
|
|
"entity": {
|
|
"block_name_": "ENV",
|
|
"block_type_": "resource",
|
|
"file_path_": "/Dockerfile.test",
|
|
"config_": {
|
|
"content": "ENV NODE_ENV=test\n",
|
|
"value": "NODE_ENV=test",
|
|
"__startline__": 12,
|
|
"__endline__": 12
|
|
},
|
|
"label_": "resource: ENV",
|
|
"id_": "ENV",
|
|
"source_": "Dockerfile",
|
|
"content": "ENV NODE_ENV=test\n",
|
|
"value": "NODE_ENV=test",
|
|
"__startline__": 12,
|
|
"__endline__": 12,
|
|
"resource_type": "ENV",
|
|
"hash": "14d83a642c69d4cf67fcdbeb6dace7ba464024fdcad52f8129d63c78042457cb"
|
|
},
|
|
"evaluated_keys": [
|
|
"value"
|
|
]
|
|
},
|
|
"code_block": [
|
|
[
|
|
13,
|
|
"ENV NODE_ENV=test\n"
|
|
]
|
|
],
|
|
"file_path": "/Dockerfile.test",
|
|
"file_abs_path": "/scan/Dockerfile.test",
|
|
"repo_file_path": "/Dockerfile.test",
|
|
"file_line_range": [
|
|
13,
|
|
13
|
|
],
|
|
"resource": "/Dockerfile.test.ENV",
|
|
"evaluations": null,
|
|
"check_class": "checkov.common.graph.checks_infra.base_check",
|
|
"fixed_definition": null,
|
|
"entity_tags": null,
|
|
"caller_file_path": null,
|
|
"caller_file_line_range": null,
|
|
"resource_address": null,
|
|
"severity": null,
|
|
"bc_category": null,
|
|
"benchmarks": null,
|
|
"description": null,
|
|
"short_description": null,
|
|
"vulnerability_details": null,
|
|
"connected_node": null,
|
|
"guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-node-tls-secure",
|
|
"details": [],
|
|
"check_len": null,
|
|
"definition_context_file_path": null
|
|
},
|
|
{
|
|
"check_id": "CKV2_DOCKER_6",
|
|
"bc_check_id": null,
|
|
"check_name": "Ensure that certificate validation isn't disabled with the NODE_TLS_REJECT_UNAUTHORIZED environment variable",
|
|
"check_result": {
|
|
"result": "PASSED",
|
|
"entity": {
|
|
"block_name_": "RUN",
|
|
"block_type_": "resource",
|
|
"file_path_": "/Dockerfile.dev",
|
|
"config_": {
|
|
"content": "RUN npm install -g npm@10.5.0 --no-fund --no-audit\n",
|
|
"value": "npm install -g npm@10.5.0 --no-fund --no-audit",
|
|
"__startline__": 4,
|
|
"__endline__": 4
|
|
},
|
|
"label_": "resource: RUN",
|
|
"id_": "RUN",
|
|
"source_": "Dockerfile",
|
|
"content": "RUN npm install -g npm@10.5.0 --no-fund --no-audit\n",
|
|
"value": "npm install -g npm@10.5.0 --no-fund --no-audit",
|
|
"__startline__": 4,
|
|
"__endline__": 4,
|
|
"resource_type": "RUN",
|
|
"hash": "435bba968d1d0b4c410ea33851637829a16b2ad878f0b9531a737c7a444f91b9"
|
|
},
|
|
"evaluated_keys": [
|
|
"value"
|
|
]
|
|
},
|
|
"code_block": [
|
|
[
|
|
5,
|
|
"RUN npm install -g npm@10.5.0 --no-fund --no-audit\n"
|
|
]
|
|
],
|
|
"file_path": "/Dockerfile.dev",
|
|
"file_abs_path": "/scan/Dockerfile.dev",
|
|
"repo_file_path": "/Dockerfile.dev",
|
|
"file_line_range": [
|
|
5,
|
|
5
|
|
],
|
|
"resource": "/Dockerfile.dev.RUN",
|
|
"evaluations": null,
|
|
"check_class": "checkov.common.graph.checks_infra.base_check",
|
|
"fixed_definition": null,
|
|
"entity_tags": null,
|
|
"caller_file_path": null,
|
|
"caller_file_line_range": null,
|
|
"resource_address": null,
|
|
"severity": null,
|
|
"bc_category": null,
|
|
"benchmarks": null,
|
|
"description": null,
|
|
"short_description": null,
|
|
"vulnerability_details": null,
|
|
"connected_node": null,
|
|
"guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-node-tls-secure",
|
|
"details": [],
|
|
"check_len": null,
|
|
"definition_context_file_path": null
|
|
},
|
|
{
|
|
"check_id": "CKV2_DOCKER_6",
|
|
"bc_check_id": null,
|
|
"check_name": "Ensure that certificate validation isn't disabled with the NODE_TLS_REJECT_UNAUTHORIZED environment variable",
|
|
"check_result": {
|
|
"result": "PASSED",
|
|
"entity": {
|
|
"block_name_": "RUN",
|
|
"block_type_": "resource",
|
|
"file_path_": "/Dockerfile.dev",
|
|
"config_": {
|
|
"content": "RUN npm ci --no-fund --no-audit\n",
|
|
"value": "npm ci --no-fund --no-audit",
|
|
"__startline__": 10,
|
|
"__endline__": 10
|
|
},
|
|
"label_": "resource: RUN",
|
|
"id_": "RUN",
|
|
"source_": "Dockerfile",
|
|
"content": "RUN npm ci --no-fund --no-audit\n",
|
|
"value": "npm ci --no-fund --no-audit",
|
|
"__startline__": 10,
|
|
"__endline__": 10,
|
|
"resource_type": "RUN",
|
|
"hash": "57abb1bbe03890ab19f47e5f96b9cbcee02aab65f6980d523df42faf41b709fa"
|
|
},
|
|
"evaluated_keys": [
|
|
"value"
|
|
]
|
|
},
|
|
"code_block": [
|
|
[
|
|
11,
|
|
"RUN npm ci --no-fund --no-audit\n"
|
|
]
|
|
],
|
|
"file_path": "/Dockerfile.dev",
|
|
"file_abs_path": "/scan/Dockerfile.dev",
|
|
"repo_file_path": "/Dockerfile.dev",
|
|
"file_line_range": [
|
|
11,
|
|
11
|
|
],
|
|
"resource": "/Dockerfile.dev.RUN",
|
|
"evaluations": null,
|
|
"check_class": "checkov.common.graph.checks_infra.base_check",
|
|
"fixed_definition": null,
|
|
"entity_tags": null,
|
|
"caller_file_path": null,
|
|
"caller_file_line_range": null,
|
|
"resource_address": null,
|
|
"severity": null,
|
|
"bc_category": null,
|
|
"benchmarks": null,
|
|
"description": null,
|
|
"short_description": null,
|
|
"vulnerability_details": null,
|
|
"connected_node": null,
|
|
"guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-node-tls-secure",
|
|
"details": [],
|
|
"check_len": null,
|
|
"definition_context_file_path": null
|
|
},
|
|
{
|
|
"check_id": "CKV2_DOCKER_11",
|
|
"bc_check_id": null,
|
|
"check_name": "Ensure that the '--force-yes' option is not used, as it disables signature validation and allows packages to be downgraded which can leave the system in a broken or inconsistent state",
|
|
"check_result": {
|
|
"result": "PASSED",
|
|
"entity": {
|
|
"block_name_": "RUN",
|
|
"block_type_": "resource",
|
|
"file_path_": "/Dockerfile.production",
|
|
"config_": {
|
|
"content": "RUN corepack enable && corepack prepare npm@10.5.0 --activate\n",
|
|
"value": "corepack enable && corepack prepare npm@10.5.0 --activate",
|
|
"__startline__": 4,
|
|
"__endline__": 4
|
|
},
|
|
"label_": "resource: RUN",
|
|
"id_": "RUN",
|
|
"source_": "Dockerfile",
|
|
"content": "RUN corepack enable && corepack prepare npm@10.5.0 --activate\n",
|
|
"value": "corepack enable && corepack prepare npm@10.5.0 --activate",
|
|
"__startline__": 4,
|
|
"__endline__": 4,
|
|
"resource_type": "RUN",
|
|
"hash": "dbd32b6bad6b728919787011f82d60c50d7b2d1c079f814de2b1640696c98816"
|
|
},
|
|
"evaluated_keys": [
|
|
"value"
|
|
]
|
|
},
|
|
"code_block": [
|
|
[
|
|
5,
|
|
"RUN corepack enable && corepack prepare npm@10.5.0 --activate\n"
|
|
]
|
|
],
|
|
"file_path": "/Dockerfile.production",
|
|
"file_abs_path": "/scan/Dockerfile.production",
|
|
"repo_file_path": "/Dockerfile.production",
|
|
"file_line_range": [
|
|
5,
|
|
5
|
|
],
|
|
"resource": "/Dockerfile.production.RUN",
|
|
"evaluations": null,
|
|
"check_class": "checkov.common.graph.checks_infra.base_check",
|
|
"fixed_definition": null,
|
|
"entity_tags": null,
|
|
"caller_file_path": null,
|
|
"caller_file_line_range": null,
|
|
"resource_address": null,
|
|
"severity": null,
|
|
"bc_category": null,
|
|
"benchmarks": null,
|
|
"description": null,
|
|
"short_description": null,
|
|
"vulnerability_details": null,
|
|
"connected_node": null,
|
|
"guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-apt-force",
|
|
"details": [],
|
|
"check_len": null,
|
|
"definition_context_file_path": null
|
|
},
|
|
{
|
|
"check_id": "CKV2_DOCKER_11",
|
|
"bc_check_id": null,
|
|
"check_name": "Ensure that the '--force-yes' option is not used, as it disables signature validation and allows packages to be downgraded which can leave the system in a broken or inconsistent state",
|
|
"check_result": {
|
|
"result": "PASSED",
|
|
"entity": {
|
|
"block_name_": "RUN",
|
|
"block_type_": "resource",
|
|
"file_path_": "/Dockerfile.production",
|
|
"config_": {
|
|
"content": "RUN npm install\n",
|
|
"value": "npm install",
|
|
"__startline__": 20,
|
|
"__endline__": 20
|
|
},
|
|
"label_": "resource: RUN",
|
|
"id_": "RUN",
|
|
"source_": "Dockerfile",
|
|
"content": "RUN npm install\n",
|
|
"value": "npm install",
|
|
"__startline__": 20,
|
|
"__endline__": 20,
|
|
"resource_type": "RUN",
|
|
"hash": "6979b14e6a853ac150ffef85c5e28fd49c956054ea2cb1d01440e13b17260c4a"
|
|
},
|
|
"evaluated_keys": [
|
|
"value"
|
|
]
|
|
},
|
|
"code_block": [
|
|
[
|
|
21,
|
|
"RUN npm install\n"
|
|
]
|
|
],
|
|
"file_path": "/Dockerfile.production",
|
|
"file_abs_path": "/scan/Dockerfile.production",
|
|
"repo_file_path": "/Dockerfile.production",
|
|
"file_line_range": [
|
|
21,
|
|
21
|
|
],
|
|
"resource": "/Dockerfile.production.RUN",
|
|
"evaluations": null,
|
|
"check_class": "checkov.common.graph.checks_infra.base_check",
|
|
"fixed_definition": null,
|
|
"entity_tags": null,
|
|
"caller_file_path": null,
|
|
"caller_file_line_range": null,
|
|
"resource_address": null,
|
|
"severity": null,
|
|
"bc_category": null,
|
|
"benchmarks": null,
|
|
"description": null,
|
|
"short_description": null,
|
|
"vulnerability_details": null,
|
|
"connected_node": null,
|
|
"guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-apt-force",
|
|
"details": [],
|
|
"check_len": null,
|
|
"definition_context_file_path": null
|
|
},
|
|
{
|
|
"check_id": "CKV2_DOCKER_11",
|
|
"bc_check_id": null,
|
|
"check_name": "Ensure that the '--force-yes' option is not used, as it disables signature validation and allows packages to be downgraded which can leave the system in a broken or inconsistent state",
|
|
"check_result": {
|
|
"result": "PASSED",
|
|
"entity": {
|
|
"block_name_": "RUN",
|
|
"block_type_": "resource",
|
|
"file_path_": "/Dockerfile.production",
|
|
"config_": {
|
|
"content": "RUN npm run db:generate\n",
|
|
"value": "npm run db:generate",
|
|
"__startline__": 21,
|
|
"__endline__": 21
|
|
},
|
|
"label_": "resource: RUN",
|
|
"id_": "RUN",
|
|
"source_": "Dockerfile",
|
|
"content": "RUN npm run db:generate\n",
|
|
"value": "npm run db:generate",
|
|
"__startline__": 21,
|
|
"__endline__": 21,
|
|
"resource_type": "RUN",
|
|
"hash": "c1f9cc0c42260bb0183d7e7b9ec2edab99837111ad42dbbdd7fad09ff3e37ab0"
|
|
},
|
|
"evaluated_keys": [
|
|
"value"
|
|
]
|
|
},
|
|
"code_block": [
|
|
[
|
|
22,
|
|
"RUN npm run db:generate\n"
|
|
]
|
|
],
|
|
"file_path": "/Dockerfile.production",
|
|
"file_abs_path": "/scan/Dockerfile.production",
|
|
"repo_file_path": "/Dockerfile.production",
|
|
"file_line_range": [
|
|
22,
|
|
22
|
|
],
|
|
"resource": "/Dockerfile.production.RUN",
|
|
"evaluations": null,
|
|
"check_class": "checkov.common.graph.checks_infra.base_check",
|
|
"fixed_definition": null,
|
|
"entity_tags": null,
|
|
"caller_file_path": null,
|
|
"caller_file_line_range": null,
|
|
"resource_address": null,
|
|
"severity": null,
|
|
"bc_category": null,
|
|
"benchmarks": null,
|
|
"description": null,
|
|
"short_description": null,
|
|
"vulnerability_details": null,
|
|
"connected_node": null,
|
|
"guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-apt-force",
|
|
"details": [],
|
|
"check_len": null,
|
|
"definition_context_file_path": null
|
|
},
|
|
{
|
|
"check_id": "CKV2_DOCKER_11",
|
|
"bc_check_id": null,
|
|
"check_name": "Ensure that the '--force-yes' option is not used, as it disables signature validation and allows packages to be downgraded which can leave the system in a broken or inconsistent state",
|
|
"check_result": {
|
|
"result": "PASSED",
|
|
"entity": {
|
|
"block_name_": "RUN",
|
|
"block_type_": "resource",
|
|
"file_path_": "/Dockerfile.production",
|
|
"config_": {
|
|
"content": "RUN npm run build\n",
|
|
"value": "npm run build",
|
|
"__startline__": 22,
|
|
"__endline__": 22
|
|
},
|
|
"label_": "resource: RUN",
|
|
"id_": "RUN",
|
|
"source_": "Dockerfile",
|
|
"content": "RUN npm run build\n",
|
|
"value": "npm run build",
|
|
"__startline__": 22,
|
|
"__endline__": 22,
|
|
"resource_type": "RUN",
|
|
"hash": "1bf185fb6038f1b491f2a2686de4dd9869ccdd9c3e34d2772cf43bd368377aa6"
|
|
},
|
|
"evaluated_keys": [
|
|
"value"
|
|
]
|
|
},
|
|
"code_block": [
|
|
[
|
|
23,
|
|
"RUN npm run build\n"
|
|
]
|
|
],
|
|
"file_path": "/Dockerfile.production",
|
|
"file_abs_path": "/scan/Dockerfile.production",
|
|
"repo_file_path": "/Dockerfile.production",
|
|
"file_line_range": [
|
|
23,
|
|
23
|
|
],
|
|
"resource": "/Dockerfile.production.RUN",
|
|
"evaluations": null,
|
|
"check_class": "checkov.common.graph.checks_infra.base_check",
|
|
"fixed_definition": null,
|
|
"entity_tags": null,
|
|
"caller_file_path": null,
|
|
"caller_file_line_range": null,
|
|
"resource_address": null,
|
|
"severity": null,
|
|
"bc_category": null,
|
|
"benchmarks": null,
|
|
"description": null,
|
|
"short_description": null,
|
|
"vulnerability_details": null,
|
|
"connected_node": null,
|
|
"guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-apt-force",
|
|
"details": [],
|
|
"check_len": null,
|
|
"definition_context_file_path": null
|
|
},
|
|
{
|
|
"check_id": "CKV2_DOCKER_11",
|
|
"bc_check_id": null,
|
|
"check_name": "Ensure that the '--force-yes' option is not used, as it disables signature validation and allows packages to be downgraded which can leave the system in a broken or inconsistent state",
|
|
"check_result": {
|
|
"result": "PASSED",
|
|
"entity": {
|
|
"block_name_": "RUN",
|
|
"block_type_": "resource",
|
|
"file_path_": "/Dockerfile.production",
|
|
"config_": {
|
|
"content": "RUN corepack enable && corepack prepare npm@10.5.0 --activate\n",
|
|
"value": "corepack enable && corepack prepare npm@10.5.0 --activate",
|
|
"__startline__": 30,
|
|
"__endline__": 30
|
|
},
|
|
"label_": "resource: RUN",
|
|
"id_": "RUN",
|
|
"source_": "Dockerfile",
|
|
"content": "RUN corepack enable && corepack prepare npm@10.5.0 --activate\n",
|
|
"value": "corepack enable && corepack prepare npm@10.5.0 --activate",
|
|
"__startline__": 30,
|
|
"__endline__": 30,
|
|
"resource_type": "RUN",
|
|
"hash": "01c88e306f7db45ae7136e3bdb63c4b15978dd024f6ed18210961fc3db3df382"
|
|
},
|
|
"evaluated_keys": [
|
|
"value"
|
|
]
|
|
},
|
|
"code_block": [
|
|
[
|
|
31,
|
|
"RUN corepack enable && corepack prepare npm@10.5.0 --activate\n"
|
|
]
|
|
],
|
|
"file_path": "/Dockerfile.production",
|
|
"file_abs_path": "/scan/Dockerfile.production",
|
|
"repo_file_path": "/Dockerfile.production",
|
|
"file_line_range": [
|
|
31,
|
|
31
|
|
],
|
|
"resource": "/Dockerfile.production.RUN",
|
|
"evaluations": null,
|
|
"check_class": "checkov.common.graph.checks_infra.base_check",
|
|
"fixed_definition": null,
|
|
"entity_tags": null,
|
|
"caller_file_path": null,
|
|
"caller_file_line_range": null,
|
|
"resource_address": null,
|
|
"severity": null,
|
|
"bc_category": null,
|
|
"benchmarks": null,
|
|
"description": null,
|
|
"short_description": null,
|
|
"vulnerability_details": null,
|
|
"connected_node": null,
|
|
"guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-apt-force",
|
|
"details": [],
|
|
"check_len": null,
|
|
"definition_context_file_path": null
|
|
},
|
|
{
|
|
"check_id": "CKV2_DOCKER_11",
|
|
"bc_check_id": null,
|
|
"check_name": "Ensure that the '--force-yes' option is not used, as it disables signature validation and allows packages to be downgraded which can leave the system in a broken or inconsistent state",
|
|
"check_result": {
|
|
"result": "PASSED",
|
|
"entity": {
|
|
"block_name_": "RUN",
|
|
"block_type_": "resource",
|
|
"file_path_": "/Dockerfile.test",
|
|
"config_": {
|
|
"content": "RUN corepack enable && corepack prepare npm@10.5.0 --activate\n",
|
|
"value": "corepack enable && corepack prepare npm@10.5.0 --activate",
|
|
"__startline__": 4,
|
|
"__endline__": 4
|
|
},
|
|
"label_": "resource: RUN",
|
|
"id_": "RUN",
|
|
"source_": "Dockerfile",
|
|
"content": "RUN corepack enable && corepack prepare npm@10.5.0 --activate\n",
|
|
"value": "corepack enable && corepack prepare npm@10.5.0 --activate",
|
|
"__startline__": 4,
|
|
"__endline__": 4,
|
|
"resource_type": "RUN",
|
|
"hash": "1d5fb0a211498b8baf37e5744578ad03459da7798534298981f23fdefb7eb757"
|
|
},
|
|
"evaluated_keys": [
|
|
"value"
|
|
]
|
|
},
|
|
"code_block": [
|
|
[
|
|
5,
|
|
"RUN corepack enable && corepack prepare npm@10.5.0 --activate\n"
|
|
]
|
|
],
|
|
"file_path": "/Dockerfile.test",
|
|
"file_abs_path": "/scan/Dockerfile.test",
|
|
"repo_file_path": "/Dockerfile.test",
|
|
"file_line_range": [
|
|
5,
|
|
5
|
|
],
|
|
"resource": "/Dockerfile.test.RUN",
|
|
"evaluations": null,
|
|
"check_class": "checkov.common.graph.checks_infra.base_check",
|
|
"fixed_definition": null,
|
|
"entity_tags": null,
|
|
"caller_file_path": null,
|
|
"caller_file_line_range": null,
|
|
"resource_address": null,
|
|
"severity": null,
|
|
"bc_category": null,
|
|
"benchmarks": null,
|
|
"description": null,
|
|
"short_description": null,
|
|
"vulnerability_details": null,
|
|
"connected_node": null,
|
|
"guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-apt-force",
|
|
"details": [],
|
|
"check_len": null,
|
|
"definition_context_file_path": null
|
|
},
|
|
{
|
|
"check_id": "CKV2_DOCKER_11",
|
|
"bc_check_id": null,
|
|
"check_name": "Ensure that the '--force-yes' option is not used, as it disables signature validation and allows packages to be downgraded which can leave the system in a broken or inconsistent state",
|
|
"check_result": {
|
|
"result": "PASSED",
|
|
"entity": {
|
|
"block_name_": "RUN",
|
|
"block_type_": "resource",
|
|
"file_path_": "/Dockerfile.test",
|
|
"config_": {
|
|
"content": "RUN npm install\n",
|
|
"value": "npm install",
|
|
"__startline__": 10,
|
|
"__endline__": 10
|
|
},
|
|
"label_": "resource: RUN",
|
|
"id_": "RUN",
|
|
"source_": "Dockerfile",
|
|
"content": "RUN npm install\n",
|
|
"value": "npm install",
|
|
"__startline__": 10,
|
|
"__endline__": 10,
|
|
"resource_type": "RUN",
|
|
"hash": "fb809e4860a3131df821aea9480445cc6e2f66dd52744dab5f3d2ef5b2848436"
|
|
},
|
|
"evaluated_keys": [
|
|
"value"
|
|
]
|
|
},
|
|
"code_block": [
|
|
[
|
|
11,
|
|
"RUN npm install\n"
|
|
]
|
|
],
|
|
"file_path": "/Dockerfile.test",
|
|
"file_abs_path": "/scan/Dockerfile.test",
|
|
"repo_file_path": "/Dockerfile.test",
|
|
"file_line_range": [
|
|
11,
|
|
11
|
|
],
|
|
"resource": "/Dockerfile.test.RUN",
|
|
"evaluations": null,
|
|
"check_class": "checkov.common.graph.checks_infra.base_check",
|
|
"fixed_definition": null,
|
|
"entity_tags": null,
|
|
"caller_file_path": null,
|
|
"caller_file_line_range": null,
|
|
"resource_address": null,
|
|
"severity": null,
|
|
"bc_category": null,
|
|
"benchmarks": null,
|
|
"description": null,
|
|
"short_description": null,
|
|
"vulnerability_details": null,
|
|
"connected_node": null,
|
|
"guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-apt-force",
|
|
"details": [],
|
|
"check_len": null,
|
|
"definition_context_file_path": null
|
|
},
|
|
{
|
|
"check_id": "CKV2_DOCKER_11",
|
|
"bc_check_id": null,
|
|
"check_name": "Ensure that the '--force-yes' option is not used, as it disables signature validation and allows packages to be downgraded which can leave the system in a broken or inconsistent state",
|
|
"check_result": {
|
|
"result": "PASSED",
|
|
"entity": {
|
|
"block_name_": "RUN",
|
|
"block_type_": "resource",
|
|
"file_path_": "/Dockerfile.dev",
|
|
"config_": {
|
|
"content": "RUN npm install -g npm@10.5.0 --no-fund --no-audit\n",
|
|
"value": "npm install -g npm@10.5.0 --no-fund --no-audit",
|
|
"__startline__": 4,
|
|
"__endline__": 4
|
|
},
|
|
"label_": "resource: RUN",
|
|
"id_": "RUN",
|
|
"source_": "Dockerfile",
|
|
"content": "RUN npm install -g npm@10.5.0 --no-fund --no-audit\n",
|
|
"value": "npm install -g npm@10.5.0 --no-fund --no-audit",
|
|
"__startline__": 4,
|
|
"__endline__": 4,
|
|
"resource_type": "RUN",
|
|
"hash": "435bba968d1d0b4c410ea33851637829a16b2ad878f0b9531a737c7a444f91b9"
|
|
},
|
|
"evaluated_keys": [
|
|
"value"
|
|
]
|
|
},
|
|
"code_block": [
|
|
[
|
|
5,
|
|
"RUN npm install -g npm@10.5.0 --no-fund --no-audit\n"
|
|
]
|
|
],
|
|
"file_path": "/Dockerfile.dev",
|
|
"file_abs_path": "/scan/Dockerfile.dev",
|
|
"repo_file_path": "/Dockerfile.dev",
|
|
"file_line_range": [
|
|
5,
|
|
5
|
|
],
|
|
"resource": "/Dockerfile.dev.RUN",
|
|
"evaluations": null,
|
|
"check_class": "checkov.common.graph.checks_infra.base_check",
|
|
"fixed_definition": null,
|
|
"entity_tags": null,
|
|
"caller_file_path": null,
|
|
"caller_file_line_range": null,
|
|
"resource_address": null,
|
|
"severity": null,
|
|
"bc_category": null,
|
|
"benchmarks": null,
|
|
"description": null,
|
|
"short_description": null,
|
|
"vulnerability_details": null,
|
|
"connected_node": null,
|
|
"guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-apt-force",
|
|
"details": [],
|
|
"check_len": null,
|
|
"definition_context_file_path": null
|
|
},
|
|
{
|
|
"check_id": "CKV2_DOCKER_11",
|
|
"bc_check_id": null,
|
|
"check_name": "Ensure that the '--force-yes' option is not used, as it disables signature validation and allows packages to be downgraded which can leave the system in a broken or inconsistent state",
|
|
"check_result": {
|
|
"result": "PASSED",
|
|
"entity": {
|
|
"block_name_": "RUN",
|
|
"block_type_": "resource",
|
|
"file_path_": "/Dockerfile.dev",
|
|
"config_": {
|
|
"content": "RUN npm ci --no-fund --no-audit\n",
|
|
"value": "npm ci --no-fund --no-audit",
|
|
"__startline__": 10,
|
|
"__endline__": 10
|
|
},
|
|
"label_": "resource: RUN",
|
|
"id_": "RUN",
|
|
"source_": "Dockerfile",
|
|
"content": "RUN npm ci --no-fund --no-audit\n",
|
|
"value": "npm ci --no-fund --no-audit",
|
|
"__startline__": 10,
|
|
"__endline__": 10,
|
|
"resource_type": "RUN",
|
|
"hash": "57abb1bbe03890ab19f47e5f96b9cbcee02aab65f6980d523df42faf41b709fa"
|
|
},
|
|
"evaluated_keys": [
|
|
"value"
|
|
]
|
|
},
|
|
"code_block": [
|
|
[
|
|
11,
|
|
"RUN npm ci --no-fund --no-audit\n"
|
|
]
|
|
],
|
|
"file_path": "/Dockerfile.dev",
|
|
"file_abs_path": "/scan/Dockerfile.dev",
|
|
"repo_file_path": "/Dockerfile.dev",
|
|
"file_line_range": [
|
|
11,
|
|
11
|
|
],
|
|
"resource": "/Dockerfile.dev.RUN",
|
|
"evaluations": null,
|
|
"check_class": "checkov.common.graph.checks_infra.base_check",
|
|
"fixed_definition": null,
|
|
"entity_tags": null,
|
|
"caller_file_path": null,
|
|
"caller_file_line_range": null,
|
|
"resource_address": null,
|
|
"severity": null,
|
|
"bc_category": null,
|
|
"benchmarks": null,
|
|
"description": null,
|
|
"short_description": null,
|
|
"vulnerability_details": null,
|
|
"connected_node": null,
|
|
"guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-apt-force",
|
|
"details": [],
|
|
"check_len": null,
|
|
"definition_context_file_path": null
|
|
},
|
|
{
|
|
"check_id": "CKV2_DOCKER_3",
|
|
"bc_check_id": null,
|
|
"check_name": "Ensure that certificate validation isn't disabled with wget",
|
|
"check_result": {
|
|
"result": "PASSED",
|
|
"entity": {
|
|
"block_name_": "RUN",
|
|
"block_type_": "resource",
|
|
"file_path_": "/Dockerfile.production",
|
|
"config_": {
|
|
"content": "RUN corepack enable && corepack prepare npm@10.5.0 --activate\n",
|
|
"value": "corepack enable && corepack prepare npm@10.5.0 --activate",
|
|
"__startline__": 4,
|
|
"__endline__": 4
|
|
},
|
|
"label_": "resource: RUN",
|
|
"id_": "RUN",
|
|
"source_": "Dockerfile",
|
|
"content": "RUN corepack enable && corepack prepare npm@10.5.0 --activate\n",
|
|
"value": "corepack enable && corepack prepare npm@10.5.0 --activate",
|
|
"__startline__": 4,
|
|
"__endline__": 4,
|
|
"resource_type": "RUN",
|
|
"hash": "dbd32b6bad6b728919787011f82d60c50d7b2d1c079f814de2b1640696c98816"
|
|
},
|
|
"evaluated_keys": [
|
|
"value"
|
|
]
|
|
},
|
|
"code_block": [
|
|
[
|
|
5,
|
|
"RUN corepack enable && corepack prepare npm@10.5.0 --activate\n"
|
|
]
|
|
],
|
|
"file_path": "/Dockerfile.production",
|
|
"file_abs_path": "/scan/Dockerfile.production",
|
|
"repo_file_path": "/Dockerfile.production",
|
|
"file_line_range": [
|
|
5,
|
|
5
|
|
],
|
|
"resource": "/Dockerfile.production.RUN",
|
|
"evaluations": null,
|
|
"check_class": "checkov.common.graph.checks_infra.base_check",
|
|
"fixed_definition": null,
|
|
"entity_tags": null,
|
|
"caller_file_path": null,
|
|
"caller_file_line_range": null,
|
|
"resource_address": null,
|
|
"severity": null,
|
|
"bc_category": null,
|
|
"benchmarks": null,
|
|
"description": null,
|
|
"short_description": null,
|
|
"vulnerability_details": null,
|
|
"connected_node": null,
|
|
"guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-wget-secure",
|
|
"details": [],
|
|
"check_len": null,
|
|
"definition_context_file_path": null
|
|
},
|
|
{
|
|
"check_id": "CKV2_DOCKER_3",
|
|
"bc_check_id": null,
|
|
"check_name": "Ensure that certificate validation isn't disabled with wget",
|
|
"check_result": {
|
|
"result": "PASSED",
|
|
"entity": {
|
|
"block_name_": "RUN",
|
|
"block_type_": "resource",
|
|
"file_path_": "/Dockerfile.production",
|
|
"config_": {
|
|
"content": "RUN npm install\n",
|
|
"value": "npm install",
|
|
"__startline__": 20,
|
|
"__endline__": 20
|
|
},
|
|
"label_": "resource: RUN",
|
|
"id_": "RUN",
|
|
"source_": "Dockerfile",
|
|
"content": "RUN npm install\n",
|
|
"value": "npm install",
|
|
"__startline__": 20,
|
|
"__endline__": 20,
|
|
"resource_type": "RUN",
|
|
"hash": "6979b14e6a853ac150ffef85c5e28fd49c956054ea2cb1d01440e13b17260c4a"
|
|
},
|
|
"evaluated_keys": [
|
|
"value"
|
|
]
|
|
},
|
|
"code_block": [
|
|
[
|
|
21,
|
|
"RUN npm install\n"
|
|
]
|
|
],
|
|
"file_path": "/Dockerfile.production",
|
|
"file_abs_path": "/scan/Dockerfile.production",
|
|
"repo_file_path": "/Dockerfile.production",
|
|
"file_line_range": [
|
|
21,
|
|
21
|
|
],
|
|
"resource": "/Dockerfile.production.RUN",
|
|
"evaluations": null,
|
|
"check_class": "checkov.common.graph.checks_infra.base_check",
|
|
"fixed_definition": null,
|
|
"entity_tags": null,
|
|
"caller_file_path": null,
|
|
"caller_file_line_range": null,
|
|
"resource_address": null,
|
|
"severity": null,
|
|
"bc_category": null,
|
|
"benchmarks": null,
|
|
"description": null,
|
|
"short_description": null,
|
|
"vulnerability_details": null,
|
|
"connected_node": null,
|
|
"guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-wget-secure",
|
|
"details": [],
|
|
"check_len": null,
|
|
"definition_context_file_path": null
|
|
},
|
|
{
|
|
"check_id": "CKV2_DOCKER_3",
|
|
"bc_check_id": null,
|
|
"check_name": "Ensure that certificate validation isn't disabled with wget",
|
|
"check_result": {
|
|
"result": "PASSED",
|
|
"entity": {
|
|
"block_name_": "RUN",
|
|
"block_type_": "resource",
|
|
"file_path_": "/Dockerfile.production",
|
|
"config_": {
|
|
"content": "RUN npm run db:generate\n",
|
|
"value": "npm run db:generate",
|
|
"__startline__": 21,
|
|
"__endline__": 21
|
|
},
|
|
"label_": "resource: RUN",
|
|
"id_": "RUN",
|
|
"source_": "Dockerfile",
|
|
"content": "RUN npm run db:generate\n",
|
|
"value": "npm run db:generate",
|
|
"__startline__": 21,
|
|
"__endline__": 21,
|
|
"resource_type": "RUN",
|
|
"hash": "c1f9cc0c42260bb0183d7e7b9ec2edab99837111ad42dbbdd7fad09ff3e37ab0"
|
|
},
|
|
"evaluated_keys": [
|
|
"value"
|
|
]
|
|
},
|
|
"code_block": [
|
|
[
|
|
22,
|
|
"RUN npm run db:generate\n"
|
|
]
|
|
],
|
|
"file_path": "/Dockerfile.production",
|
|
"file_abs_path": "/scan/Dockerfile.production",
|
|
"repo_file_path": "/Dockerfile.production",
|
|
"file_line_range": [
|
|
22,
|
|
22
|
|
],
|
|
"resource": "/Dockerfile.production.RUN",
|
|
"evaluations": null,
|
|
"check_class": "checkov.common.graph.checks_infra.base_check",
|
|
"fixed_definition": null,
|
|
"entity_tags": null,
|
|
"caller_file_path": null,
|
|
"caller_file_line_range": null,
|
|
"resource_address": null,
|
|
"severity": null,
|
|
"bc_category": null,
|
|
"benchmarks": null,
|
|
"description": null,
|
|
"short_description": null,
|
|
"vulnerability_details": null,
|
|
"connected_node": null,
|
|
"guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-wget-secure",
|
|
"details": [],
|
|
"check_len": null,
|
|
"definition_context_file_path": null
|
|
},
|
|
{
|
|
"check_id": "CKV2_DOCKER_3",
|
|
"bc_check_id": null,
|
|
"check_name": "Ensure that certificate validation isn't disabled with wget",
|
|
"check_result": {
|
|
"result": "PASSED",
|
|
"entity": {
|
|
"block_name_": "RUN",
|
|
"block_type_": "resource",
|
|
"file_path_": "/Dockerfile.production",
|
|
"config_": {
|
|
"content": "RUN npm run build\n",
|
|
"value": "npm run build",
|
|
"__startline__": 22,
|
|
"__endline__": 22
|
|
},
|
|
"label_": "resource: RUN",
|
|
"id_": "RUN",
|
|
"source_": "Dockerfile",
|
|
"content": "RUN npm run build\n",
|
|
"value": "npm run build",
|
|
"__startline__": 22,
|
|
"__endline__": 22,
|
|
"resource_type": "RUN",
|
|
"hash": "1bf185fb6038f1b491f2a2686de4dd9869ccdd9c3e34d2772cf43bd368377aa6"
|
|
},
|
|
"evaluated_keys": [
|
|
"value"
|
|
]
|
|
},
|
|
"code_block": [
|
|
[
|
|
23,
|
|
"RUN npm run build\n"
|
|
]
|
|
],
|
|
"file_path": "/Dockerfile.production",
|
|
"file_abs_path": "/scan/Dockerfile.production",
|
|
"repo_file_path": "/Dockerfile.production",
|
|
"file_line_range": [
|
|
23,
|
|
23
|
|
],
|
|
"resource": "/Dockerfile.production.RUN",
|
|
"evaluations": null,
|
|
"check_class": "checkov.common.graph.checks_infra.base_check",
|
|
"fixed_definition": null,
|
|
"entity_tags": null,
|
|
"caller_file_path": null,
|
|
"caller_file_line_range": null,
|
|
"resource_address": null,
|
|
"severity": null,
|
|
"bc_category": null,
|
|
"benchmarks": null,
|
|
"description": null,
|
|
"short_description": null,
|
|
"vulnerability_details": null,
|
|
"connected_node": null,
|
|
"guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-wget-secure",
|
|
"details": [],
|
|
"check_len": null,
|
|
"definition_context_file_path": null
|
|
},
|
|
{
|
|
"check_id": "CKV2_DOCKER_3",
|
|
"bc_check_id": null,
|
|
"check_name": "Ensure that certificate validation isn't disabled with wget",
|
|
"check_result": {
|
|
"result": "PASSED",
|
|
"entity": {
|
|
"block_name_": "RUN",
|
|
"block_type_": "resource",
|
|
"file_path_": "/Dockerfile.production",
|
|
"config_": {
|
|
"content": "RUN corepack enable && corepack prepare npm@10.5.0 --activate\n",
|
|
"value": "corepack enable && corepack prepare npm@10.5.0 --activate",
|
|
"__startline__": 30,
|
|
"__endline__": 30
|
|
},
|
|
"label_": "resource: RUN",
|
|
"id_": "RUN",
|
|
"source_": "Dockerfile",
|
|
"content": "RUN corepack enable && corepack prepare npm@10.5.0 --activate\n",
|
|
"value": "corepack enable && corepack prepare npm@10.5.0 --activate",
|
|
"__startline__": 30,
|
|
"__endline__": 30,
|
|
"resource_type": "RUN",
|
|
"hash": "01c88e306f7db45ae7136e3bdb63c4b15978dd024f6ed18210961fc3db3df382"
|
|
},
|
|
"evaluated_keys": [
|
|
"value"
|
|
]
|
|
},
|
|
"code_block": [
|
|
[
|
|
31,
|
|
"RUN corepack enable && corepack prepare npm@10.5.0 --activate\n"
|
|
]
|
|
],
|
|
"file_path": "/Dockerfile.production",
|
|
"file_abs_path": "/scan/Dockerfile.production",
|
|
"repo_file_path": "/Dockerfile.production",
|
|
"file_line_range": [
|
|
31,
|
|
31
|
|
],
|
|
"resource": "/Dockerfile.production.RUN",
|
|
"evaluations": null,
|
|
"check_class": "checkov.common.graph.checks_infra.base_check",
|
|
"fixed_definition": null,
|
|
"entity_tags": null,
|
|
"caller_file_path": null,
|
|
"caller_file_line_range": null,
|
|
"resource_address": null,
|
|
"severity": null,
|
|
"bc_category": null,
|
|
"benchmarks": null,
|
|
"description": null,
|
|
"short_description": null,
|
|
"vulnerability_details": null,
|
|
"connected_node": null,
|
|
"guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-wget-secure",
|
|
"details": [],
|
|
"check_len": null,
|
|
"definition_context_file_path": null
|
|
},
|
|
{
|
|
"check_id": "CKV2_DOCKER_3",
|
|
"bc_check_id": null,
|
|
"check_name": "Ensure that certificate validation isn't disabled with wget",
|
|
"check_result": {
|
|
"result": "PASSED",
|
|
"entity": {
|
|
"block_name_": "RUN",
|
|
"block_type_": "resource",
|
|
"file_path_": "/Dockerfile.test",
|
|
"config_": {
|
|
"content": "RUN corepack enable && corepack prepare npm@10.5.0 --activate\n",
|
|
"value": "corepack enable && corepack prepare npm@10.5.0 --activate",
|
|
"__startline__": 4,
|
|
"__endline__": 4
|
|
},
|
|
"label_": "resource: RUN",
|
|
"id_": "RUN",
|
|
"source_": "Dockerfile",
|
|
"content": "RUN corepack enable && corepack prepare npm@10.5.0 --activate\n",
|
|
"value": "corepack enable && corepack prepare npm@10.5.0 --activate",
|
|
"__startline__": 4,
|
|
"__endline__": 4,
|
|
"resource_type": "RUN",
|
|
"hash": "1d5fb0a211498b8baf37e5744578ad03459da7798534298981f23fdefb7eb757"
|
|
},
|
|
"evaluated_keys": [
|
|
"value"
|
|
]
|
|
},
|
|
"code_block": [
|
|
[
|
|
5,
|
|
"RUN corepack enable && corepack prepare npm@10.5.0 --activate\n"
|
|
]
|
|
],
|
|
"file_path": "/Dockerfile.test",
|
|
"file_abs_path": "/scan/Dockerfile.test",
|
|
"repo_file_path": "/Dockerfile.test",
|
|
"file_line_range": [
|
|
5,
|
|
5
|
|
],
|
|
"resource": "/Dockerfile.test.RUN",
|
|
"evaluations": null,
|
|
"check_class": "checkov.common.graph.checks_infra.base_check",
|
|
"fixed_definition": null,
|
|
"entity_tags": null,
|
|
"caller_file_path": null,
|
|
"caller_file_line_range": null,
|
|
"resource_address": null,
|
|
"severity": null,
|
|
"bc_category": null,
|
|
"benchmarks": null,
|
|
"description": null,
|
|
"short_description": null,
|
|
"vulnerability_details": null,
|
|
"connected_node": null,
|
|
"guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-wget-secure",
|
|
"details": [],
|
|
"check_len": null,
|
|
"definition_context_file_path": null
|
|
},
|
|
{
|
|
"check_id": "CKV2_DOCKER_3",
|
|
"bc_check_id": null,
|
|
"check_name": "Ensure that certificate validation isn't disabled with wget",
|
|
"check_result": {
|
|
"result": "PASSED",
|
|
"entity": {
|
|
"block_name_": "RUN",
|
|
"block_type_": "resource",
|
|
"file_path_": "/Dockerfile.test",
|
|
"config_": {
|
|
"content": "RUN npm install\n",
|
|
"value": "npm install",
|
|
"__startline__": 10,
|
|
"__endline__": 10
|
|
},
|
|
"label_": "resource: RUN",
|
|
"id_": "RUN",
|
|
"source_": "Dockerfile",
|
|
"content": "RUN npm install\n",
|
|
"value": "npm install",
|
|
"__startline__": 10,
|
|
"__endline__": 10,
|
|
"resource_type": "RUN",
|
|
"hash": "fb809e4860a3131df821aea9480445cc6e2f66dd52744dab5f3d2ef5b2848436"
|
|
},
|
|
"evaluated_keys": [
|
|
"value"
|
|
]
|
|
},
|
|
"code_block": [
|
|
[
|
|
11,
|
|
"RUN npm install\n"
|
|
]
|
|
],
|
|
"file_path": "/Dockerfile.test",
|
|
"file_abs_path": "/scan/Dockerfile.test",
|
|
"repo_file_path": "/Dockerfile.test",
|
|
"file_line_range": [
|
|
11,
|
|
11
|
|
],
|
|
"resource": "/Dockerfile.test.RUN",
|
|
"evaluations": null,
|
|
"check_class": "checkov.common.graph.checks_infra.base_check",
|
|
"fixed_definition": null,
|
|
"entity_tags": null,
|
|
"caller_file_path": null,
|
|
"caller_file_line_range": null,
|
|
"resource_address": null,
|
|
"severity": null,
|
|
"bc_category": null,
|
|
"benchmarks": null,
|
|
"description": null,
|
|
"short_description": null,
|
|
"vulnerability_details": null,
|
|
"connected_node": null,
|
|
"guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-wget-secure",
|
|
"details": [],
|
|
"check_len": null,
|
|
"definition_context_file_path": null
|
|
},
|
|
{
|
|
"check_id": "CKV2_DOCKER_3",
|
|
"bc_check_id": null,
|
|
"check_name": "Ensure that certificate validation isn't disabled with wget",
|
|
"check_result": {
|
|
"result": "PASSED",
|
|
"entity": {
|
|
"block_name_": "RUN",
|
|
"block_type_": "resource",
|
|
"file_path_": "/Dockerfile.dev",
|
|
"config_": {
|
|
"content": "RUN npm install -g npm@10.5.0 --no-fund --no-audit\n",
|
|
"value": "npm install -g npm@10.5.0 --no-fund --no-audit",
|
|
"__startline__": 4,
|
|
"__endline__": 4
|
|
},
|
|
"label_": "resource: RUN",
|
|
"id_": "RUN",
|
|
"source_": "Dockerfile",
|
|
"content": "RUN npm install -g npm@10.5.0 --no-fund --no-audit\n",
|
|
"value": "npm install -g npm@10.5.0 --no-fund --no-audit",
|
|
"__startline__": 4,
|
|
"__endline__": 4,
|
|
"resource_type": "RUN",
|
|
"hash": "435bba968d1d0b4c410ea33851637829a16b2ad878f0b9531a737c7a444f91b9"
|
|
},
|
|
"evaluated_keys": [
|
|
"value"
|
|
]
|
|
},
|
|
"code_block": [
|
|
[
|
|
5,
|
|
"RUN npm install -g npm@10.5.0 --no-fund --no-audit\n"
|
|
]
|
|
],
|
|
"file_path": "/Dockerfile.dev",
|
|
"file_abs_path": "/scan/Dockerfile.dev",
|
|
"repo_file_path": "/Dockerfile.dev",
|
|
"file_line_range": [
|
|
5,
|
|
5
|
|
],
|
|
"resource": "/Dockerfile.dev.RUN",
|
|
"evaluations": null,
|
|
"check_class": "checkov.common.graph.checks_infra.base_check",
|
|
"fixed_definition": null,
|
|
"entity_tags": null,
|
|
"caller_file_path": null,
|
|
"caller_file_line_range": null,
|
|
"resource_address": null,
|
|
"severity": null,
|
|
"bc_category": null,
|
|
"benchmarks": null,
|
|
"description": null,
|
|
"short_description": null,
|
|
"vulnerability_details": null,
|
|
"connected_node": null,
|
|
"guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-wget-secure",
|
|
"details": [],
|
|
"check_len": null,
|
|
"definition_context_file_path": null
|
|
},
|
|
{
|
|
"check_id": "CKV2_DOCKER_3",
|
|
"bc_check_id": null,
|
|
"check_name": "Ensure that certificate validation isn't disabled with wget",
|
|
"check_result": {
|
|
"result": "PASSED",
|
|
"entity": {
|
|
"block_name_": "RUN",
|
|
"block_type_": "resource",
|
|
"file_path_": "/Dockerfile.dev",
|
|
"config_": {
|
|
"content": "RUN npm ci --no-fund --no-audit\n",
|
|
"value": "npm ci --no-fund --no-audit",
|
|
"__startline__": 10,
|
|
"__endline__": 10
|
|
},
|
|
"label_": "resource: RUN",
|
|
"id_": "RUN",
|
|
"source_": "Dockerfile",
|
|
"content": "RUN npm ci --no-fund --no-audit\n",
|
|
"value": "npm ci --no-fund --no-audit",
|
|
"__startline__": 10,
|
|
"__endline__": 10,
|
|
"resource_type": "RUN",
|
|
"hash": "57abb1bbe03890ab19f47e5f96b9cbcee02aab65f6980d523df42faf41b709fa"
|
|
},
|
|
"evaluated_keys": [
|
|
"value"
|
|
]
|
|
},
|
|
"code_block": [
|
|
[
|
|
11,
|
|
"RUN npm ci --no-fund --no-audit\n"
|
|
]
|
|
],
|
|
"file_path": "/Dockerfile.dev",
|
|
"file_abs_path": "/scan/Dockerfile.dev",
|
|
"repo_file_path": "/Dockerfile.dev",
|
|
"file_line_range": [
|
|
11,
|
|
11
|
|
],
|
|
"resource": "/Dockerfile.dev.RUN",
|
|
"evaluations": null,
|
|
"check_class": "checkov.common.graph.checks_infra.base_check",
|
|
"fixed_definition": null,
|
|
"entity_tags": null,
|
|
"caller_file_path": null,
|
|
"caller_file_line_range": null,
|
|
"resource_address": null,
|
|
"severity": null,
|
|
"bc_category": null,
|
|
"benchmarks": null,
|
|
"description": null,
|
|
"short_description": null,
|
|
"vulnerability_details": null,
|
|
"connected_node": null,
|
|
"guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-wget-secure",
|
|
"details": [],
|
|
"check_len": null,
|
|
"definition_context_file_path": null
|
|
},
|
|
{
|
|
"check_id": "CKV2_DOCKER_15",
|
|
"bc_check_id": null,
|
|
"check_name": "Ensure that the yum and dnf package managers are not configured to disable SSL certificate validation via the 'sslverify' configuration option",
|
|
"check_result": {
|
|
"result": "PASSED",
|
|
"entity": {
|
|
"block_name_": "RUN",
|
|
"block_type_": "resource",
|
|
"file_path_": "/Dockerfile.production",
|
|
"config_": {
|
|
"content": "RUN corepack enable && corepack prepare npm@10.5.0 --activate\n",
|
|
"value": "corepack enable && corepack prepare npm@10.5.0 --activate",
|
|
"__startline__": 4,
|
|
"__endline__": 4
|
|
},
|
|
"label_": "resource: RUN",
|
|
"id_": "RUN",
|
|
"source_": "Dockerfile",
|
|
"content": "RUN corepack enable && corepack prepare npm@10.5.0 --activate\n",
|
|
"value": "corepack enable && corepack prepare npm@10.5.0 --activate",
|
|
"__startline__": 4,
|
|
"__endline__": 4,
|
|
"resource_type": "RUN",
|
|
"hash": "dbd32b6bad6b728919787011f82d60c50d7b2d1c079f814de2b1640696c98816"
|
|
},
|
|
"evaluated_keys": [
|
|
"value"
|
|
]
|
|
},
|
|
"code_block": [
|
|
[
|
|
5,
|
|
"RUN corepack enable && corepack prepare npm@10.5.0 --activate\n"
|
|
]
|
|
],
|
|
"file_path": "/Dockerfile.production",
|
|
"file_abs_path": "/scan/Dockerfile.production",
|
|
"repo_file_path": "/Dockerfile.production",
|
|
"file_line_range": [
|
|
5,
|
|
5
|
|
],
|
|
"resource": "/Dockerfile.production.RUN",
|
|
"evaluations": null,
|
|
"check_class": "checkov.common.graph.checks_infra.base_check",
|
|
"fixed_definition": null,
|
|
"entity_tags": null,
|
|
"caller_file_path": null,
|
|
"caller_file_line_range": null,
|
|
"resource_address": null,
|
|
"severity": null,
|
|
"bc_category": null,
|
|
"benchmarks": null,
|
|
"description": null,
|
|
"short_description": null,
|
|
"vulnerability_details": null,
|
|
"connected_node": null,
|
|
"guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-yum-ssl",
|
|
"details": [],
|
|
"check_len": null,
|
|
"definition_context_file_path": null
|
|
},
|
|
{
|
|
"check_id": "CKV2_DOCKER_15",
|
|
"bc_check_id": null,
|
|
"check_name": "Ensure that the yum and dnf package managers are not configured to disable SSL certificate validation via the 'sslverify' configuration option",
|
|
"check_result": {
|
|
"result": "PASSED",
|
|
"entity": {
|
|
"block_name_": "RUN",
|
|
"block_type_": "resource",
|
|
"file_path_": "/Dockerfile.production",
|
|
"config_": {
|
|
"content": "RUN npm install\n",
|
|
"value": "npm install",
|
|
"__startline__": 20,
|
|
"__endline__": 20
|
|
},
|
|
"label_": "resource: RUN",
|
|
"id_": "RUN",
|
|
"source_": "Dockerfile",
|
|
"content": "RUN npm install\n",
|
|
"value": "npm install",
|
|
"__startline__": 20,
|
|
"__endline__": 20,
|
|
"resource_type": "RUN",
|
|
"hash": "6979b14e6a853ac150ffef85c5e28fd49c956054ea2cb1d01440e13b17260c4a"
|
|
},
|
|
"evaluated_keys": [
|
|
"value"
|
|
]
|
|
},
|
|
"code_block": [
|
|
[
|
|
21,
|
|
"RUN npm install\n"
|
|
]
|
|
],
|
|
"file_path": "/Dockerfile.production",
|
|
"file_abs_path": "/scan/Dockerfile.production",
|
|
"repo_file_path": "/Dockerfile.production",
|
|
"file_line_range": [
|
|
21,
|
|
21
|
|
],
|
|
"resource": "/Dockerfile.production.RUN",
|
|
"evaluations": null,
|
|
"check_class": "checkov.common.graph.checks_infra.base_check",
|
|
"fixed_definition": null,
|
|
"entity_tags": null,
|
|
"caller_file_path": null,
|
|
"caller_file_line_range": null,
|
|
"resource_address": null,
|
|
"severity": null,
|
|
"bc_category": null,
|
|
"benchmarks": null,
|
|
"description": null,
|
|
"short_description": null,
|
|
"vulnerability_details": null,
|
|
"connected_node": null,
|
|
"guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-yum-ssl",
|
|
"details": [],
|
|
"check_len": null,
|
|
"definition_context_file_path": null
|
|
},
|
|
{
|
|
"check_id": "CKV2_DOCKER_15",
|
|
"bc_check_id": null,
|
|
"check_name": "Ensure that the yum and dnf package managers are not configured to disable SSL certificate validation via the 'sslverify' configuration option",
|
|
"check_result": {
|
|
"result": "PASSED",
|
|
"entity": {
|
|
"block_name_": "RUN",
|
|
"block_type_": "resource",
|
|
"file_path_": "/Dockerfile.production",
|
|
"config_": {
|
|
"content": "RUN npm run db:generate\n",
|
|
"value": "npm run db:generate",
|
|
"__startline__": 21,
|
|
"__endline__": 21
|
|
},
|
|
"label_": "resource: RUN",
|
|
"id_": "RUN",
|
|
"source_": "Dockerfile",
|
|
"content": "RUN npm run db:generate\n",
|
|
"value": "npm run db:generate",
|
|
"__startline__": 21,
|
|
"__endline__": 21,
|
|
"resource_type": "RUN",
|
|
"hash": "c1f9cc0c42260bb0183d7e7b9ec2edab99837111ad42dbbdd7fad09ff3e37ab0"
|
|
},
|
|
"evaluated_keys": [
|
|
"value"
|
|
]
|
|
},
|
|
"code_block": [
|
|
[
|
|
22,
|
|
"RUN npm run db:generate\n"
|
|
]
|
|
],
|
|
"file_path": "/Dockerfile.production",
|
|
"file_abs_path": "/scan/Dockerfile.production",
|
|
"repo_file_path": "/Dockerfile.production",
|
|
"file_line_range": [
|
|
22,
|
|
22
|
|
],
|
|
"resource": "/Dockerfile.production.RUN",
|
|
"evaluations": null,
|
|
"check_class": "checkov.common.graph.checks_infra.base_check",
|
|
"fixed_definition": null,
|
|
"entity_tags": null,
|
|
"caller_file_path": null,
|
|
"caller_file_line_range": null,
|
|
"resource_address": null,
|
|
"severity": null,
|
|
"bc_category": null,
|
|
"benchmarks": null,
|
|
"description": null,
|
|
"short_description": null,
|
|
"vulnerability_details": null,
|
|
"connected_node": null,
|
|
"guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-yum-ssl",
|
|
"details": [],
|
|
"check_len": null,
|
|
"definition_context_file_path": null
|
|
},
|
|
{
|
|
"check_id": "CKV2_DOCKER_15",
|
|
"bc_check_id": null,
|
|
"check_name": "Ensure that the yum and dnf package managers are not configured to disable SSL certificate validation via the 'sslverify' configuration option",
|
|
"check_result": {
|
|
"result": "PASSED",
|
|
"entity": {
|
|
"block_name_": "RUN",
|
|
"block_type_": "resource",
|
|
"file_path_": "/Dockerfile.production",
|
|
"config_": {
|
|
"content": "RUN npm run build\n",
|
|
"value": "npm run build",
|
|
"__startline__": 22,
|
|
"__endline__": 22
|
|
},
|
|
"label_": "resource: RUN",
|
|
"id_": "RUN",
|
|
"source_": "Dockerfile",
|
|
"content": "RUN npm run build\n",
|
|
"value": "npm run build",
|
|
"__startline__": 22,
|
|
"__endline__": 22,
|
|
"resource_type": "RUN",
|
|
"hash": "1bf185fb6038f1b491f2a2686de4dd9869ccdd9c3e34d2772cf43bd368377aa6"
|
|
},
|
|
"evaluated_keys": [
|
|
"value"
|
|
]
|
|
},
|
|
"code_block": [
|
|
[
|
|
23,
|
|
"RUN npm run build\n"
|
|
]
|
|
],
|
|
"file_path": "/Dockerfile.production",
|
|
"file_abs_path": "/scan/Dockerfile.production",
|
|
"repo_file_path": "/Dockerfile.production",
|
|
"file_line_range": [
|
|
23,
|
|
23
|
|
],
|
|
"resource": "/Dockerfile.production.RUN",
|
|
"evaluations": null,
|
|
"check_class": "checkov.common.graph.checks_infra.base_check",
|
|
"fixed_definition": null,
|
|
"entity_tags": null,
|
|
"caller_file_path": null,
|
|
"caller_file_line_range": null,
|
|
"resource_address": null,
|
|
"severity": null,
|
|
"bc_category": null,
|
|
"benchmarks": null,
|
|
"description": null,
|
|
"short_description": null,
|
|
"vulnerability_details": null,
|
|
"connected_node": null,
|
|
"guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-yum-ssl",
|
|
"details": [],
|
|
"check_len": null,
|
|
"definition_context_file_path": null
|
|
},
|
|
{
|
|
"check_id": "CKV2_DOCKER_15",
|
|
"bc_check_id": null,
|
|
"check_name": "Ensure that the yum and dnf package managers are not configured to disable SSL certificate validation via the 'sslverify' configuration option",
|
|
"check_result": {
|
|
"result": "PASSED",
|
|
"entity": {
|
|
"block_name_": "RUN",
|
|
"block_type_": "resource",
|
|
"file_path_": "/Dockerfile.production",
|
|
"config_": {
|
|
"content": "RUN corepack enable && corepack prepare npm@10.5.0 --activate\n",
|
|
"value": "corepack enable && corepack prepare npm@10.5.0 --activate",
|
|
"__startline__": 30,
|
|
"__endline__": 30
|
|
},
|
|
"label_": "resource: RUN",
|
|
"id_": "RUN",
|
|
"source_": "Dockerfile",
|
|
"content": "RUN corepack enable && corepack prepare npm@10.5.0 --activate\n",
|
|
"value": "corepack enable && corepack prepare npm@10.5.0 --activate",
|
|
"__startline__": 30,
|
|
"__endline__": 30,
|
|
"resource_type": "RUN",
|
|
"hash": "01c88e306f7db45ae7136e3bdb63c4b15978dd024f6ed18210961fc3db3df382"
|
|
},
|
|
"evaluated_keys": [
|
|
"value"
|
|
]
|
|
},
|
|
"code_block": [
|
|
[
|
|
31,
|
|
"RUN corepack enable && corepack prepare npm@10.5.0 --activate\n"
|
|
]
|
|
],
|
|
"file_path": "/Dockerfile.production",
|
|
"file_abs_path": "/scan/Dockerfile.production",
|
|
"repo_file_path": "/Dockerfile.production",
|
|
"file_line_range": [
|
|
31,
|
|
31
|
|
],
|
|
"resource": "/Dockerfile.production.RUN",
|
|
"evaluations": null,
|
|
"check_class": "checkov.common.graph.checks_infra.base_check",
|
|
"fixed_definition": null,
|
|
"entity_tags": null,
|
|
"caller_file_path": null,
|
|
"caller_file_line_range": null,
|
|
"resource_address": null,
|
|
"severity": null,
|
|
"bc_category": null,
|
|
"benchmarks": null,
|
|
"description": null,
|
|
"short_description": null,
|
|
"vulnerability_details": null,
|
|
"connected_node": null,
|
|
"guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-yum-ssl",
|
|
"details": [],
|
|
"check_len": null,
|
|
"definition_context_file_path": null
|
|
},
|
|
{
|
|
"check_id": "CKV2_DOCKER_15",
|
|
"bc_check_id": null,
|
|
"check_name": "Ensure that the yum and dnf package managers are not configured to disable SSL certificate validation via the 'sslverify' configuration option",
|
|
"check_result": {
|
|
"result": "PASSED",
|
|
"entity": {
|
|
"block_name_": "RUN",
|
|
"block_type_": "resource",
|
|
"file_path_": "/Dockerfile.test",
|
|
"config_": {
|
|
"content": "RUN corepack enable && corepack prepare npm@10.5.0 --activate\n",
|
|
"value": "corepack enable && corepack prepare npm@10.5.0 --activate",
|
|
"__startline__": 4,
|
|
"__endline__": 4
|
|
},
|
|
"label_": "resource: RUN",
|
|
"id_": "RUN",
|
|
"source_": "Dockerfile",
|
|
"content": "RUN corepack enable && corepack prepare npm@10.5.0 --activate\n",
|
|
"value": "corepack enable && corepack prepare npm@10.5.0 --activate",
|
|
"__startline__": 4,
|
|
"__endline__": 4,
|
|
"resource_type": "RUN",
|
|
"hash": "1d5fb0a211498b8baf37e5744578ad03459da7798534298981f23fdefb7eb757"
|
|
},
|
|
"evaluated_keys": [
|
|
"value"
|
|
]
|
|
},
|
|
"code_block": [
|
|
[
|
|
5,
|
|
"RUN corepack enable && corepack prepare npm@10.5.0 --activate\n"
|
|
]
|
|
],
|
|
"file_path": "/Dockerfile.test",
|
|
"file_abs_path": "/scan/Dockerfile.test",
|
|
"repo_file_path": "/Dockerfile.test",
|
|
"file_line_range": [
|
|
5,
|
|
5
|
|
],
|
|
"resource": "/Dockerfile.test.RUN",
|
|
"evaluations": null,
|
|
"check_class": "checkov.common.graph.checks_infra.base_check",
|
|
"fixed_definition": null,
|
|
"entity_tags": null,
|
|
"caller_file_path": null,
|
|
"caller_file_line_range": null,
|
|
"resource_address": null,
|
|
"severity": null,
|
|
"bc_category": null,
|
|
"benchmarks": null,
|
|
"description": null,
|
|
"short_description": null,
|
|
"vulnerability_details": null,
|
|
"connected_node": null,
|
|
"guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-yum-ssl",
|
|
"details": [],
|
|
"check_len": null,
|
|
"definition_context_file_path": null
|
|
},
|
|
{
|
|
"check_id": "CKV2_DOCKER_15",
|
|
"bc_check_id": null,
|
|
"check_name": "Ensure that the yum and dnf package managers are not configured to disable SSL certificate validation via the 'sslverify' configuration option",
|
|
"check_result": {
|
|
"result": "PASSED",
|
|
"entity": {
|
|
"block_name_": "RUN",
|
|
"block_type_": "resource",
|
|
"file_path_": "/Dockerfile.test",
|
|
"config_": {
|
|
"content": "RUN npm install\n",
|
|
"value": "npm install",
|
|
"__startline__": 10,
|
|
"__endline__": 10
|
|
},
|
|
"label_": "resource: RUN",
|
|
"id_": "RUN",
|
|
"source_": "Dockerfile",
|
|
"content": "RUN npm install\n",
|
|
"value": "npm install",
|
|
"__startline__": 10,
|
|
"__endline__": 10,
|
|
"resource_type": "RUN",
|
|
"hash": "fb809e4860a3131df821aea9480445cc6e2f66dd52744dab5f3d2ef5b2848436"
|
|
},
|
|
"evaluated_keys": [
|
|
"value"
|
|
]
|
|
},
|
|
"code_block": [
|
|
[
|
|
11,
|
|
"RUN npm install\n"
|
|
]
|
|
],
|
|
"file_path": "/Dockerfile.test",
|
|
"file_abs_path": "/scan/Dockerfile.test",
|
|
"repo_file_path": "/Dockerfile.test",
|
|
"file_line_range": [
|
|
11,
|
|
11
|
|
],
|
|
"resource": "/Dockerfile.test.RUN",
|
|
"evaluations": null,
|
|
"check_class": "checkov.common.graph.checks_infra.base_check",
|
|
"fixed_definition": null,
|
|
"entity_tags": null,
|
|
"caller_file_path": null,
|
|
"caller_file_line_range": null,
|
|
"resource_address": null,
|
|
"severity": null,
|
|
"bc_category": null,
|
|
"benchmarks": null,
|
|
"description": null,
|
|
"short_description": null,
|
|
"vulnerability_details": null,
|
|
"connected_node": null,
|
|
"guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-yum-ssl",
|
|
"details": [],
|
|
"check_len": null,
|
|
"definition_context_file_path": null
|
|
},
|
|
{
|
|
"check_id": "CKV2_DOCKER_15",
|
|
"bc_check_id": null,
|
|
"check_name": "Ensure that the yum and dnf package managers are not configured to disable SSL certificate validation via the 'sslverify' configuration option",
|
|
"check_result": {
|
|
"result": "PASSED",
|
|
"entity": {
|
|
"block_name_": "RUN",
|
|
"block_type_": "resource",
|
|
"file_path_": "/Dockerfile.dev",
|
|
"config_": {
|
|
"content": "RUN npm install -g npm@10.5.0 --no-fund --no-audit\n",
|
|
"value": "npm install -g npm@10.5.0 --no-fund --no-audit",
|
|
"__startline__": 4,
|
|
"__endline__": 4
|
|
},
|
|
"label_": "resource: RUN",
|
|
"id_": "RUN",
|
|
"source_": "Dockerfile",
|
|
"content": "RUN npm install -g npm@10.5.0 --no-fund --no-audit\n",
|
|
"value": "npm install -g npm@10.5.0 --no-fund --no-audit",
|
|
"__startline__": 4,
|
|
"__endline__": 4,
|
|
"resource_type": "RUN",
|
|
"hash": "435bba968d1d0b4c410ea33851637829a16b2ad878f0b9531a737c7a444f91b9"
|
|
},
|
|
"evaluated_keys": [
|
|
"value"
|
|
]
|
|
},
|
|
"code_block": [
|
|
[
|
|
5,
|
|
"RUN npm install -g npm@10.5.0 --no-fund --no-audit\n"
|
|
]
|
|
],
|
|
"file_path": "/Dockerfile.dev",
|
|
"file_abs_path": "/scan/Dockerfile.dev",
|
|
"repo_file_path": "/Dockerfile.dev",
|
|
"file_line_range": [
|
|
5,
|
|
5
|
|
],
|
|
"resource": "/Dockerfile.dev.RUN",
|
|
"evaluations": null,
|
|
"check_class": "checkov.common.graph.checks_infra.base_check",
|
|
"fixed_definition": null,
|
|
"entity_tags": null,
|
|
"caller_file_path": null,
|
|
"caller_file_line_range": null,
|
|
"resource_address": null,
|
|
"severity": null,
|
|
"bc_category": null,
|
|
"benchmarks": null,
|
|
"description": null,
|
|
"short_description": null,
|
|
"vulnerability_details": null,
|
|
"connected_node": null,
|
|
"guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-yum-ssl",
|
|
"details": [],
|
|
"check_len": null,
|
|
"definition_context_file_path": null
|
|
},
|
|
{
|
|
"check_id": "CKV2_DOCKER_15",
|
|
"bc_check_id": null,
|
|
"check_name": "Ensure that the yum and dnf package managers are not configured to disable SSL certificate validation via the 'sslverify' configuration option",
|
|
"check_result": {
|
|
"result": "PASSED",
|
|
"entity": {
|
|
"block_name_": "RUN",
|
|
"block_type_": "resource",
|
|
"file_path_": "/Dockerfile.dev",
|
|
"config_": {
|
|
"content": "RUN npm ci --no-fund --no-audit\n",
|
|
"value": "npm ci --no-fund --no-audit",
|
|
"__startline__": 10,
|
|
"__endline__": 10
|
|
},
|
|
"label_": "resource: RUN",
|
|
"id_": "RUN",
|
|
"source_": "Dockerfile",
|
|
"content": "RUN npm ci --no-fund --no-audit\n",
|
|
"value": "npm ci --no-fund --no-audit",
|
|
"__startline__": 10,
|
|
"__endline__": 10,
|
|
"resource_type": "RUN",
|
|
"hash": "57abb1bbe03890ab19f47e5f96b9cbcee02aab65f6980d523df42faf41b709fa"
|
|
},
|
|
"evaluated_keys": [
|
|
"value"
|
|
]
|
|
},
|
|
"code_block": [
|
|
[
|
|
11,
|
|
"RUN npm ci --no-fund --no-audit\n"
|
|
]
|
|
],
|
|
"file_path": "/Dockerfile.dev",
|
|
"file_abs_path": "/scan/Dockerfile.dev",
|
|
"repo_file_path": "/Dockerfile.dev",
|
|
"file_line_range": [
|
|
11,
|
|
11
|
|
],
|
|
"resource": "/Dockerfile.dev.RUN",
|
|
"evaluations": null,
|
|
"check_class": "checkov.common.graph.checks_infra.base_check",
|
|
"fixed_definition": null,
|
|
"entity_tags": null,
|
|
"caller_file_path": null,
|
|
"caller_file_line_range": null,
|
|
"resource_address": null,
|
|
"severity": null,
|
|
"bc_category": null,
|
|
"benchmarks": null,
|
|
"description": null,
|
|
"short_description": null,
|
|
"vulnerability_details": null,
|
|
"connected_node": null,
|
|
"guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-yum-ssl",
|
|
"details": [],
|
|
"check_len": null,
|
|
"definition_context_file_path": null
|
|
},
|
|
{
|
|
"check_id": "CKV2_DOCKER_8",
|
|
"bc_check_id": null,
|
|
"check_name": "Ensure that packages with untrusted or missing signatures are not used by apt-get via the '--allow-unauthenticated' option",
|
|
"check_result": {
|
|
"result": "PASSED",
|
|
"entity": {
|
|
"block_name_": "RUN",
|
|
"block_type_": "resource",
|
|
"file_path_": "/Dockerfile.production",
|
|
"config_": {
|
|
"content": "RUN corepack enable && corepack prepare npm@10.5.0 --activate\n",
|
|
"value": "corepack enable && corepack prepare npm@10.5.0 --activate",
|
|
"__startline__": 4,
|
|
"__endline__": 4
|
|
},
|
|
"label_": "resource: RUN",
|
|
"id_": "RUN",
|
|
"source_": "Dockerfile",
|
|
"content": "RUN corepack enable && corepack prepare npm@10.5.0 --activate\n",
|
|
"value": "corepack enable && corepack prepare npm@10.5.0 --activate",
|
|
"__startline__": 4,
|
|
"__endline__": 4,
|
|
"resource_type": "RUN",
|
|
"hash": "dbd32b6bad6b728919787011f82d60c50d7b2d1c079f814de2b1640696c98816"
|
|
},
|
|
"evaluated_keys": [
|
|
"value"
|
|
]
|
|
},
|
|
"code_block": [
|
|
[
|
|
5,
|
|
"RUN corepack enable && corepack prepare npm@10.5.0 --activate\n"
|
|
]
|
|
],
|
|
"file_path": "/Dockerfile.production",
|
|
"file_abs_path": "/scan/Dockerfile.production",
|
|
"repo_file_path": "/Dockerfile.production",
|
|
"file_line_range": [
|
|
5,
|
|
5
|
|
],
|
|
"resource": "/Dockerfile.production.RUN",
|
|
"evaluations": null,
|
|
"check_class": "checkov.common.graph.checks_infra.base_check",
|
|
"fixed_definition": null,
|
|
"entity_tags": null,
|
|
"caller_file_path": null,
|
|
"caller_file_line_range": null,
|
|
"resource_address": null,
|
|
"severity": null,
|
|
"bc_category": null,
|
|
"benchmarks": null,
|
|
"description": null,
|
|
"short_description": null,
|
|
"vulnerability_details": null,
|
|
"connected_node": null,
|
|
"guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-apt-authenticated",
|
|
"details": [],
|
|
"check_len": null,
|
|
"definition_context_file_path": null
|
|
},
|
|
{
|
|
"check_id": "CKV2_DOCKER_8",
|
|
"bc_check_id": null,
|
|
"check_name": "Ensure that packages with untrusted or missing signatures are not used by apt-get via the '--allow-unauthenticated' option",
|
|
"check_result": {
|
|
"result": "PASSED",
|
|
"entity": {
|
|
"block_name_": "RUN",
|
|
"block_type_": "resource",
|
|
"file_path_": "/Dockerfile.production",
|
|
"config_": {
|
|
"content": "RUN npm install\n",
|
|
"value": "npm install",
|
|
"__startline__": 20,
|
|
"__endline__": 20
|
|
},
|
|
"label_": "resource: RUN",
|
|
"id_": "RUN",
|
|
"source_": "Dockerfile",
|
|
"content": "RUN npm install\n",
|
|
"value": "npm install",
|
|
"__startline__": 20,
|
|
"__endline__": 20,
|
|
"resource_type": "RUN",
|
|
"hash": "6979b14e6a853ac150ffef85c5e28fd49c956054ea2cb1d01440e13b17260c4a"
|
|
},
|
|
"evaluated_keys": [
|
|
"value"
|
|
]
|
|
},
|
|
"code_block": [
|
|
[
|
|
21,
|
|
"RUN npm install\n"
|
|
]
|
|
],
|
|
"file_path": "/Dockerfile.production",
|
|
"file_abs_path": "/scan/Dockerfile.production",
|
|
"repo_file_path": "/Dockerfile.production",
|
|
"file_line_range": [
|
|
21,
|
|
21
|
|
],
|
|
"resource": "/Dockerfile.production.RUN",
|
|
"evaluations": null,
|
|
"check_class": "checkov.common.graph.checks_infra.base_check",
|
|
"fixed_definition": null,
|
|
"entity_tags": null,
|
|
"caller_file_path": null,
|
|
"caller_file_line_range": null,
|
|
"resource_address": null,
|
|
"severity": null,
|
|
"bc_category": null,
|
|
"benchmarks": null,
|
|
"description": null,
|
|
"short_description": null,
|
|
"vulnerability_details": null,
|
|
"connected_node": null,
|
|
"guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-apt-authenticated",
|
|
"details": [],
|
|
"check_len": null,
|
|
"definition_context_file_path": null
|
|
},
|
|
{
|
|
"check_id": "CKV2_DOCKER_8",
|
|
"bc_check_id": null,
|
|
"check_name": "Ensure that packages with untrusted or missing signatures are not used by apt-get via the '--allow-unauthenticated' option",
|
|
"check_result": {
|
|
"result": "PASSED",
|
|
"entity": {
|
|
"block_name_": "RUN",
|
|
"block_type_": "resource",
|
|
"file_path_": "/Dockerfile.production",
|
|
"config_": {
|
|
"content": "RUN npm run db:generate\n",
|
|
"value": "npm run db:generate",
|
|
"__startline__": 21,
|
|
"__endline__": 21
|
|
},
|
|
"label_": "resource: RUN",
|
|
"id_": "RUN",
|
|
"source_": "Dockerfile",
|
|
"content": "RUN npm run db:generate\n",
|
|
"value": "npm run db:generate",
|
|
"__startline__": 21,
|
|
"__endline__": 21,
|
|
"resource_type": "RUN",
|
|
"hash": "c1f9cc0c42260bb0183d7e7b9ec2edab99837111ad42dbbdd7fad09ff3e37ab0"
|
|
},
|
|
"evaluated_keys": [
|
|
"value"
|
|
]
|
|
},
|
|
"code_block": [
|
|
[
|
|
22,
|
|
"RUN npm run db:generate\n"
|
|
]
|
|
],
|
|
"file_path": "/Dockerfile.production",
|
|
"file_abs_path": "/scan/Dockerfile.production",
|
|
"repo_file_path": "/Dockerfile.production",
|
|
"file_line_range": [
|
|
22,
|
|
22
|
|
],
|
|
"resource": "/Dockerfile.production.RUN",
|
|
"evaluations": null,
|
|
"check_class": "checkov.common.graph.checks_infra.base_check",
|
|
"fixed_definition": null,
|
|
"entity_tags": null,
|
|
"caller_file_path": null,
|
|
"caller_file_line_range": null,
|
|
"resource_address": null,
|
|
"severity": null,
|
|
"bc_category": null,
|
|
"benchmarks": null,
|
|
"description": null,
|
|
"short_description": null,
|
|
"vulnerability_details": null,
|
|
"connected_node": null,
|
|
"guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-apt-authenticated",
|
|
"details": [],
|
|
"check_len": null,
|
|
"definition_context_file_path": null
|
|
},
|
|
{
|
|
"check_id": "CKV2_DOCKER_8",
|
|
"bc_check_id": null,
|
|
"check_name": "Ensure that packages with untrusted or missing signatures are not used by apt-get via the '--allow-unauthenticated' option",
|
|
"check_result": {
|
|
"result": "PASSED",
|
|
"entity": {
|
|
"block_name_": "RUN",
|
|
"block_type_": "resource",
|
|
"file_path_": "/Dockerfile.production",
|
|
"config_": {
|
|
"content": "RUN npm run build\n",
|
|
"value": "npm run build",
|
|
"__startline__": 22,
|
|
"__endline__": 22
|
|
},
|
|
"label_": "resource: RUN",
|
|
"id_": "RUN",
|
|
"source_": "Dockerfile",
|
|
"content": "RUN npm run build\n",
|
|
"value": "npm run build",
|
|
"__startline__": 22,
|
|
"__endline__": 22,
|
|
"resource_type": "RUN",
|
|
"hash": "1bf185fb6038f1b491f2a2686de4dd9869ccdd9c3e34d2772cf43bd368377aa6"
|
|
},
|
|
"evaluated_keys": [
|
|
"value"
|
|
]
|
|
},
|
|
"code_block": [
|
|
[
|
|
23,
|
|
"RUN npm run build\n"
|
|
]
|
|
],
|
|
"file_path": "/Dockerfile.production",
|
|
"file_abs_path": "/scan/Dockerfile.production",
|
|
"repo_file_path": "/Dockerfile.production",
|
|
"file_line_range": [
|
|
23,
|
|
23
|
|
],
|
|
"resource": "/Dockerfile.production.RUN",
|
|
"evaluations": null,
|
|
"check_class": "checkov.common.graph.checks_infra.base_check",
|
|
"fixed_definition": null,
|
|
"entity_tags": null,
|
|
"caller_file_path": null,
|
|
"caller_file_line_range": null,
|
|
"resource_address": null,
|
|
"severity": null,
|
|
"bc_category": null,
|
|
"benchmarks": null,
|
|
"description": null,
|
|
"short_description": null,
|
|
"vulnerability_details": null,
|
|
"connected_node": null,
|
|
"guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-apt-authenticated",
|
|
"details": [],
|
|
"check_len": null,
|
|
"definition_context_file_path": null
|
|
},
|
|
{
|
|
"check_id": "CKV2_DOCKER_8",
|
|
"bc_check_id": null,
|
|
"check_name": "Ensure that packages with untrusted or missing signatures are not used by apt-get via the '--allow-unauthenticated' option",
|
|
"check_result": {
|
|
"result": "PASSED",
|
|
"entity": {
|
|
"block_name_": "RUN",
|
|
"block_type_": "resource",
|
|
"file_path_": "/Dockerfile.production",
|
|
"config_": {
|
|
"content": "RUN corepack enable && corepack prepare npm@10.5.0 --activate\n",
|
|
"value": "corepack enable && corepack prepare npm@10.5.0 --activate",
|
|
"__startline__": 30,
|
|
"__endline__": 30
|
|
},
|
|
"label_": "resource: RUN",
|
|
"id_": "RUN",
|
|
"source_": "Dockerfile",
|
|
"content": "RUN corepack enable && corepack prepare npm@10.5.0 --activate\n",
|
|
"value": "corepack enable && corepack prepare npm@10.5.0 --activate",
|
|
"__startline__": 30,
|
|
"__endline__": 30,
|
|
"resource_type": "RUN",
|
|
"hash": "01c88e306f7db45ae7136e3bdb63c4b15978dd024f6ed18210961fc3db3df382"
|
|
},
|
|
"evaluated_keys": [
|
|
"value"
|
|
]
|
|
},
|
|
"code_block": [
|
|
[
|
|
31,
|
|
"RUN corepack enable && corepack prepare npm@10.5.0 --activate\n"
|
|
]
|
|
],
|
|
"file_path": "/Dockerfile.production",
|
|
"file_abs_path": "/scan/Dockerfile.production",
|
|
"repo_file_path": "/Dockerfile.production",
|
|
"file_line_range": [
|
|
31,
|
|
31
|
|
],
|
|
"resource": "/Dockerfile.production.RUN",
|
|
"evaluations": null,
|
|
"check_class": "checkov.common.graph.checks_infra.base_check",
|
|
"fixed_definition": null,
|
|
"entity_tags": null,
|
|
"caller_file_path": null,
|
|
"caller_file_line_range": null,
|
|
"resource_address": null,
|
|
"severity": null,
|
|
"bc_category": null,
|
|
"benchmarks": null,
|
|
"description": null,
|
|
"short_description": null,
|
|
"vulnerability_details": null,
|
|
"connected_node": null,
|
|
"guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-apt-authenticated",
|
|
"details": [],
|
|
"check_len": null,
|
|
"definition_context_file_path": null
|
|
},
|
|
{
|
|
"check_id": "CKV2_DOCKER_8",
|
|
"bc_check_id": null,
|
|
"check_name": "Ensure that packages with untrusted or missing signatures are not used by apt-get via the '--allow-unauthenticated' option",
|
|
"check_result": {
|
|
"result": "PASSED",
|
|
"entity": {
|
|
"block_name_": "RUN",
|
|
"block_type_": "resource",
|
|
"file_path_": "/Dockerfile.test",
|
|
"config_": {
|
|
"content": "RUN corepack enable && corepack prepare npm@10.5.0 --activate\n",
|
|
"value": "corepack enable && corepack prepare npm@10.5.0 --activate",
|
|
"__startline__": 4,
|
|
"__endline__": 4
|
|
},
|
|
"label_": "resource: RUN",
|
|
"id_": "RUN",
|
|
"source_": "Dockerfile",
|
|
"content": "RUN corepack enable && corepack prepare npm@10.5.0 --activate\n",
|
|
"value": "corepack enable && corepack prepare npm@10.5.0 --activate",
|
|
"__startline__": 4,
|
|
"__endline__": 4,
|
|
"resource_type": "RUN",
|
|
"hash": "1d5fb0a211498b8baf37e5744578ad03459da7798534298981f23fdefb7eb757"
|
|
},
|
|
"evaluated_keys": [
|
|
"value"
|
|
]
|
|
},
|
|
"code_block": [
|
|
[
|
|
5,
|
|
"RUN corepack enable && corepack prepare npm@10.5.0 --activate\n"
|
|
]
|
|
],
|
|
"file_path": "/Dockerfile.test",
|
|
"file_abs_path": "/scan/Dockerfile.test",
|
|
"repo_file_path": "/Dockerfile.test",
|
|
"file_line_range": [
|
|
5,
|
|
5
|
|
],
|
|
"resource": "/Dockerfile.test.RUN",
|
|
"evaluations": null,
|
|
"check_class": "checkov.common.graph.checks_infra.base_check",
|
|
"fixed_definition": null,
|
|
"entity_tags": null,
|
|
"caller_file_path": null,
|
|
"caller_file_line_range": null,
|
|
"resource_address": null,
|
|
"severity": null,
|
|
"bc_category": null,
|
|
"benchmarks": null,
|
|
"description": null,
|
|
"short_description": null,
|
|
"vulnerability_details": null,
|
|
"connected_node": null,
|
|
"guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-apt-authenticated",
|
|
"details": [],
|
|
"check_len": null,
|
|
"definition_context_file_path": null
|
|
},
|
|
{
|
|
"check_id": "CKV2_DOCKER_8",
|
|
"bc_check_id": null,
|
|
"check_name": "Ensure that packages with untrusted or missing signatures are not used by apt-get via the '--allow-unauthenticated' option",
|
|
"check_result": {
|
|
"result": "PASSED",
|
|
"entity": {
|
|
"block_name_": "RUN",
|
|
"block_type_": "resource",
|
|
"file_path_": "/Dockerfile.test",
|
|
"config_": {
|
|
"content": "RUN npm install\n",
|
|
"value": "npm install",
|
|
"__startline__": 10,
|
|
"__endline__": 10
|
|
},
|
|
"label_": "resource: RUN",
|
|
"id_": "RUN",
|
|
"source_": "Dockerfile",
|
|
"content": "RUN npm install\n",
|
|
"value": "npm install",
|
|
"__startline__": 10,
|
|
"__endline__": 10,
|
|
"resource_type": "RUN",
|
|
"hash": "fb809e4860a3131df821aea9480445cc6e2f66dd52744dab5f3d2ef5b2848436"
|
|
},
|
|
"evaluated_keys": [
|
|
"value"
|
|
]
|
|
},
|
|
"code_block": [
|
|
[
|
|
11,
|
|
"RUN npm install\n"
|
|
]
|
|
],
|
|
"file_path": "/Dockerfile.test",
|
|
"file_abs_path": "/scan/Dockerfile.test",
|
|
"repo_file_path": "/Dockerfile.test",
|
|
"file_line_range": [
|
|
11,
|
|
11
|
|
],
|
|
"resource": "/Dockerfile.test.RUN",
|
|
"evaluations": null,
|
|
"check_class": "checkov.common.graph.checks_infra.base_check",
|
|
"fixed_definition": null,
|
|
"entity_tags": null,
|
|
"caller_file_path": null,
|
|
"caller_file_line_range": null,
|
|
"resource_address": null,
|
|
"severity": null,
|
|
"bc_category": null,
|
|
"benchmarks": null,
|
|
"description": null,
|
|
"short_description": null,
|
|
"vulnerability_details": null,
|
|
"connected_node": null,
|
|
"guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-apt-authenticated",
|
|
"details": [],
|
|
"check_len": null,
|
|
"definition_context_file_path": null
|
|
},
|
|
{
|
|
"check_id": "CKV2_DOCKER_8",
|
|
"bc_check_id": null,
|
|
"check_name": "Ensure that packages with untrusted or missing signatures are not used by apt-get via the '--allow-unauthenticated' option",
|
|
"check_result": {
|
|
"result": "PASSED",
|
|
"entity": {
|
|
"block_name_": "RUN",
|
|
"block_type_": "resource",
|
|
"file_path_": "/Dockerfile.dev",
|
|
"config_": {
|
|
"content": "RUN npm install -g npm@10.5.0 --no-fund --no-audit\n",
|
|
"value": "npm install -g npm@10.5.0 --no-fund --no-audit",
|
|
"__startline__": 4,
|
|
"__endline__": 4
|
|
},
|
|
"label_": "resource: RUN",
|
|
"id_": "RUN",
|
|
"source_": "Dockerfile",
|
|
"content": "RUN npm install -g npm@10.5.0 --no-fund --no-audit\n",
|
|
"value": "npm install -g npm@10.5.0 --no-fund --no-audit",
|
|
"__startline__": 4,
|
|
"__endline__": 4,
|
|
"resource_type": "RUN",
|
|
"hash": "435bba968d1d0b4c410ea33851637829a16b2ad878f0b9531a737c7a444f91b9"
|
|
},
|
|
"evaluated_keys": [
|
|
"value"
|
|
]
|
|
},
|
|
"code_block": [
|
|
[
|
|
5,
|
|
"RUN npm install -g npm@10.5.0 --no-fund --no-audit\n"
|
|
]
|
|
],
|
|
"file_path": "/Dockerfile.dev",
|
|
"file_abs_path": "/scan/Dockerfile.dev",
|
|
"repo_file_path": "/Dockerfile.dev",
|
|
"file_line_range": [
|
|
5,
|
|
5
|
|
],
|
|
"resource": "/Dockerfile.dev.RUN",
|
|
"evaluations": null,
|
|
"check_class": "checkov.common.graph.checks_infra.base_check",
|
|
"fixed_definition": null,
|
|
"entity_tags": null,
|
|
"caller_file_path": null,
|
|
"caller_file_line_range": null,
|
|
"resource_address": null,
|
|
"severity": null,
|
|
"bc_category": null,
|
|
"benchmarks": null,
|
|
"description": null,
|
|
"short_description": null,
|
|
"vulnerability_details": null,
|
|
"connected_node": null,
|
|
"guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-apt-authenticated",
|
|
"details": [],
|
|
"check_len": null,
|
|
"definition_context_file_path": null
|
|
},
|
|
{
|
|
"check_id": "CKV2_DOCKER_8",
|
|
"bc_check_id": null,
|
|
"check_name": "Ensure that packages with untrusted or missing signatures are not used by apt-get via the '--allow-unauthenticated' option",
|
|
"check_result": {
|
|
"result": "PASSED",
|
|
"entity": {
|
|
"block_name_": "RUN",
|
|
"block_type_": "resource",
|
|
"file_path_": "/Dockerfile.dev",
|
|
"config_": {
|
|
"content": "RUN npm ci --no-fund --no-audit\n",
|
|
"value": "npm ci --no-fund --no-audit",
|
|
"__startline__": 10,
|
|
"__endline__": 10
|
|
},
|
|
"label_": "resource: RUN",
|
|
"id_": "RUN",
|
|
"source_": "Dockerfile",
|
|
"content": "RUN npm ci --no-fund --no-audit\n",
|
|
"value": "npm ci --no-fund --no-audit",
|
|
"__startline__": 10,
|
|
"__endline__": 10,
|
|
"resource_type": "RUN",
|
|
"hash": "57abb1bbe03890ab19f47e5f96b9cbcee02aab65f6980d523df42faf41b709fa"
|
|
},
|
|
"evaluated_keys": [
|
|
"value"
|
|
]
|
|
},
|
|
"code_block": [
|
|
[
|
|
11,
|
|
"RUN npm ci --no-fund --no-audit\n"
|
|
]
|
|
],
|
|
"file_path": "/Dockerfile.dev",
|
|
"file_abs_path": "/scan/Dockerfile.dev",
|
|
"repo_file_path": "/Dockerfile.dev",
|
|
"file_line_range": [
|
|
11,
|
|
11
|
|
],
|
|
"resource": "/Dockerfile.dev.RUN",
|
|
"evaluations": null,
|
|
"check_class": "checkov.common.graph.checks_infra.base_check",
|
|
"fixed_definition": null,
|
|
"entity_tags": null,
|
|
"caller_file_path": null,
|
|
"caller_file_line_range": null,
|
|
"resource_address": null,
|
|
"severity": null,
|
|
"bc_category": null,
|
|
"benchmarks": null,
|
|
"description": null,
|
|
"short_description": null,
|
|
"vulnerability_details": null,
|
|
"connected_node": null,
|
|
"guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-apt-authenticated",
|
|
"details": [],
|
|
"check_len": null,
|
|
"definition_context_file_path": null
|
|
},
|
|
{
|
|
"check_id": "CKV2_DOCKER_13",
|
|
"bc_check_id": null,
|
|
"check_name": "Ensure that certificate validation isn't disabled for npm or yarn by setting the option strict-ssl to false",
|
|
"check_result": {
|
|
"result": "PASSED",
|
|
"entity": {
|
|
"block_name_": "RUN",
|
|
"block_type_": "resource",
|
|
"file_path_": "/Dockerfile.production",
|
|
"config_": {
|
|
"content": "RUN corepack enable && corepack prepare npm@10.5.0 --activate\n",
|
|
"value": "corepack enable && corepack prepare npm@10.5.0 --activate",
|
|
"__startline__": 4,
|
|
"__endline__": 4
|
|
},
|
|
"label_": "resource: RUN",
|
|
"id_": "RUN",
|
|
"source_": "Dockerfile",
|
|
"content": "RUN corepack enable && corepack prepare npm@10.5.0 --activate\n",
|
|
"value": "corepack enable && corepack prepare npm@10.5.0 --activate",
|
|
"__startline__": 4,
|
|
"__endline__": 4,
|
|
"resource_type": "RUN",
|
|
"hash": "dbd32b6bad6b728919787011f82d60c50d7b2d1c079f814de2b1640696c98816"
|
|
},
|
|
"evaluated_keys": [
|
|
"value"
|
|
]
|
|
},
|
|
"code_block": [
|
|
[
|
|
5,
|
|
"RUN corepack enable && corepack prepare npm@10.5.0 --activate\n"
|
|
]
|
|
],
|
|
"file_path": "/Dockerfile.production",
|
|
"file_abs_path": "/scan/Dockerfile.production",
|
|
"repo_file_path": "/Dockerfile.production",
|
|
"file_line_range": [
|
|
5,
|
|
5
|
|
],
|
|
"resource": "/Dockerfile.production.RUN",
|
|
"evaluations": null,
|
|
"check_class": "checkov.common.graph.checks_infra.base_check",
|
|
"fixed_definition": null,
|
|
"entity_tags": null,
|
|
"caller_file_path": null,
|
|
"caller_file_line_range": null,
|
|
"resource_address": null,
|
|
"severity": null,
|
|
"bc_category": null,
|
|
"benchmarks": null,
|
|
"description": null,
|
|
"short_description": null,
|
|
"vulnerability_details": null,
|
|
"connected_node": null,
|
|
"guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-npm-strict-ssl2",
|
|
"details": [],
|
|
"check_len": null,
|
|
"definition_context_file_path": null
|
|
},
|
|
{
|
|
"check_id": "CKV2_DOCKER_13",
|
|
"bc_check_id": null,
|
|
"check_name": "Ensure that certificate validation isn't disabled for npm or yarn by setting the option strict-ssl to false",
|
|
"check_result": {
|
|
"result": "PASSED",
|
|
"entity": {
|
|
"block_name_": "RUN",
|
|
"block_type_": "resource",
|
|
"file_path_": "/Dockerfile.production",
|
|
"config_": {
|
|
"content": "RUN npm install\n",
|
|
"value": "npm install",
|
|
"__startline__": 20,
|
|
"__endline__": 20
|
|
},
|
|
"label_": "resource: RUN",
|
|
"id_": "RUN",
|
|
"source_": "Dockerfile",
|
|
"content": "RUN npm install\n",
|
|
"value": "npm install",
|
|
"__startline__": 20,
|
|
"__endline__": 20,
|
|
"resource_type": "RUN",
|
|
"hash": "6979b14e6a853ac150ffef85c5e28fd49c956054ea2cb1d01440e13b17260c4a"
|
|
},
|
|
"evaluated_keys": [
|
|
"value"
|
|
]
|
|
},
|
|
"code_block": [
|
|
[
|
|
21,
|
|
"RUN npm install\n"
|
|
]
|
|
],
|
|
"file_path": "/Dockerfile.production",
|
|
"file_abs_path": "/scan/Dockerfile.production",
|
|
"repo_file_path": "/Dockerfile.production",
|
|
"file_line_range": [
|
|
21,
|
|
21
|
|
],
|
|
"resource": "/Dockerfile.production.RUN",
|
|
"evaluations": null,
|
|
"check_class": "checkov.common.graph.checks_infra.base_check",
|
|
"fixed_definition": null,
|
|
"entity_tags": null,
|
|
"caller_file_path": null,
|
|
"caller_file_line_range": null,
|
|
"resource_address": null,
|
|
"severity": null,
|
|
"bc_category": null,
|
|
"benchmarks": null,
|
|
"description": null,
|
|
"short_description": null,
|
|
"vulnerability_details": null,
|
|
"connected_node": null,
|
|
"guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-npm-strict-ssl2",
|
|
"details": [],
|
|
"check_len": null,
|
|
"definition_context_file_path": null
|
|
},
|
|
{
|
|
"check_id": "CKV2_DOCKER_13",
|
|
"bc_check_id": null,
|
|
"check_name": "Ensure that certificate validation isn't disabled for npm or yarn by setting the option strict-ssl to false",
|
|
"check_result": {
|
|
"result": "PASSED",
|
|
"entity": {
|
|
"block_name_": "RUN",
|
|
"block_type_": "resource",
|
|
"file_path_": "/Dockerfile.production",
|
|
"config_": {
|
|
"content": "RUN npm run db:generate\n",
|
|
"value": "npm run db:generate",
|
|
"__startline__": 21,
|
|
"__endline__": 21
|
|
},
|
|
"label_": "resource: RUN",
|
|
"id_": "RUN",
|
|
"source_": "Dockerfile",
|
|
"content": "RUN npm run db:generate\n",
|
|
"value": "npm run db:generate",
|
|
"__startline__": 21,
|
|
"__endline__": 21,
|
|
"resource_type": "RUN",
|
|
"hash": "c1f9cc0c42260bb0183d7e7b9ec2edab99837111ad42dbbdd7fad09ff3e37ab0"
|
|
},
|
|
"evaluated_keys": [
|
|
"value"
|
|
]
|
|
},
|
|
"code_block": [
|
|
[
|
|
22,
|
|
"RUN npm run db:generate\n"
|
|
]
|
|
],
|
|
"file_path": "/Dockerfile.production",
|
|
"file_abs_path": "/scan/Dockerfile.production",
|
|
"repo_file_path": "/Dockerfile.production",
|
|
"file_line_range": [
|
|
22,
|
|
22
|
|
],
|
|
"resource": "/Dockerfile.production.RUN",
|
|
"evaluations": null,
|
|
"check_class": "checkov.common.graph.checks_infra.base_check",
|
|
"fixed_definition": null,
|
|
"entity_tags": null,
|
|
"caller_file_path": null,
|
|
"caller_file_line_range": null,
|
|
"resource_address": null,
|
|
"severity": null,
|
|
"bc_category": null,
|
|
"benchmarks": null,
|
|
"description": null,
|
|
"short_description": null,
|
|
"vulnerability_details": null,
|
|
"connected_node": null,
|
|
"guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-npm-strict-ssl2",
|
|
"details": [],
|
|
"check_len": null,
|
|
"definition_context_file_path": null
|
|
},
|
|
{
|
|
"check_id": "CKV2_DOCKER_13",
|
|
"bc_check_id": null,
|
|
"check_name": "Ensure that certificate validation isn't disabled for npm or yarn by setting the option strict-ssl to false",
|
|
"check_result": {
|
|
"result": "PASSED",
|
|
"entity": {
|
|
"block_name_": "RUN",
|
|
"block_type_": "resource",
|
|
"file_path_": "/Dockerfile.production",
|
|
"config_": {
|
|
"content": "RUN npm run build\n",
|
|
"value": "npm run build",
|
|
"__startline__": 22,
|
|
"__endline__": 22
|
|
},
|
|
"label_": "resource: RUN",
|
|
"id_": "RUN",
|
|
"source_": "Dockerfile",
|
|
"content": "RUN npm run build\n",
|
|
"value": "npm run build",
|
|
"__startline__": 22,
|
|
"__endline__": 22,
|
|
"resource_type": "RUN",
|
|
"hash": "1bf185fb6038f1b491f2a2686de4dd9869ccdd9c3e34d2772cf43bd368377aa6"
|
|
},
|
|
"evaluated_keys": [
|
|
"value"
|
|
]
|
|
},
|
|
"code_block": [
|
|
[
|
|
23,
|
|
"RUN npm run build\n"
|
|
]
|
|
],
|
|
"file_path": "/Dockerfile.production",
|
|
"file_abs_path": "/scan/Dockerfile.production",
|
|
"repo_file_path": "/Dockerfile.production",
|
|
"file_line_range": [
|
|
23,
|
|
23
|
|
],
|
|
"resource": "/Dockerfile.production.RUN",
|
|
"evaluations": null,
|
|
"check_class": "checkov.common.graph.checks_infra.base_check",
|
|
"fixed_definition": null,
|
|
"entity_tags": null,
|
|
"caller_file_path": null,
|
|
"caller_file_line_range": null,
|
|
"resource_address": null,
|
|
"severity": null,
|
|
"bc_category": null,
|
|
"benchmarks": null,
|
|
"description": null,
|
|
"short_description": null,
|
|
"vulnerability_details": null,
|
|
"connected_node": null,
|
|
"guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-npm-strict-ssl2",
|
|
"details": [],
|
|
"check_len": null,
|
|
"definition_context_file_path": null
|
|
},
|
|
{
|
|
"check_id": "CKV2_DOCKER_13",
|
|
"bc_check_id": null,
|
|
"check_name": "Ensure that certificate validation isn't disabled for npm or yarn by setting the option strict-ssl to false",
|
|
"check_result": {
|
|
"result": "PASSED",
|
|
"entity": {
|
|
"block_name_": "RUN",
|
|
"block_type_": "resource",
|
|
"file_path_": "/Dockerfile.production",
|
|
"config_": {
|
|
"content": "RUN corepack enable && corepack prepare npm@10.5.0 --activate\n",
|
|
"value": "corepack enable && corepack prepare npm@10.5.0 --activate",
|
|
"__startline__": 30,
|
|
"__endline__": 30
|
|
},
|
|
"label_": "resource: RUN",
|
|
"id_": "RUN",
|
|
"source_": "Dockerfile",
|
|
"content": "RUN corepack enable && corepack prepare npm@10.5.0 --activate\n",
|
|
"value": "corepack enable && corepack prepare npm@10.5.0 --activate",
|
|
"__startline__": 30,
|
|
"__endline__": 30,
|
|
"resource_type": "RUN",
|
|
"hash": "01c88e306f7db45ae7136e3bdb63c4b15978dd024f6ed18210961fc3db3df382"
|
|
},
|
|
"evaluated_keys": [
|
|
"value"
|
|
]
|
|
},
|
|
"code_block": [
|
|
[
|
|
31,
|
|
"RUN corepack enable && corepack prepare npm@10.5.0 --activate\n"
|
|
]
|
|
],
|
|
"file_path": "/Dockerfile.production",
|
|
"file_abs_path": "/scan/Dockerfile.production",
|
|
"repo_file_path": "/Dockerfile.production",
|
|
"file_line_range": [
|
|
31,
|
|
31
|
|
],
|
|
"resource": "/Dockerfile.production.RUN",
|
|
"evaluations": null,
|
|
"check_class": "checkov.common.graph.checks_infra.base_check",
|
|
"fixed_definition": null,
|
|
"entity_tags": null,
|
|
"caller_file_path": null,
|
|
"caller_file_line_range": null,
|
|
"resource_address": null,
|
|
"severity": null,
|
|
"bc_category": null,
|
|
"benchmarks": null,
|
|
"description": null,
|
|
"short_description": null,
|
|
"vulnerability_details": null,
|
|
"connected_node": null,
|
|
"guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-npm-strict-ssl2",
|
|
"details": [],
|
|
"check_len": null,
|
|
"definition_context_file_path": null
|
|
},
|
|
{
|
|
"check_id": "CKV2_DOCKER_13",
|
|
"bc_check_id": null,
|
|
"check_name": "Ensure that certificate validation isn't disabled for npm or yarn by setting the option strict-ssl to false",
|
|
"check_result": {
|
|
"result": "PASSED",
|
|
"entity": {
|
|
"block_name_": "RUN",
|
|
"block_type_": "resource",
|
|
"file_path_": "/Dockerfile.test",
|
|
"config_": {
|
|
"content": "RUN corepack enable && corepack prepare npm@10.5.0 --activate\n",
|
|
"value": "corepack enable && corepack prepare npm@10.5.0 --activate",
|
|
"__startline__": 4,
|
|
"__endline__": 4
|
|
},
|
|
"label_": "resource: RUN",
|
|
"id_": "RUN",
|
|
"source_": "Dockerfile",
|
|
"content": "RUN corepack enable && corepack prepare npm@10.5.0 --activate\n",
|
|
"value": "corepack enable && corepack prepare npm@10.5.0 --activate",
|
|
"__startline__": 4,
|
|
"__endline__": 4,
|
|
"resource_type": "RUN",
|
|
"hash": "1d5fb0a211498b8baf37e5744578ad03459da7798534298981f23fdefb7eb757"
|
|
},
|
|
"evaluated_keys": [
|
|
"value"
|
|
]
|
|
},
|
|
"code_block": [
|
|
[
|
|
5,
|
|
"RUN corepack enable && corepack prepare npm@10.5.0 --activate\n"
|
|
]
|
|
],
|
|
"file_path": "/Dockerfile.test",
|
|
"file_abs_path": "/scan/Dockerfile.test",
|
|
"repo_file_path": "/Dockerfile.test",
|
|
"file_line_range": [
|
|
5,
|
|
5
|
|
],
|
|
"resource": "/Dockerfile.test.RUN",
|
|
"evaluations": null,
|
|
"check_class": "checkov.common.graph.checks_infra.base_check",
|
|
"fixed_definition": null,
|
|
"entity_tags": null,
|
|
"caller_file_path": null,
|
|
"caller_file_line_range": null,
|
|
"resource_address": null,
|
|
"severity": null,
|
|
"bc_category": null,
|
|
"benchmarks": null,
|
|
"description": null,
|
|
"short_description": null,
|
|
"vulnerability_details": null,
|
|
"connected_node": null,
|
|
"guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-npm-strict-ssl2",
|
|
"details": [],
|
|
"check_len": null,
|
|
"definition_context_file_path": null
|
|
},
|
|
{
|
|
"check_id": "CKV2_DOCKER_13",
|
|
"bc_check_id": null,
|
|
"check_name": "Ensure that certificate validation isn't disabled for npm or yarn by setting the option strict-ssl to false",
|
|
"check_result": {
|
|
"result": "PASSED",
|
|
"entity": {
|
|
"block_name_": "RUN",
|
|
"block_type_": "resource",
|
|
"file_path_": "/Dockerfile.test",
|
|
"config_": {
|
|
"content": "RUN npm install\n",
|
|
"value": "npm install",
|
|
"__startline__": 10,
|
|
"__endline__": 10
|
|
},
|
|
"label_": "resource: RUN",
|
|
"id_": "RUN",
|
|
"source_": "Dockerfile",
|
|
"content": "RUN npm install\n",
|
|
"value": "npm install",
|
|
"__startline__": 10,
|
|
"__endline__": 10,
|
|
"resource_type": "RUN",
|
|
"hash": "fb809e4860a3131df821aea9480445cc6e2f66dd52744dab5f3d2ef5b2848436"
|
|
},
|
|
"evaluated_keys": [
|
|
"value"
|
|
]
|
|
},
|
|
"code_block": [
|
|
[
|
|
11,
|
|
"RUN npm install\n"
|
|
]
|
|
],
|
|
"file_path": "/Dockerfile.test",
|
|
"file_abs_path": "/scan/Dockerfile.test",
|
|
"repo_file_path": "/Dockerfile.test",
|
|
"file_line_range": [
|
|
11,
|
|
11
|
|
],
|
|
"resource": "/Dockerfile.test.RUN",
|
|
"evaluations": null,
|
|
"check_class": "checkov.common.graph.checks_infra.base_check",
|
|
"fixed_definition": null,
|
|
"entity_tags": null,
|
|
"caller_file_path": null,
|
|
"caller_file_line_range": null,
|
|
"resource_address": null,
|
|
"severity": null,
|
|
"bc_category": null,
|
|
"benchmarks": null,
|
|
"description": null,
|
|
"short_description": null,
|
|
"vulnerability_details": null,
|
|
"connected_node": null,
|
|
"guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-npm-strict-ssl2",
|
|
"details": [],
|
|
"check_len": null,
|
|
"definition_context_file_path": null
|
|
},
|
|
{
|
|
"check_id": "CKV2_DOCKER_13",
|
|
"bc_check_id": null,
|
|
"check_name": "Ensure that certificate validation isn't disabled for npm or yarn by setting the option strict-ssl to false",
|
|
"check_result": {
|
|
"result": "PASSED",
|
|
"entity": {
|
|
"block_name_": "RUN",
|
|
"block_type_": "resource",
|
|
"file_path_": "/Dockerfile.dev",
|
|
"config_": {
|
|
"content": "RUN npm install -g npm@10.5.0 --no-fund --no-audit\n",
|
|
"value": "npm install -g npm@10.5.0 --no-fund --no-audit",
|
|
"__startline__": 4,
|
|
"__endline__": 4
|
|
},
|
|
"label_": "resource: RUN",
|
|
"id_": "RUN",
|
|
"source_": "Dockerfile",
|
|
"content": "RUN npm install -g npm@10.5.0 --no-fund --no-audit\n",
|
|
"value": "npm install -g npm@10.5.0 --no-fund --no-audit",
|
|
"__startline__": 4,
|
|
"__endline__": 4,
|
|
"resource_type": "RUN",
|
|
"hash": "435bba968d1d0b4c410ea33851637829a16b2ad878f0b9531a737c7a444f91b9"
|
|
},
|
|
"evaluated_keys": [
|
|
"value"
|
|
]
|
|
},
|
|
"code_block": [
|
|
[
|
|
5,
|
|
"RUN npm install -g npm@10.5.0 --no-fund --no-audit\n"
|
|
]
|
|
],
|
|
"file_path": "/Dockerfile.dev",
|
|
"file_abs_path": "/scan/Dockerfile.dev",
|
|
"repo_file_path": "/Dockerfile.dev",
|
|
"file_line_range": [
|
|
5,
|
|
5
|
|
],
|
|
"resource": "/Dockerfile.dev.RUN",
|
|
"evaluations": null,
|
|
"check_class": "checkov.common.graph.checks_infra.base_check",
|
|
"fixed_definition": null,
|
|
"entity_tags": null,
|
|
"caller_file_path": null,
|
|
"caller_file_line_range": null,
|
|
"resource_address": null,
|
|
"severity": null,
|
|
"bc_category": null,
|
|
"benchmarks": null,
|
|
"description": null,
|
|
"short_description": null,
|
|
"vulnerability_details": null,
|
|
"connected_node": null,
|
|
"guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-npm-strict-ssl2",
|
|
"details": [],
|
|
"check_len": null,
|
|
"definition_context_file_path": null
|
|
},
|
|
{
|
|
"check_id": "CKV2_DOCKER_13",
|
|
"bc_check_id": null,
|
|
"check_name": "Ensure that certificate validation isn't disabled for npm or yarn by setting the option strict-ssl to false",
|
|
"check_result": {
|
|
"result": "PASSED",
|
|
"entity": {
|
|
"block_name_": "RUN",
|
|
"block_type_": "resource",
|
|
"file_path_": "/Dockerfile.dev",
|
|
"config_": {
|
|
"content": "RUN npm ci --no-fund --no-audit\n",
|
|
"value": "npm ci --no-fund --no-audit",
|
|
"__startline__": 10,
|
|
"__endline__": 10
|
|
},
|
|
"label_": "resource: RUN",
|
|
"id_": "RUN",
|
|
"source_": "Dockerfile",
|
|
"content": "RUN npm ci --no-fund --no-audit\n",
|
|
"value": "npm ci --no-fund --no-audit",
|
|
"__startline__": 10,
|
|
"__endline__": 10,
|
|
"resource_type": "RUN",
|
|
"hash": "57abb1bbe03890ab19f47e5f96b9cbcee02aab65f6980d523df42faf41b709fa"
|
|
},
|
|
"evaluated_keys": [
|
|
"value"
|
|
]
|
|
},
|
|
"code_block": [
|
|
[
|
|
11,
|
|
"RUN npm ci --no-fund --no-audit\n"
|
|
]
|
|
],
|
|
"file_path": "/Dockerfile.dev",
|
|
"file_abs_path": "/scan/Dockerfile.dev",
|
|
"repo_file_path": "/Dockerfile.dev",
|
|
"file_line_range": [
|
|
11,
|
|
11
|
|
],
|
|
"resource": "/Dockerfile.dev.RUN",
|
|
"evaluations": null,
|
|
"check_class": "checkov.common.graph.checks_infra.base_check",
|
|
"fixed_definition": null,
|
|
"entity_tags": null,
|
|
"caller_file_path": null,
|
|
"caller_file_line_range": null,
|
|
"resource_address": null,
|
|
"severity": null,
|
|
"bc_category": null,
|
|
"benchmarks": null,
|
|
"description": null,
|
|
"short_description": null,
|
|
"vulnerability_details": null,
|
|
"connected_node": null,
|
|
"guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-npm-strict-ssl2",
|
|
"details": [],
|
|
"check_len": null,
|
|
"definition_context_file_path": null
|
|
},
|
|
{
|
|
"check_id": "CKV2_DOCKER_10",
|
|
"bc_check_id": null,
|
|
"check_name": "Ensure that packages with untrusted or missing signatures are not used by rpm via the '--nodigest', '--nosignature', '--noverify', or '--nofiledigest' options",
|
|
"check_result": {
|
|
"result": "PASSED",
|
|
"entity": {
|
|
"block_name_": "RUN",
|
|
"block_type_": "resource",
|
|
"file_path_": "/Dockerfile.production",
|
|
"config_": {
|
|
"content": "RUN corepack enable && corepack prepare npm@10.5.0 --activate\n",
|
|
"value": "corepack enable && corepack prepare npm@10.5.0 --activate",
|
|
"__startline__": 4,
|
|
"__endline__": 4
|
|
},
|
|
"label_": "resource: RUN",
|
|
"id_": "RUN",
|
|
"source_": "Dockerfile",
|
|
"content": "RUN corepack enable && corepack prepare npm@10.5.0 --activate\n",
|
|
"value": "corepack enable && corepack prepare npm@10.5.0 --activate",
|
|
"__startline__": 4,
|
|
"__endline__": 4,
|
|
"resource_type": "RUN",
|
|
"hash": "dbd32b6bad6b728919787011f82d60c50d7b2d1c079f814de2b1640696c98816"
|
|
},
|
|
"evaluated_keys": [
|
|
"value"
|
|
]
|
|
},
|
|
"code_block": [
|
|
[
|
|
5,
|
|
"RUN corepack enable && corepack prepare npm@10.5.0 --activate\n"
|
|
]
|
|
],
|
|
"file_path": "/Dockerfile.production",
|
|
"file_abs_path": "/scan/Dockerfile.production",
|
|
"repo_file_path": "/Dockerfile.production",
|
|
"file_line_range": [
|
|
5,
|
|
5
|
|
],
|
|
"resource": "/Dockerfile.production.RUN",
|
|
"evaluations": null,
|
|
"check_class": "checkov.common.graph.checks_infra.base_check",
|
|
"fixed_definition": null,
|
|
"entity_tags": null,
|
|
"caller_file_path": null,
|
|
"caller_file_line_range": null,
|
|
"resource_address": null,
|
|
"severity": null,
|
|
"bc_category": null,
|
|
"benchmarks": null,
|
|
"description": null,
|
|
"short_description": null,
|
|
"vulnerability_details": null,
|
|
"connected_node": null,
|
|
"guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-rpm-signed",
|
|
"details": [],
|
|
"check_len": null,
|
|
"definition_context_file_path": null
|
|
},
|
|
{
|
|
"check_id": "CKV2_DOCKER_10",
|
|
"bc_check_id": null,
|
|
"check_name": "Ensure that packages with untrusted or missing signatures are not used by rpm via the '--nodigest', '--nosignature', '--noverify', or '--nofiledigest' options",
|
|
"check_result": {
|
|
"result": "PASSED",
|
|
"entity": {
|
|
"block_name_": "RUN",
|
|
"block_type_": "resource",
|
|
"file_path_": "/Dockerfile.production",
|
|
"config_": {
|
|
"content": "RUN npm install\n",
|
|
"value": "npm install",
|
|
"__startline__": 20,
|
|
"__endline__": 20
|
|
},
|
|
"label_": "resource: RUN",
|
|
"id_": "RUN",
|
|
"source_": "Dockerfile",
|
|
"content": "RUN npm install\n",
|
|
"value": "npm install",
|
|
"__startline__": 20,
|
|
"__endline__": 20,
|
|
"resource_type": "RUN",
|
|
"hash": "6979b14e6a853ac150ffef85c5e28fd49c956054ea2cb1d01440e13b17260c4a"
|
|
},
|
|
"evaluated_keys": [
|
|
"value"
|
|
]
|
|
},
|
|
"code_block": [
|
|
[
|
|
21,
|
|
"RUN npm install\n"
|
|
]
|
|
],
|
|
"file_path": "/Dockerfile.production",
|
|
"file_abs_path": "/scan/Dockerfile.production",
|
|
"repo_file_path": "/Dockerfile.production",
|
|
"file_line_range": [
|
|
21,
|
|
21
|
|
],
|
|
"resource": "/Dockerfile.production.RUN",
|
|
"evaluations": null,
|
|
"check_class": "checkov.common.graph.checks_infra.base_check",
|
|
"fixed_definition": null,
|
|
"entity_tags": null,
|
|
"caller_file_path": null,
|
|
"caller_file_line_range": null,
|
|
"resource_address": null,
|
|
"severity": null,
|
|
"bc_category": null,
|
|
"benchmarks": null,
|
|
"description": null,
|
|
"short_description": null,
|
|
"vulnerability_details": null,
|
|
"connected_node": null,
|
|
"guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-rpm-signed",
|
|
"details": [],
|
|
"check_len": null,
|
|
"definition_context_file_path": null
|
|
},
|
|
{
|
|
"check_id": "CKV2_DOCKER_10",
|
|
"bc_check_id": null,
|
|
"check_name": "Ensure that packages with untrusted or missing signatures are not used by rpm via the '--nodigest', '--nosignature', '--noverify', or '--nofiledigest' options",
|
|
"check_result": {
|
|
"result": "PASSED",
|
|
"entity": {
|
|
"block_name_": "RUN",
|
|
"block_type_": "resource",
|
|
"file_path_": "/Dockerfile.production",
|
|
"config_": {
|
|
"content": "RUN npm run db:generate\n",
|
|
"value": "npm run db:generate",
|
|
"__startline__": 21,
|
|
"__endline__": 21
|
|
},
|
|
"label_": "resource: RUN",
|
|
"id_": "RUN",
|
|
"source_": "Dockerfile",
|
|
"content": "RUN npm run db:generate\n",
|
|
"value": "npm run db:generate",
|
|
"__startline__": 21,
|
|
"__endline__": 21,
|
|
"resource_type": "RUN",
|
|
"hash": "c1f9cc0c42260bb0183d7e7b9ec2edab99837111ad42dbbdd7fad09ff3e37ab0"
|
|
},
|
|
"evaluated_keys": [
|
|
"value"
|
|
]
|
|
},
|
|
"code_block": [
|
|
[
|
|
22,
|
|
"RUN npm run db:generate\n"
|
|
]
|
|
],
|
|
"file_path": "/Dockerfile.production",
|
|
"file_abs_path": "/scan/Dockerfile.production",
|
|
"repo_file_path": "/Dockerfile.production",
|
|
"file_line_range": [
|
|
22,
|
|
22
|
|
],
|
|
"resource": "/Dockerfile.production.RUN",
|
|
"evaluations": null,
|
|
"check_class": "checkov.common.graph.checks_infra.base_check",
|
|
"fixed_definition": null,
|
|
"entity_tags": null,
|
|
"caller_file_path": null,
|
|
"caller_file_line_range": null,
|
|
"resource_address": null,
|
|
"severity": null,
|
|
"bc_category": null,
|
|
"benchmarks": null,
|
|
"description": null,
|
|
"short_description": null,
|
|
"vulnerability_details": null,
|
|
"connected_node": null,
|
|
"guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-rpm-signed",
|
|
"details": [],
|
|
"check_len": null,
|
|
"definition_context_file_path": null
|
|
},
|
|
{
|
|
"check_id": "CKV2_DOCKER_10",
|
|
"bc_check_id": null,
|
|
"check_name": "Ensure that packages with untrusted or missing signatures are not used by rpm via the '--nodigest', '--nosignature', '--noverify', or '--nofiledigest' options",
|
|
"check_result": {
|
|
"result": "PASSED",
|
|
"entity": {
|
|
"block_name_": "RUN",
|
|
"block_type_": "resource",
|
|
"file_path_": "/Dockerfile.production",
|
|
"config_": {
|
|
"content": "RUN npm run build\n",
|
|
"value": "npm run build",
|
|
"__startline__": 22,
|
|
"__endline__": 22
|
|
},
|
|
"label_": "resource: RUN",
|
|
"id_": "RUN",
|
|
"source_": "Dockerfile",
|
|
"content": "RUN npm run build\n",
|
|
"value": "npm run build",
|
|
"__startline__": 22,
|
|
"__endline__": 22,
|
|
"resource_type": "RUN",
|
|
"hash": "1bf185fb6038f1b491f2a2686de4dd9869ccdd9c3e34d2772cf43bd368377aa6"
|
|
},
|
|
"evaluated_keys": [
|
|
"value"
|
|
]
|
|
},
|
|
"code_block": [
|
|
[
|
|
23,
|
|
"RUN npm run build\n"
|
|
]
|
|
],
|
|
"file_path": "/Dockerfile.production",
|
|
"file_abs_path": "/scan/Dockerfile.production",
|
|
"repo_file_path": "/Dockerfile.production",
|
|
"file_line_range": [
|
|
23,
|
|
23
|
|
],
|
|
"resource": "/Dockerfile.production.RUN",
|
|
"evaluations": null,
|
|
"check_class": "checkov.common.graph.checks_infra.base_check",
|
|
"fixed_definition": null,
|
|
"entity_tags": null,
|
|
"caller_file_path": null,
|
|
"caller_file_line_range": null,
|
|
"resource_address": null,
|
|
"severity": null,
|
|
"bc_category": null,
|
|
"benchmarks": null,
|
|
"description": null,
|
|
"short_description": null,
|
|
"vulnerability_details": null,
|
|
"connected_node": null,
|
|
"guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-rpm-signed",
|
|
"details": [],
|
|
"check_len": null,
|
|
"definition_context_file_path": null
|
|
},
|
|
{
|
|
"check_id": "CKV2_DOCKER_10",
|
|
"bc_check_id": null,
|
|
"check_name": "Ensure that packages with untrusted or missing signatures are not used by rpm via the '--nodigest', '--nosignature', '--noverify', or '--nofiledigest' options",
|
|
"check_result": {
|
|
"result": "PASSED",
|
|
"entity": {
|
|
"block_name_": "RUN",
|
|
"block_type_": "resource",
|
|
"file_path_": "/Dockerfile.production",
|
|
"config_": {
|
|
"content": "RUN corepack enable && corepack prepare npm@10.5.0 --activate\n",
|
|
"value": "corepack enable && corepack prepare npm@10.5.0 --activate",
|
|
"__startline__": 30,
|
|
"__endline__": 30
|
|
},
|
|
"label_": "resource: RUN",
|
|
"id_": "RUN",
|
|
"source_": "Dockerfile",
|
|
"content": "RUN corepack enable && corepack prepare npm@10.5.0 --activate\n",
|
|
"value": "corepack enable && corepack prepare npm@10.5.0 --activate",
|
|
"__startline__": 30,
|
|
"__endline__": 30,
|
|
"resource_type": "RUN",
|
|
"hash": "01c88e306f7db45ae7136e3bdb63c4b15978dd024f6ed18210961fc3db3df382"
|
|
},
|
|
"evaluated_keys": [
|
|
"value"
|
|
]
|
|
},
|
|
"code_block": [
|
|
[
|
|
31,
|
|
"RUN corepack enable && corepack prepare npm@10.5.0 --activate\n"
|
|
]
|
|
],
|
|
"file_path": "/Dockerfile.production",
|
|
"file_abs_path": "/scan/Dockerfile.production",
|
|
"repo_file_path": "/Dockerfile.production",
|
|
"file_line_range": [
|
|
31,
|
|
31
|
|
],
|
|
"resource": "/Dockerfile.production.RUN",
|
|
"evaluations": null,
|
|
"check_class": "checkov.common.graph.checks_infra.base_check",
|
|
"fixed_definition": null,
|
|
"entity_tags": null,
|
|
"caller_file_path": null,
|
|
"caller_file_line_range": null,
|
|
"resource_address": null,
|
|
"severity": null,
|
|
"bc_category": null,
|
|
"benchmarks": null,
|
|
"description": null,
|
|
"short_description": null,
|
|
"vulnerability_details": null,
|
|
"connected_node": null,
|
|
"guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-rpm-signed",
|
|
"details": [],
|
|
"check_len": null,
|
|
"definition_context_file_path": null
|
|
},
|
|
{
|
|
"check_id": "CKV2_DOCKER_10",
|
|
"bc_check_id": null,
|
|
"check_name": "Ensure that packages with untrusted or missing signatures are not used by rpm via the '--nodigest', '--nosignature', '--noverify', or '--nofiledigest' options",
|
|
"check_result": {
|
|
"result": "PASSED",
|
|
"entity": {
|
|
"block_name_": "RUN",
|
|
"block_type_": "resource",
|
|
"file_path_": "/Dockerfile.test",
|
|
"config_": {
|
|
"content": "RUN corepack enable && corepack prepare npm@10.5.0 --activate\n",
|
|
"value": "corepack enable && corepack prepare npm@10.5.0 --activate",
|
|
"__startline__": 4,
|
|
"__endline__": 4
|
|
},
|
|
"label_": "resource: RUN",
|
|
"id_": "RUN",
|
|
"source_": "Dockerfile",
|
|
"content": "RUN corepack enable && corepack prepare npm@10.5.0 --activate\n",
|
|
"value": "corepack enable && corepack prepare npm@10.5.0 --activate",
|
|
"__startline__": 4,
|
|
"__endline__": 4,
|
|
"resource_type": "RUN",
|
|
"hash": "1d5fb0a211498b8baf37e5744578ad03459da7798534298981f23fdefb7eb757"
|
|
},
|
|
"evaluated_keys": [
|
|
"value"
|
|
]
|
|
},
|
|
"code_block": [
|
|
[
|
|
5,
|
|
"RUN corepack enable && corepack prepare npm@10.5.0 --activate\n"
|
|
]
|
|
],
|
|
"file_path": "/Dockerfile.test",
|
|
"file_abs_path": "/scan/Dockerfile.test",
|
|
"repo_file_path": "/Dockerfile.test",
|
|
"file_line_range": [
|
|
5,
|
|
5
|
|
],
|
|
"resource": "/Dockerfile.test.RUN",
|
|
"evaluations": null,
|
|
"check_class": "checkov.common.graph.checks_infra.base_check",
|
|
"fixed_definition": null,
|
|
"entity_tags": null,
|
|
"caller_file_path": null,
|
|
"caller_file_line_range": null,
|
|
"resource_address": null,
|
|
"severity": null,
|
|
"bc_category": null,
|
|
"benchmarks": null,
|
|
"description": null,
|
|
"short_description": null,
|
|
"vulnerability_details": null,
|
|
"connected_node": null,
|
|
"guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-rpm-signed",
|
|
"details": [],
|
|
"check_len": null,
|
|
"definition_context_file_path": null
|
|
},
|
|
{
|
|
"check_id": "CKV2_DOCKER_10",
|
|
"bc_check_id": null,
|
|
"check_name": "Ensure that packages with untrusted or missing signatures are not used by rpm via the '--nodigest', '--nosignature', '--noverify', or '--nofiledigest' options",
|
|
"check_result": {
|
|
"result": "PASSED",
|
|
"entity": {
|
|
"block_name_": "RUN",
|
|
"block_type_": "resource",
|
|
"file_path_": "/Dockerfile.test",
|
|
"config_": {
|
|
"content": "RUN npm install\n",
|
|
"value": "npm install",
|
|
"__startline__": 10,
|
|
"__endline__": 10
|
|
},
|
|
"label_": "resource: RUN",
|
|
"id_": "RUN",
|
|
"source_": "Dockerfile",
|
|
"content": "RUN npm install\n",
|
|
"value": "npm install",
|
|
"__startline__": 10,
|
|
"__endline__": 10,
|
|
"resource_type": "RUN",
|
|
"hash": "fb809e4860a3131df821aea9480445cc6e2f66dd52744dab5f3d2ef5b2848436"
|
|
},
|
|
"evaluated_keys": [
|
|
"value"
|
|
]
|
|
},
|
|
"code_block": [
|
|
[
|
|
11,
|
|
"RUN npm install\n"
|
|
]
|
|
],
|
|
"file_path": "/Dockerfile.test",
|
|
"file_abs_path": "/scan/Dockerfile.test",
|
|
"repo_file_path": "/Dockerfile.test",
|
|
"file_line_range": [
|
|
11,
|
|
11
|
|
],
|
|
"resource": "/Dockerfile.test.RUN",
|
|
"evaluations": null,
|
|
"check_class": "checkov.common.graph.checks_infra.base_check",
|
|
"fixed_definition": null,
|
|
"entity_tags": null,
|
|
"caller_file_path": null,
|
|
"caller_file_line_range": null,
|
|
"resource_address": null,
|
|
"severity": null,
|
|
"bc_category": null,
|
|
"benchmarks": null,
|
|
"description": null,
|
|
"short_description": null,
|
|
"vulnerability_details": null,
|
|
"connected_node": null,
|
|
"guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-rpm-signed",
|
|
"details": [],
|
|
"check_len": null,
|
|
"definition_context_file_path": null
|
|
},
|
|
{
|
|
"check_id": "CKV2_DOCKER_10",
|
|
"bc_check_id": null,
|
|
"check_name": "Ensure that packages with untrusted or missing signatures are not used by rpm via the '--nodigest', '--nosignature', '--noverify', or '--nofiledigest' options",
|
|
"check_result": {
|
|
"result": "PASSED",
|
|
"entity": {
|
|
"block_name_": "RUN",
|
|
"block_type_": "resource",
|
|
"file_path_": "/Dockerfile.dev",
|
|
"config_": {
|
|
"content": "RUN npm install -g npm@10.5.0 --no-fund --no-audit\n",
|
|
"value": "npm install -g npm@10.5.0 --no-fund --no-audit",
|
|
"__startline__": 4,
|
|
"__endline__": 4
|
|
},
|
|
"label_": "resource: RUN",
|
|
"id_": "RUN",
|
|
"source_": "Dockerfile",
|
|
"content": "RUN npm install -g npm@10.5.0 --no-fund --no-audit\n",
|
|
"value": "npm install -g npm@10.5.0 --no-fund --no-audit",
|
|
"__startline__": 4,
|
|
"__endline__": 4,
|
|
"resource_type": "RUN",
|
|
"hash": "435bba968d1d0b4c410ea33851637829a16b2ad878f0b9531a737c7a444f91b9"
|
|
},
|
|
"evaluated_keys": [
|
|
"value"
|
|
]
|
|
},
|
|
"code_block": [
|
|
[
|
|
5,
|
|
"RUN npm install -g npm@10.5.0 --no-fund --no-audit\n"
|
|
]
|
|
],
|
|
"file_path": "/Dockerfile.dev",
|
|
"file_abs_path": "/scan/Dockerfile.dev",
|
|
"repo_file_path": "/Dockerfile.dev",
|
|
"file_line_range": [
|
|
5,
|
|
5
|
|
],
|
|
"resource": "/Dockerfile.dev.RUN",
|
|
"evaluations": null,
|
|
"check_class": "checkov.common.graph.checks_infra.base_check",
|
|
"fixed_definition": null,
|
|
"entity_tags": null,
|
|
"caller_file_path": null,
|
|
"caller_file_line_range": null,
|
|
"resource_address": null,
|
|
"severity": null,
|
|
"bc_category": null,
|
|
"benchmarks": null,
|
|
"description": null,
|
|
"short_description": null,
|
|
"vulnerability_details": null,
|
|
"connected_node": null,
|
|
"guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-rpm-signed",
|
|
"details": [],
|
|
"check_len": null,
|
|
"definition_context_file_path": null
|
|
},
|
|
{
|
|
"check_id": "CKV2_DOCKER_10",
|
|
"bc_check_id": null,
|
|
"check_name": "Ensure that packages with untrusted or missing signatures are not used by rpm via the '--nodigest', '--nosignature', '--noverify', or '--nofiledigest' options",
|
|
"check_result": {
|
|
"result": "PASSED",
|
|
"entity": {
|
|
"block_name_": "RUN",
|
|
"block_type_": "resource",
|
|
"file_path_": "/Dockerfile.dev",
|
|
"config_": {
|
|
"content": "RUN npm ci --no-fund --no-audit\n",
|
|
"value": "npm ci --no-fund --no-audit",
|
|
"__startline__": 10,
|
|
"__endline__": 10
|
|
},
|
|
"label_": "resource: RUN",
|
|
"id_": "RUN",
|
|
"source_": "Dockerfile",
|
|
"content": "RUN npm ci --no-fund --no-audit\n",
|
|
"value": "npm ci --no-fund --no-audit",
|
|
"__startline__": 10,
|
|
"__endline__": 10,
|
|
"resource_type": "RUN",
|
|
"hash": "57abb1bbe03890ab19f47e5f96b9cbcee02aab65f6980d523df42faf41b709fa"
|
|
},
|
|
"evaluated_keys": [
|
|
"value"
|
|
]
|
|
},
|
|
"code_block": [
|
|
[
|
|
11,
|
|
"RUN npm ci --no-fund --no-audit\n"
|
|
]
|
|
],
|
|
"file_path": "/Dockerfile.dev",
|
|
"file_abs_path": "/scan/Dockerfile.dev",
|
|
"repo_file_path": "/Dockerfile.dev",
|
|
"file_line_range": [
|
|
11,
|
|
11
|
|
],
|
|
"resource": "/Dockerfile.dev.RUN",
|
|
"evaluations": null,
|
|
"check_class": "checkov.common.graph.checks_infra.base_check",
|
|
"fixed_definition": null,
|
|
"entity_tags": null,
|
|
"caller_file_path": null,
|
|
"caller_file_line_range": null,
|
|
"resource_address": null,
|
|
"severity": null,
|
|
"bc_category": null,
|
|
"benchmarks": null,
|
|
"description": null,
|
|
"short_description": null,
|
|
"vulnerability_details": null,
|
|
"connected_node": null,
|
|
"guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-rpm-signed",
|
|
"details": [],
|
|
"check_len": null,
|
|
"definition_context_file_path": null
|
|
},
|
|
{
|
|
"check_id": "CKV2_DOCKER_7",
|
|
"bc_check_id": null,
|
|
"check_name": "Ensure that packages with untrusted or missing signatures are not used by apk via the '--allow-untrusted' option",
|
|
"check_result": {
|
|
"result": "PASSED",
|
|
"entity": {
|
|
"block_name_": "RUN",
|
|
"block_type_": "resource",
|
|
"file_path_": "/Dockerfile.production",
|
|
"config_": {
|
|
"content": "RUN corepack enable && corepack prepare npm@10.5.0 --activate\n",
|
|
"value": "corepack enable && corepack prepare npm@10.5.0 --activate",
|
|
"__startline__": 4,
|
|
"__endline__": 4
|
|
},
|
|
"label_": "resource: RUN",
|
|
"id_": "RUN",
|
|
"source_": "Dockerfile",
|
|
"content": "RUN corepack enable && corepack prepare npm@10.5.0 --activate\n",
|
|
"value": "corepack enable && corepack prepare npm@10.5.0 --activate",
|
|
"__startline__": 4,
|
|
"__endline__": 4,
|
|
"resource_type": "RUN",
|
|
"hash": "dbd32b6bad6b728919787011f82d60c50d7b2d1c079f814de2b1640696c98816"
|
|
},
|
|
"evaluated_keys": [
|
|
"value"
|
|
]
|
|
},
|
|
"code_block": [
|
|
[
|
|
5,
|
|
"RUN corepack enable && corepack prepare npm@10.5.0 --activate\n"
|
|
]
|
|
],
|
|
"file_path": "/Dockerfile.production",
|
|
"file_abs_path": "/scan/Dockerfile.production",
|
|
"repo_file_path": "/Dockerfile.production",
|
|
"file_line_range": [
|
|
5,
|
|
5
|
|
],
|
|
"resource": "/Dockerfile.production.RUN",
|
|
"evaluations": null,
|
|
"check_class": "checkov.common.graph.checks_infra.base_check",
|
|
"fixed_definition": null,
|
|
"entity_tags": null,
|
|
"caller_file_path": null,
|
|
"caller_file_line_range": null,
|
|
"resource_address": null,
|
|
"severity": null,
|
|
"bc_category": null,
|
|
"benchmarks": null,
|
|
"description": null,
|
|
"short_description": null,
|
|
"vulnerability_details": null,
|
|
"connected_node": null,
|
|
"guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-apk-trusted",
|
|
"details": [],
|
|
"check_len": null,
|
|
"definition_context_file_path": null
|
|
},
|
|
{
|
|
"check_id": "CKV2_DOCKER_7",
|
|
"bc_check_id": null,
|
|
"check_name": "Ensure that packages with untrusted or missing signatures are not used by apk via the '--allow-untrusted' option",
|
|
"check_result": {
|
|
"result": "PASSED",
|
|
"entity": {
|
|
"block_name_": "RUN",
|
|
"block_type_": "resource",
|
|
"file_path_": "/Dockerfile.production",
|
|
"config_": {
|
|
"content": "RUN npm install\n",
|
|
"value": "npm install",
|
|
"__startline__": 20,
|
|
"__endline__": 20
|
|
},
|
|
"label_": "resource: RUN",
|
|
"id_": "RUN",
|
|
"source_": "Dockerfile",
|
|
"content": "RUN npm install\n",
|
|
"value": "npm install",
|
|
"__startline__": 20,
|
|
"__endline__": 20,
|
|
"resource_type": "RUN",
|
|
"hash": "6979b14e6a853ac150ffef85c5e28fd49c956054ea2cb1d01440e13b17260c4a"
|
|
},
|
|
"evaluated_keys": [
|
|
"value"
|
|
]
|
|
},
|
|
"code_block": [
|
|
[
|
|
21,
|
|
"RUN npm install\n"
|
|
]
|
|
],
|
|
"file_path": "/Dockerfile.production",
|
|
"file_abs_path": "/scan/Dockerfile.production",
|
|
"repo_file_path": "/Dockerfile.production",
|
|
"file_line_range": [
|
|
21,
|
|
21
|
|
],
|
|
"resource": "/Dockerfile.production.RUN",
|
|
"evaluations": null,
|
|
"check_class": "checkov.common.graph.checks_infra.base_check",
|
|
"fixed_definition": null,
|
|
"entity_tags": null,
|
|
"caller_file_path": null,
|
|
"caller_file_line_range": null,
|
|
"resource_address": null,
|
|
"severity": null,
|
|
"bc_category": null,
|
|
"benchmarks": null,
|
|
"description": null,
|
|
"short_description": null,
|
|
"vulnerability_details": null,
|
|
"connected_node": null,
|
|
"guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-apk-trusted",
|
|
"details": [],
|
|
"check_len": null,
|
|
"definition_context_file_path": null
|
|
},
|
|
{
|
|
"check_id": "CKV2_DOCKER_7",
|
|
"bc_check_id": null,
|
|
"check_name": "Ensure that packages with untrusted or missing signatures are not used by apk via the '--allow-untrusted' option",
|
|
"check_result": {
|
|
"result": "PASSED",
|
|
"entity": {
|
|
"block_name_": "RUN",
|
|
"block_type_": "resource",
|
|
"file_path_": "/Dockerfile.production",
|
|
"config_": {
|
|
"content": "RUN npm run db:generate\n",
|
|
"value": "npm run db:generate",
|
|
"__startline__": 21,
|
|
"__endline__": 21
|
|
},
|
|
"label_": "resource: RUN",
|
|
"id_": "RUN",
|
|
"source_": "Dockerfile",
|
|
"content": "RUN npm run db:generate\n",
|
|
"value": "npm run db:generate",
|
|
"__startline__": 21,
|
|
"__endline__": 21,
|
|
"resource_type": "RUN",
|
|
"hash": "c1f9cc0c42260bb0183d7e7b9ec2edab99837111ad42dbbdd7fad09ff3e37ab0"
|
|
},
|
|
"evaluated_keys": [
|
|
"value"
|
|
]
|
|
},
|
|
"code_block": [
|
|
[
|
|
22,
|
|
"RUN npm run db:generate\n"
|
|
]
|
|
],
|
|
"file_path": "/Dockerfile.production",
|
|
"file_abs_path": "/scan/Dockerfile.production",
|
|
"repo_file_path": "/Dockerfile.production",
|
|
"file_line_range": [
|
|
22,
|
|
22
|
|
],
|
|
"resource": "/Dockerfile.production.RUN",
|
|
"evaluations": null,
|
|
"check_class": "checkov.common.graph.checks_infra.base_check",
|
|
"fixed_definition": null,
|
|
"entity_tags": null,
|
|
"caller_file_path": null,
|
|
"caller_file_line_range": null,
|
|
"resource_address": null,
|
|
"severity": null,
|
|
"bc_category": null,
|
|
"benchmarks": null,
|
|
"description": null,
|
|
"short_description": null,
|
|
"vulnerability_details": null,
|
|
"connected_node": null,
|
|
"guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-apk-trusted",
|
|
"details": [],
|
|
"check_len": null,
|
|
"definition_context_file_path": null
|
|
},
|
|
{
|
|
"check_id": "CKV2_DOCKER_7",
|
|
"bc_check_id": null,
|
|
"check_name": "Ensure that packages with untrusted or missing signatures are not used by apk via the '--allow-untrusted' option",
|
|
"check_result": {
|
|
"result": "PASSED",
|
|
"entity": {
|
|
"block_name_": "RUN",
|
|
"block_type_": "resource",
|
|
"file_path_": "/Dockerfile.production",
|
|
"config_": {
|
|
"content": "RUN npm run build\n",
|
|
"value": "npm run build",
|
|
"__startline__": 22,
|
|
"__endline__": 22
|
|
},
|
|
"label_": "resource: RUN",
|
|
"id_": "RUN",
|
|
"source_": "Dockerfile",
|
|
"content": "RUN npm run build\n",
|
|
"value": "npm run build",
|
|
"__startline__": 22,
|
|
"__endline__": 22,
|
|
"resource_type": "RUN",
|
|
"hash": "1bf185fb6038f1b491f2a2686de4dd9869ccdd9c3e34d2772cf43bd368377aa6"
|
|
},
|
|
"evaluated_keys": [
|
|
"value"
|
|
]
|
|
},
|
|
"code_block": [
|
|
[
|
|
23,
|
|
"RUN npm run build\n"
|
|
]
|
|
],
|
|
"file_path": "/Dockerfile.production",
|
|
"file_abs_path": "/scan/Dockerfile.production",
|
|
"repo_file_path": "/Dockerfile.production",
|
|
"file_line_range": [
|
|
23,
|
|
23
|
|
],
|
|
"resource": "/Dockerfile.production.RUN",
|
|
"evaluations": null,
|
|
"check_class": "checkov.common.graph.checks_infra.base_check",
|
|
"fixed_definition": null,
|
|
"entity_tags": null,
|
|
"caller_file_path": null,
|
|
"caller_file_line_range": null,
|
|
"resource_address": null,
|
|
"severity": null,
|
|
"bc_category": null,
|
|
"benchmarks": null,
|
|
"description": null,
|
|
"short_description": null,
|
|
"vulnerability_details": null,
|
|
"connected_node": null,
|
|
"guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-apk-trusted",
|
|
"details": [],
|
|
"check_len": null,
|
|
"definition_context_file_path": null
|
|
},
|
|
{
|
|
"check_id": "CKV2_DOCKER_7",
|
|
"bc_check_id": null,
|
|
"check_name": "Ensure that packages with untrusted or missing signatures are not used by apk via the '--allow-untrusted' option",
|
|
"check_result": {
|
|
"result": "PASSED",
|
|
"entity": {
|
|
"block_name_": "RUN",
|
|
"block_type_": "resource",
|
|
"file_path_": "/Dockerfile.production",
|
|
"config_": {
|
|
"content": "RUN corepack enable && corepack prepare npm@10.5.0 --activate\n",
|
|
"value": "corepack enable && corepack prepare npm@10.5.0 --activate",
|
|
"__startline__": 30,
|
|
"__endline__": 30
|
|
},
|
|
"label_": "resource: RUN",
|
|
"id_": "RUN",
|
|
"source_": "Dockerfile",
|
|
"content": "RUN corepack enable && corepack prepare npm@10.5.0 --activate\n",
|
|
"value": "corepack enable && corepack prepare npm@10.5.0 --activate",
|
|
"__startline__": 30,
|
|
"__endline__": 30,
|
|
"resource_type": "RUN",
|
|
"hash": "01c88e306f7db45ae7136e3bdb63c4b15978dd024f6ed18210961fc3db3df382"
|
|
},
|
|
"evaluated_keys": [
|
|
"value"
|
|
]
|
|
},
|
|
"code_block": [
|
|
[
|
|
31,
|
|
"RUN corepack enable && corepack prepare npm@10.5.0 --activate\n"
|
|
]
|
|
],
|
|
"file_path": "/Dockerfile.production",
|
|
"file_abs_path": "/scan/Dockerfile.production",
|
|
"repo_file_path": "/Dockerfile.production",
|
|
"file_line_range": [
|
|
31,
|
|
31
|
|
],
|
|
"resource": "/Dockerfile.production.RUN",
|
|
"evaluations": null,
|
|
"check_class": "checkov.common.graph.checks_infra.base_check",
|
|
"fixed_definition": null,
|
|
"entity_tags": null,
|
|
"caller_file_path": null,
|
|
"caller_file_line_range": null,
|
|
"resource_address": null,
|
|
"severity": null,
|
|
"bc_category": null,
|
|
"benchmarks": null,
|
|
"description": null,
|
|
"short_description": null,
|
|
"vulnerability_details": null,
|
|
"connected_node": null,
|
|
"guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-apk-trusted",
|
|
"details": [],
|
|
"check_len": null,
|
|
"definition_context_file_path": null
|
|
},
|
|
{
|
|
"check_id": "CKV2_DOCKER_7",
|
|
"bc_check_id": null,
|
|
"check_name": "Ensure that packages with untrusted or missing signatures are not used by apk via the '--allow-untrusted' option",
|
|
"check_result": {
|
|
"result": "PASSED",
|
|
"entity": {
|
|
"block_name_": "RUN",
|
|
"block_type_": "resource",
|
|
"file_path_": "/Dockerfile.test",
|
|
"config_": {
|
|
"content": "RUN corepack enable && corepack prepare npm@10.5.0 --activate\n",
|
|
"value": "corepack enable && corepack prepare npm@10.5.0 --activate",
|
|
"__startline__": 4,
|
|
"__endline__": 4
|
|
},
|
|
"label_": "resource: RUN",
|
|
"id_": "RUN",
|
|
"source_": "Dockerfile",
|
|
"content": "RUN corepack enable && corepack prepare npm@10.5.0 --activate\n",
|
|
"value": "corepack enable && corepack prepare npm@10.5.0 --activate",
|
|
"__startline__": 4,
|
|
"__endline__": 4,
|
|
"resource_type": "RUN",
|
|
"hash": "1d5fb0a211498b8baf37e5744578ad03459da7798534298981f23fdefb7eb757"
|
|
},
|
|
"evaluated_keys": [
|
|
"value"
|
|
]
|
|
},
|
|
"code_block": [
|
|
[
|
|
5,
|
|
"RUN corepack enable && corepack prepare npm@10.5.0 --activate\n"
|
|
]
|
|
],
|
|
"file_path": "/Dockerfile.test",
|
|
"file_abs_path": "/scan/Dockerfile.test",
|
|
"repo_file_path": "/Dockerfile.test",
|
|
"file_line_range": [
|
|
5,
|
|
5
|
|
],
|
|
"resource": "/Dockerfile.test.RUN",
|
|
"evaluations": null,
|
|
"check_class": "checkov.common.graph.checks_infra.base_check",
|
|
"fixed_definition": null,
|
|
"entity_tags": null,
|
|
"caller_file_path": null,
|
|
"caller_file_line_range": null,
|
|
"resource_address": null,
|
|
"severity": null,
|
|
"bc_category": null,
|
|
"benchmarks": null,
|
|
"description": null,
|
|
"short_description": null,
|
|
"vulnerability_details": null,
|
|
"connected_node": null,
|
|
"guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-apk-trusted",
|
|
"details": [],
|
|
"check_len": null,
|
|
"definition_context_file_path": null
|
|
},
|
|
{
|
|
"check_id": "CKV2_DOCKER_7",
|
|
"bc_check_id": null,
|
|
"check_name": "Ensure that packages with untrusted or missing signatures are not used by apk via the '--allow-untrusted' option",
|
|
"check_result": {
|
|
"result": "PASSED",
|
|
"entity": {
|
|
"block_name_": "RUN",
|
|
"block_type_": "resource",
|
|
"file_path_": "/Dockerfile.test",
|
|
"config_": {
|
|
"content": "RUN npm install\n",
|
|
"value": "npm install",
|
|
"__startline__": 10,
|
|
"__endline__": 10
|
|
},
|
|
"label_": "resource: RUN",
|
|
"id_": "RUN",
|
|
"source_": "Dockerfile",
|
|
"content": "RUN npm install\n",
|
|
"value": "npm install",
|
|
"__startline__": 10,
|
|
"__endline__": 10,
|
|
"resource_type": "RUN",
|
|
"hash": "fb809e4860a3131df821aea9480445cc6e2f66dd52744dab5f3d2ef5b2848436"
|
|
},
|
|
"evaluated_keys": [
|
|
"value"
|
|
]
|
|
},
|
|
"code_block": [
|
|
[
|
|
11,
|
|
"RUN npm install\n"
|
|
]
|
|
],
|
|
"file_path": "/Dockerfile.test",
|
|
"file_abs_path": "/scan/Dockerfile.test",
|
|
"repo_file_path": "/Dockerfile.test",
|
|
"file_line_range": [
|
|
11,
|
|
11
|
|
],
|
|
"resource": "/Dockerfile.test.RUN",
|
|
"evaluations": null,
|
|
"check_class": "checkov.common.graph.checks_infra.base_check",
|
|
"fixed_definition": null,
|
|
"entity_tags": null,
|
|
"caller_file_path": null,
|
|
"caller_file_line_range": null,
|
|
"resource_address": null,
|
|
"severity": null,
|
|
"bc_category": null,
|
|
"benchmarks": null,
|
|
"description": null,
|
|
"short_description": null,
|
|
"vulnerability_details": null,
|
|
"connected_node": null,
|
|
"guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-apk-trusted",
|
|
"details": [],
|
|
"check_len": null,
|
|
"definition_context_file_path": null
|
|
},
|
|
{
|
|
"check_id": "CKV2_DOCKER_7",
|
|
"bc_check_id": null,
|
|
"check_name": "Ensure that packages with untrusted or missing signatures are not used by apk via the '--allow-untrusted' option",
|
|
"check_result": {
|
|
"result": "PASSED",
|
|
"entity": {
|
|
"block_name_": "RUN",
|
|
"block_type_": "resource",
|
|
"file_path_": "/Dockerfile.dev",
|
|
"config_": {
|
|
"content": "RUN npm install -g npm@10.5.0 --no-fund --no-audit\n",
|
|
"value": "npm install -g npm@10.5.0 --no-fund --no-audit",
|
|
"__startline__": 4,
|
|
"__endline__": 4
|
|
},
|
|
"label_": "resource: RUN",
|
|
"id_": "RUN",
|
|
"source_": "Dockerfile",
|
|
"content": "RUN npm install -g npm@10.5.0 --no-fund --no-audit\n",
|
|
"value": "npm install -g npm@10.5.0 --no-fund --no-audit",
|
|
"__startline__": 4,
|
|
"__endline__": 4,
|
|
"resource_type": "RUN",
|
|
"hash": "435bba968d1d0b4c410ea33851637829a16b2ad878f0b9531a737c7a444f91b9"
|
|
},
|
|
"evaluated_keys": [
|
|
"value"
|
|
]
|
|
},
|
|
"code_block": [
|
|
[
|
|
5,
|
|
"RUN npm install -g npm@10.5.0 --no-fund --no-audit\n"
|
|
]
|
|
],
|
|
"file_path": "/Dockerfile.dev",
|
|
"file_abs_path": "/scan/Dockerfile.dev",
|
|
"repo_file_path": "/Dockerfile.dev",
|
|
"file_line_range": [
|
|
5,
|
|
5
|
|
],
|
|
"resource": "/Dockerfile.dev.RUN",
|
|
"evaluations": null,
|
|
"check_class": "checkov.common.graph.checks_infra.base_check",
|
|
"fixed_definition": null,
|
|
"entity_tags": null,
|
|
"caller_file_path": null,
|
|
"caller_file_line_range": null,
|
|
"resource_address": null,
|
|
"severity": null,
|
|
"bc_category": null,
|
|
"benchmarks": null,
|
|
"description": null,
|
|
"short_description": null,
|
|
"vulnerability_details": null,
|
|
"connected_node": null,
|
|
"guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-apk-trusted",
|
|
"details": [],
|
|
"check_len": null,
|
|
"definition_context_file_path": null
|
|
},
|
|
{
|
|
"check_id": "CKV2_DOCKER_7",
|
|
"bc_check_id": null,
|
|
"check_name": "Ensure that packages with untrusted or missing signatures are not used by apk via the '--allow-untrusted' option",
|
|
"check_result": {
|
|
"result": "PASSED",
|
|
"entity": {
|
|
"block_name_": "RUN",
|
|
"block_type_": "resource",
|
|
"file_path_": "/Dockerfile.dev",
|
|
"config_": {
|
|
"content": "RUN npm ci --no-fund --no-audit\n",
|
|
"value": "npm ci --no-fund --no-audit",
|
|
"__startline__": 10,
|
|
"__endline__": 10
|
|
},
|
|
"label_": "resource: RUN",
|
|
"id_": "RUN",
|
|
"source_": "Dockerfile",
|
|
"content": "RUN npm ci --no-fund --no-audit\n",
|
|
"value": "npm ci --no-fund --no-audit",
|
|
"__startline__": 10,
|
|
"__endline__": 10,
|
|
"resource_type": "RUN",
|
|
"hash": "57abb1bbe03890ab19f47e5f96b9cbcee02aab65f6980d523df42faf41b709fa"
|
|
},
|
|
"evaluated_keys": [
|
|
"value"
|
|
]
|
|
},
|
|
"code_block": [
|
|
[
|
|
11,
|
|
"RUN npm ci --no-fund --no-audit\n"
|
|
]
|
|
],
|
|
"file_path": "/Dockerfile.dev",
|
|
"file_abs_path": "/scan/Dockerfile.dev",
|
|
"repo_file_path": "/Dockerfile.dev",
|
|
"file_line_range": [
|
|
11,
|
|
11
|
|
],
|
|
"resource": "/Dockerfile.dev.RUN",
|
|
"evaluations": null,
|
|
"check_class": "checkov.common.graph.checks_infra.base_check",
|
|
"fixed_definition": null,
|
|
"entity_tags": null,
|
|
"caller_file_path": null,
|
|
"caller_file_line_range": null,
|
|
"resource_address": null,
|
|
"severity": null,
|
|
"bc_category": null,
|
|
"benchmarks": null,
|
|
"description": null,
|
|
"short_description": null,
|
|
"vulnerability_details": null,
|
|
"connected_node": null,
|
|
"guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-apk-trusted",
|
|
"details": [],
|
|
"check_len": null,
|
|
"definition_context_file_path": null
|
|
},
|
|
{
|
|
"check_id": "CKV2_DOCKER_4",
|
|
"bc_check_id": null,
|
|
"check_name": "Ensure that certificate validation isn't disabled with the pip '--trusted-host' option",
|
|
"check_result": {
|
|
"result": "PASSED",
|
|
"entity": {
|
|
"block_name_": "RUN",
|
|
"block_type_": "resource",
|
|
"file_path_": "/Dockerfile.production",
|
|
"config_": {
|
|
"content": "RUN corepack enable && corepack prepare npm@10.5.0 --activate\n",
|
|
"value": "corepack enable && corepack prepare npm@10.5.0 --activate",
|
|
"__startline__": 4,
|
|
"__endline__": 4
|
|
},
|
|
"label_": "resource: RUN",
|
|
"id_": "RUN",
|
|
"source_": "Dockerfile",
|
|
"content": "RUN corepack enable && corepack prepare npm@10.5.0 --activate\n",
|
|
"value": "corepack enable && corepack prepare npm@10.5.0 --activate",
|
|
"__startline__": 4,
|
|
"__endline__": 4,
|
|
"resource_type": "RUN",
|
|
"hash": "dbd32b6bad6b728919787011f82d60c50d7b2d1c079f814de2b1640696c98816"
|
|
},
|
|
"evaluated_keys": [
|
|
"value"
|
|
]
|
|
},
|
|
"code_block": [
|
|
[
|
|
5,
|
|
"RUN corepack enable && corepack prepare npm@10.5.0 --activate\n"
|
|
]
|
|
],
|
|
"file_path": "/Dockerfile.production",
|
|
"file_abs_path": "/scan/Dockerfile.production",
|
|
"repo_file_path": "/Dockerfile.production",
|
|
"file_line_range": [
|
|
5,
|
|
5
|
|
],
|
|
"resource": "/Dockerfile.production.RUN",
|
|
"evaluations": null,
|
|
"check_class": "checkov.common.graph.checks_infra.base_check",
|
|
"fixed_definition": null,
|
|
"entity_tags": null,
|
|
"caller_file_path": null,
|
|
"caller_file_line_range": null,
|
|
"resource_address": null,
|
|
"severity": null,
|
|
"bc_category": null,
|
|
"benchmarks": null,
|
|
"description": null,
|
|
"short_description": null,
|
|
"vulnerability_details": null,
|
|
"connected_node": null,
|
|
"guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-pip-secure",
|
|
"details": [],
|
|
"check_len": null,
|
|
"definition_context_file_path": null
|
|
},
|
|
{
|
|
"check_id": "CKV2_DOCKER_4",
|
|
"bc_check_id": null,
|
|
"check_name": "Ensure that certificate validation isn't disabled with the pip '--trusted-host' option",
|
|
"check_result": {
|
|
"result": "PASSED",
|
|
"entity": {
|
|
"block_name_": "RUN",
|
|
"block_type_": "resource",
|
|
"file_path_": "/Dockerfile.production",
|
|
"config_": {
|
|
"content": "RUN npm install\n",
|
|
"value": "npm install",
|
|
"__startline__": 20,
|
|
"__endline__": 20
|
|
},
|
|
"label_": "resource: RUN",
|
|
"id_": "RUN",
|
|
"source_": "Dockerfile",
|
|
"content": "RUN npm install\n",
|
|
"value": "npm install",
|
|
"__startline__": 20,
|
|
"__endline__": 20,
|
|
"resource_type": "RUN",
|
|
"hash": "6979b14e6a853ac150ffef85c5e28fd49c956054ea2cb1d01440e13b17260c4a"
|
|
},
|
|
"evaluated_keys": [
|
|
"value"
|
|
]
|
|
},
|
|
"code_block": [
|
|
[
|
|
21,
|
|
"RUN npm install\n"
|
|
]
|
|
],
|
|
"file_path": "/Dockerfile.production",
|
|
"file_abs_path": "/scan/Dockerfile.production",
|
|
"repo_file_path": "/Dockerfile.production",
|
|
"file_line_range": [
|
|
21,
|
|
21
|
|
],
|
|
"resource": "/Dockerfile.production.RUN",
|
|
"evaluations": null,
|
|
"check_class": "checkov.common.graph.checks_infra.base_check",
|
|
"fixed_definition": null,
|
|
"entity_tags": null,
|
|
"caller_file_path": null,
|
|
"caller_file_line_range": null,
|
|
"resource_address": null,
|
|
"severity": null,
|
|
"bc_category": null,
|
|
"benchmarks": null,
|
|
"description": null,
|
|
"short_description": null,
|
|
"vulnerability_details": null,
|
|
"connected_node": null,
|
|
"guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-pip-secure",
|
|
"details": [],
|
|
"check_len": null,
|
|
"definition_context_file_path": null
|
|
},
|
|
{
|
|
"check_id": "CKV2_DOCKER_4",
|
|
"bc_check_id": null,
|
|
"check_name": "Ensure that certificate validation isn't disabled with the pip '--trusted-host' option",
|
|
"check_result": {
|
|
"result": "PASSED",
|
|
"entity": {
|
|
"block_name_": "RUN",
|
|
"block_type_": "resource",
|
|
"file_path_": "/Dockerfile.production",
|
|
"config_": {
|
|
"content": "RUN npm run db:generate\n",
|
|
"value": "npm run db:generate",
|
|
"__startline__": 21,
|
|
"__endline__": 21
|
|
},
|
|
"label_": "resource: RUN",
|
|
"id_": "RUN",
|
|
"source_": "Dockerfile",
|
|
"content": "RUN npm run db:generate\n",
|
|
"value": "npm run db:generate",
|
|
"__startline__": 21,
|
|
"__endline__": 21,
|
|
"resource_type": "RUN",
|
|
"hash": "c1f9cc0c42260bb0183d7e7b9ec2edab99837111ad42dbbdd7fad09ff3e37ab0"
|
|
},
|
|
"evaluated_keys": [
|
|
"value"
|
|
]
|
|
},
|
|
"code_block": [
|
|
[
|
|
22,
|
|
"RUN npm run db:generate\n"
|
|
]
|
|
],
|
|
"file_path": "/Dockerfile.production",
|
|
"file_abs_path": "/scan/Dockerfile.production",
|
|
"repo_file_path": "/Dockerfile.production",
|
|
"file_line_range": [
|
|
22,
|
|
22
|
|
],
|
|
"resource": "/Dockerfile.production.RUN",
|
|
"evaluations": null,
|
|
"check_class": "checkov.common.graph.checks_infra.base_check",
|
|
"fixed_definition": null,
|
|
"entity_tags": null,
|
|
"caller_file_path": null,
|
|
"caller_file_line_range": null,
|
|
"resource_address": null,
|
|
"severity": null,
|
|
"bc_category": null,
|
|
"benchmarks": null,
|
|
"description": null,
|
|
"short_description": null,
|
|
"vulnerability_details": null,
|
|
"connected_node": null,
|
|
"guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-pip-secure",
|
|
"details": [],
|
|
"check_len": null,
|
|
"definition_context_file_path": null
|
|
},
|
|
{
|
|
"check_id": "CKV2_DOCKER_4",
|
|
"bc_check_id": null,
|
|
"check_name": "Ensure that certificate validation isn't disabled with the pip '--trusted-host' option",
|
|
"check_result": {
|
|
"result": "PASSED",
|
|
"entity": {
|
|
"block_name_": "RUN",
|
|
"block_type_": "resource",
|
|
"file_path_": "/Dockerfile.production",
|
|
"config_": {
|
|
"content": "RUN npm run build\n",
|
|
"value": "npm run build",
|
|
"__startline__": 22,
|
|
"__endline__": 22
|
|
},
|
|
"label_": "resource: RUN",
|
|
"id_": "RUN",
|
|
"source_": "Dockerfile",
|
|
"content": "RUN npm run build\n",
|
|
"value": "npm run build",
|
|
"__startline__": 22,
|
|
"__endline__": 22,
|
|
"resource_type": "RUN",
|
|
"hash": "1bf185fb6038f1b491f2a2686de4dd9869ccdd9c3e34d2772cf43bd368377aa6"
|
|
},
|
|
"evaluated_keys": [
|
|
"value"
|
|
]
|
|
},
|
|
"code_block": [
|
|
[
|
|
23,
|
|
"RUN npm run build\n"
|
|
]
|
|
],
|
|
"file_path": "/Dockerfile.production",
|
|
"file_abs_path": "/scan/Dockerfile.production",
|
|
"repo_file_path": "/Dockerfile.production",
|
|
"file_line_range": [
|
|
23,
|
|
23
|
|
],
|
|
"resource": "/Dockerfile.production.RUN",
|
|
"evaluations": null,
|
|
"check_class": "checkov.common.graph.checks_infra.base_check",
|
|
"fixed_definition": null,
|
|
"entity_tags": null,
|
|
"caller_file_path": null,
|
|
"caller_file_line_range": null,
|
|
"resource_address": null,
|
|
"severity": null,
|
|
"bc_category": null,
|
|
"benchmarks": null,
|
|
"description": null,
|
|
"short_description": null,
|
|
"vulnerability_details": null,
|
|
"connected_node": null,
|
|
"guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-pip-secure",
|
|
"details": [],
|
|
"check_len": null,
|
|
"definition_context_file_path": null
|
|
},
|
|
{
|
|
"check_id": "CKV2_DOCKER_4",
|
|
"bc_check_id": null,
|
|
"check_name": "Ensure that certificate validation isn't disabled with the pip '--trusted-host' option",
|
|
"check_result": {
|
|
"result": "PASSED",
|
|
"entity": {
|
|
"block_name_": "RUN",
|
|
"block_type_": "resource",
|
|
"file_path_": "/Dockerfile.production",
|
|
"config_": {
|
|
"content": "RUN corepack enable && corepack prepare npm@10.5.0 --activate\n",
|
|
"value": "corepack enable && corepack prepare npm@10.5.0 --activate",
|
|
"__startline__": 30,
|
|
"__endline__": 30
|
|
},
|
|
"label_": "resource: RUN",
|
|
"id_": "RUN",
|
|
"source_": "Dockerfile",
|
|
"content": "RUN corepack enable && corepack prepare npm@10.5.0 --activate\n",
|
|
"value": "corepack enable && corepack prepare npm@10.5.0 --activate",
|
|
"__startline__": 30,
|
|
"__endline__": 30,
|
|
"resource_type": "RUN",
|
|
"hash": "01c88e306f7db45ae7136e3bdb63c4b15978dd024f6ed18210961fc3db3df382"
|
|
},
|
|
"evaluated_keys": [
|
|
"value"
|
|
]
|
|
},
|
|
"code_block": [
|
|
[
|
|
31,
|
|
"RUN corepack enable && corepack prepare npm@10.5.0 --activate\n"
|
|
]
|
|
],
|
|
"file_path": "/Dockerfile.production",
|
|
"file_abs_path": "/scan/Dockerfile.production",
|
|
"repo_file_path": "/Dockerfile.production",
|
|
"file_line_range": [
|
|
31,
|
|
31
|
|
],
|
|
"resource": "/Dockerfile.production.RUN",
|
|
"evaluations": null,
|
|
"check_class": "checkov.common.graph.checks_infra.base_check",
|
|
"fixed_definition": null,
|
|
"entity_tags": null,
|
|
"caller_file_path": null,
|
|
"caller_file_line_range": null,
|
|
"resource_address": null,
|
|
"severity": null,
|
|
"bc_category": null,
|
|
"benchmarks": null,
|
|
"description": null,
|
|
"short_description": null,
|
|
"vulnerability_details": null,
|
|
"connected_node": null,
|
|
"guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-pip-secure",
|
|
"details": [],
|
|
"check_len": null,
|
|
"definition_context_file_path": null
|
|
},
|
|
{
|
|
"check_id": "CKV2_DOCKER_4",
|
|
"bc_check_id": null,
|
|
"check_name": "Ensure that certificate validation isn't disabled with the pip '--trusted-host' option",
|
|
"check_result": {
|
|
"result": "PASSED",
|
|
"entity": {
|
|
"block_name_": "RUN",
|
|
"block_type_": "resource",
|
|
"file_path_": "/Dockerfile.test",
|
|
"config_": {
|
|
"content": "RUN corepack enable && corepack prepare npm@10.5.0 --activate\n",
|
|
"value": "corepack enable && corepack prepare npm@10.5.0 --activate",
|
|
"__startline__": 4,
|
|
"__endline__": 4
|
|
},
|
|
"label_": "resource: RUN",
|
|
"id_": "RUN",
|
|
"source_": "Dockerfile",
|
|
"content": "RUN corepack enable && corepack prepare npm@10.5.0 --activate\n",
|
|
"value": "corepack enable && corepack prepare npm@10.5.0 --activate",
|
|
"__startline__": 4,
|
|
"__endline__": 4,
|
|
"resource_type": "RUN",
|
|
"hash": "1d5fb0a211498b8baf37e5744578ad03459da7798534298981f23fdefb7eb757"
|
|
},
|
|
"evaluated_keys": [
|
|
"value"
|
|
]
|
|
},
|
|
"code_block": [
|
|
[
|
|
5,
|
|
"RUN corepack enable && corepack prepare npm@10.5.0 --activate\n"
|
|
]
|
|
],
|
|
"file_path": "/Dockerfile.test",
|
|
"file_abs_path": "/scan/Dockerfile.test",
|
|
"repo_file_path": "/Dockerfile.test",
|
|
"file_line_range": [
|
|
5,
|
|
5
|
|
],
|
|
"resource": "/Dockerfile.test.RUN",
|
|
"evaluations": null,
|
|
"check_class": "checkov.common.graph.checks_infra.base_check",
|
|
"fixed_definition": null,
|
|
"entity_tags": null,
|
|
"caller_file_path": null,
|
|
"caller_file_line_range": null,
|
|
"resource_address": null,
|
|
"severity": null,
|
|
"bc_category": null,
|
|
"benchmarks": null,
|
|
"description": null,
|
|
"short_description": null,
|
|
"vulnerability_details": null,
|
|
"connected_node": null,
|
|
"guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-pip-secure",
|
|
"details": [],
|
|
"check_len": null,
|
|
"definition_context_file_path": null
|
|
},
|
|
{
|
|
"check_id": "CKV2_DOCKER_4",
|
|
"bc_check_id": null,
|
|
"check_name": "Ensure that certificate validation isn't disabled with the pip '--trusted-host' option",
|
|
"check_result": {
|
|
"result": "PASSED",
|
|
"entity": {
|
|
"block_name_": "RUN",
|
|
"block_type_": "resource",
|
|
"file_path_": "/Dockerfile.test",
|
|
"config_": {
|
|
"content": "RUN npm install\n",
|
|
"value": "npm install",
|
|
"__startline__": 10,
|
|
"__endline__": 10
|
|
},
|
|
"label_": "resource: RUN",
|
|
"id_": "RUN",
|
|
"source_": "Dockerfile",
|
|
"content": "RUN npm install\n",
|
|
"value": "npm install",
|
|
"__startline__": 10,
|
|
"__endline__": 10,
|
|
"resource_type": "RUN",
|
|
"hash": "fb809e4860a3131df821aea9480445cc6e2f66dd52744dab5f3d2ef5b2848436"
|
|
},
|
|
"evaluated_keys": [
|
|
"value"
|
|
]
|
|
},
|
|
"code_block": [
|
|
[
|
|
11,
|
|
"RUN npm install\n"
|
|
]
|
|
],
|
|
"file_path": "/Dockerfile.test",
|
|
"file_abs_path": "/scan/Dockerfile.test",
|
|
"repo_file_path": "/Dockerfile.test",
|
|
"file_line_range": [
|
|
11,
|
|
11
|
|
],
|
|
"resource": "/Dockerfile.test.RUN",
|
|
"evaluations": null,
|
|
"check_class": "checkov.common.graph.checks_infra.base_check",
|
|
"fixed_definition": null,
|
|
"entity_tags": null,
|
|
"caller_file_path": null,
|
|
"caller_file_line_range": null,
|
|
"resource_address": null,
|
|
"severity": null,
|
|
"bc_category": null,
|
|
"benchmarks": null,
|
|
"description": null,
|
|
"short_description": null,
|
|
"vulnerability_details": null,
|
|
"connected_node": null,
|
|
"guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-pip-secure",
|
|
"details": [],
|
|
"check_len": null,
|
|
"definition_context_file_path": null
|
|
},
|
|
{
|
|
"check_id": "CKV2_DOCKER_4",
|
|
"bc_check_id": null,
|
|
"check_name": "Ensure that certificate validation isn't disabled with the pip '--trusted-host' option",
|
|
"check_result": {
|
|
"result": "PASSED",
|
|
"entity": {
|
|
"block_name_": "RUN",
|
|
"block_type_": "resource",
|
|
"file_path_": "/Dockerfile.dev",
|
|
"config_": {
|
|
"content": "RUN npm install -g npm@10.5.0 --no-fund --no-audit\n",
|
|
"value": "npm install -g npm@10.5.0 --no-fund --no-audit",
|
|
"__startline__": 4,
|
|
"__endline__": 4
|
|
},
|
|
"label_": "resource: RUN",
|
|
"id_": "RUN",
|
|
"source_": "Dockerfile",
|
|
"content": "RUN npm install -g npm@10.5.0 --no-fund --no-audit\n",
|
|
"value": "npm install -g npm@10.5.0 --no-fund --no-audit",
|
|
"__startline__": 4,
|
|
"__endline__": 4,
|
|
"resource_type": "RUN",
|
|
"hash": "435bba968d1d0b4c410ea33851637829a16b2ad878f0b9531a737c7a444f91b9"
|
|
},
|
|
"evaluated_keys": [
|
|
"value"
|
|
]
|
|
},
|
|
"code_block": [
|
|
[
|
|
5,
|
|
"RUN npm install -g npm@10.5.0 --no-fund --no-audit\n"
|
|
]
|
|
],
|
|
"file_path": "/Dockerfile.dev",
|
|
"file_abs_path": "/scan/Dockerfile.dev",
|
|
"repo_file_path": "/Dockerfile.dev",
|
|
"file_line_range": [
|
|
5,
|
|
5
|
|
],
|
|
"resource": "/Dockerfile.dev.RUN",
|
|
"evaluations": null,
|
|
"check_class": "checkov.common.graph.checks_infra.base_check",
|
|
"fixed_definition": null,
|
|
"entity_tags": null,
|
|
"caller_file_path": null,
|
|
"caller_file_line_range": null,
|
|
"resource_address": null,
|
|
"severity": null,
|
|
"bc_category": null,
|
|
"benchmarks": null,
|
|
"description": null,
|
|
"short_description": null,
|
|
"vulnerability_details": null,
|
|
"connected_node": null,
|
|
"guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-pip-secure",
|
|
"details": [],
|
|
"check_len": null,
|
|
"definition_context_file_path": null
|
|
},
|
|
{
|
|
"check_id": "CKV2_DOCKER_4",
|
|
"bc_check_id": null,
|
|
"check_name": "Ensure that certificate validation isn't disabled with the pip '--trusted-host' option",
|
|
"check_result": {
|
|
"result": "PASSED",
|
|
"entity": {
|
|
"block_name_": "RUN",
|
|
"block_type_": "resource",
|
|
"file_path_": "/Dockerfile.dev",
|
|
"config_": {
|
|
"content": "RUN npm ci --no-fund --no-audit\n",
|
|
"value": "npm ci --no-fund --no-audit",
|
|
"__startline__": 10,
|
|
"__endline__": 10
|
|
},
|
|
"label_": "resource: RUN",
|
|
"id_": "RUN",
|
|
"source_": "Dockerfile",
|
|
"content": "RUN npm ci --no-fund --no-audit\n",
|
|
"value": "npm ci --no-fund --no-audit",
|
|
"__startline__": 10,
|
|
"__endline__": 10,
|
|
"resource_type": "RUN",
|
|
"hash": "57abb1bbe03890ab19f47e5f96b9cbcee02aab65f6980d523df42faf41b709fa"
|
|
},
|
|
"evaluated_keys": [
|
|
"value"
|
|
]
|
|
},
|
|
"code_block": [
|
|
[
|
|
11,
|
|
"RUN npm ci --no-fund --no-audit\n"
|
|
]
|
|
],
|
|
"file_path": "/Dockerfile.dev",
|
|
"file_abs_path": "/scan/Dockerfile.dev",
|
|
"repo_file_path": "/Dockerfile.dev",
|
|
"file_line_range": [
|
|
11,
|
|
11
|
|
],
|
|
"resource": "/Dockerfile.dev.RUN",
|
|
"evaluations": null,
|
|
"check_class": "checkov.common.graph.checks_infra.base_check",
|
|
"fixed_definition": null,
|
|
"entity_tags": null,
|
|
"caller_file_path": null,
|
|
"caller_file_line_range": null,
|
|
"resource_address": null,
|
|
"severity": null,
|
|
"bc_category": null,
|
|
"benchmarks": null,
|
|
"description": null,
|
|
"short_description": null,
|
|
"vulnerability_details": null,
|
|
"connected_node": null,
|
|
"guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-pip-secure",
|
|
"details": [],
|
|
"check_len": null,
|
|
"definition_context_file_path": null
|
|
},
|
|
{
|
|
"check_id": "CKV2_DOCKER_2",
|
|
"bc_check_id": null,
|
|
"check_name": "Ensure that certificate validation isn't disabled with curl",
|
|
"check_result": {
|
|
"result": "PASSED",
|
|
"entity": {
|
|
"block_name_": "RUN",
|
|
"block_type_": "resource",
|
|
"file_path_": "/Dockerfile.production",
|
|
"config_": {
|
|
"content": "RUN corepack enable && corepack prepare npm@10.5.0 --activate\n",
|
|
"value": "corepack enable && corepack prepare npm@10.5.0 --activate",
|
|
"__startline__": 4,
|
|
"__endline__": 4
|
|
},
|
|
"label_": "resource: RUN",
|
|
"id_": "RUN",
|
|
"source_": "Dockerfile",
|
|
"content": "RUN corepack enable && corepack prepare npm@10.5.0 --activate\n",
|
|
"value": "corepack enable && corepack prepare npm@10.5.0 --activate",
|
|
"__startline__": 4,
|
|
"__endline__": 4,
|
|
"resource_type": "RUN",
|
|
"hash": "dbd32b6bad6b728919787011f82d60c50d7b2d1c079f814de2b1640696c98816"
|
|
},
|
|
"evaluated_keys": [
|
|
"value"
|
|
]
|
|
},
|
|
"code_block": [
|
|
[
|
|
5,
|
|
"RUN corepack enable && corepack prepare npm@10.5.0 --activate\n"
|
|
]
|
|
],
|
|
"file_path": "/Dockerfile.production",
|
|
"file_abs_path": "/scan/Dockerfile.production",
|
|
"repo_file_path": "/Dockerfile.production",
|
|
"file_line_range": [
|
|
5,
|
|
5
|
|
],
|
|
"resource": "/Dockerfile.production.RUN",
|
|
"evaluations": null,
|
|
"check_class": "checkov.common.graph.checks_infra.base_check",
|
|
"fixed_definition": null,
|
|
"entity_tags": null,
|
|
"caller_file_path": null,
|
|
"caller_file_line_range": null,
|
|
"resource_address": null,
|
|
"severity": null,
|
|
"bc_category": null,
|
|
"benchmarks": null,
|
|
"description": null,
|
|
"short_description": null,
|
|
"vulnerability_details": null,
|
|
"connected_node": null,
|
|
"guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-curl-secure",
|
|
"details": [],
|
|
"check_len": null,
|
|
"definition_context_file_path": null
|
|
},
|
|
{
|
|
"check_id": "CKV2_DOCKER_2",
|
|
"bc_check_id": null,
|
|
"check_name": "Ensure that certificate validation isn't disabled with curl",
|
|
"check_result": {
|
|
"result": "PASSED",
|
|
"entity": {
|
|
"block_name_": "RUN",
|
|
"block_type_": "resource",
|
|
"file_path_": "/Dockerfile.production",
|
|
"config_": {
|
|
"content": "RUN npm install\n",
|
|
"value": "npm install",
|
|
"__startline__": 20,
|
|
"__endline__": 20
|
|
},
|
|
"label_": "resource: RUN",
|
|
"id_": "RUN",
|
|
"source_": "Dockerfile",
|
|
"content": "RUN npm install\n",
|
|
"value": "npm install",
|
|
"__startline__": 20,
|
|
"__endline__": 20,
|
|
"resource_type": "RUN",
|
|
"hash": "6979b14e6a853ac150ffef85c5e28fd49c956054ea2cb1d01440e13b17260c4a"
|
|
},
|
|
"evaluated_keys": [
|
|
"value"
|
|
]
|
|
},
|
|
"code_block": [
|
|
[
|
|
21,
|
|
"RUN npm install\n"
|
|
]
|
|
],
|
|
"file_path": "/Dockerfile.production",
|
|
"file_abs_path": "/scan/Dockerfile.production",
|
|
"repo_file_path": "/Dockerfile.production",
|
|
"file_line_range": [
|
|
21,
|
|
21
|
|
],
|
|
"resource": "/Dockerfile.production.RUN",
|
|
"evaluations": null,
|
|
"check_class": "checkov.common.graph.checks_infra.base_check",
|
|
"fixed_definition": null,
|
|
"entity_tags": null,
|
|
"caller_file_path": null,
|
|
"caller_file_line_range": null,
|
|
"resource_address": null,
|
|
"severity": null,
|
|
"bc_category": null,
|
|
"benchmarks": null,
|
|
"description": null,
|
|
"short_description": null,
|
|
"vulnerability_details": null,
|
|
"connected_node": null,
|
|
"guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-curl-secure",
|
|
"details": [],
|
|
"check_len": null,
|
|
"definition_context_file_path": null
|
|
},
|
|
{
|
|
"check_id": "CKV2_DOCKER_2",
|
|
"bc_check_id": null,
|
|
"check_name": "Ensure that certificate validation isn't disabled with curl",
|
|
"check_result": {
|
|
"result": "PASSED",
|
|
"entity": {
|
|
"block_name_": "RUN",
|
|
"block_type_": "resource",
|
|
"file_path_": "/Dockerfile.production",
|
|
"config_": {
|
|
"content": "RUN npm run db:generate\n",
|
|
"value": "npm run db:generate",
|
|
"__startline__": 21,
|
|
"__endline__": 21
|
|
},
|
|
"label_": "resource: RUN",
|
|
"id_": "RUN",
|
|
"source_": "Dockerfile",
|
|
"content": "RUN npm run db:generate\n",
|
|
"value": "npm run db:generate",
|
|
"__startline__": 21,
|
|
"__endline__": 21,
|
|
"resource_type": "RUN",
|
|
"hash": "c1f9cc0c42260bb0183d7e7b9ec2edab99837111ad42dbbdd7fad09ff3e37ab0"
|
|
},
|
|
"evaluated_keys": [
|
|
"value"
|
|
]
|
|
},
|
|
"code_block": [
|
|
[
|
|
22,
|
|
"RUN npm run db:generate\n"
|
|
]
|
|
],
|
|
"file_path": "/Dockerfile.production",
|
|
"file_abs_path": "/scan/Dockerfile.production",
|
|
"repo_file_path": "/Dockerfile.production",
|
|
"file_line_range": [
|
|
22,
|
|
22
|
|
],
|
|
"resource": "/Dockerfile.production.RUN",
|
|
"evaluations": null,
|
|
"check_class": "checkov.common.graph.checks_infra.base_check",
|
|
"fixed_definition": null,
|
|
"entity_tags": null,
|
|
"caller_file_path": null,
|
|
"caller_file_line_range": null,
|
|
"resource_address": null,
|
|
"severity": null,
|
|
"bc_category": null,
|
|
"benchmarks": null,
|
|
"description": null,
|
|
"short_description": null,
|
|
"vulnerability_details": null,
|
|
"connected_node": null,
|
|
"guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-curl-secure",
|
|
"details": [],
|
|
"check_len": null,
|
|
"definition_context_file_path": null
|
|
},
|
|
{
|
|
"check_id": "CKV2_DOCKER_2",
|
|
"bc_check_id": null,
|
|
"check_name": "Ensure that certificate validation isn't disabled with curl",
|
|
"check_result": {
|
|
"result": "PASSED",
|
|
"entity": {
|
|
"block_name_": "RUN",
|
|
"block_type_": "resource",
|
|
"file_path_": "/Dockerfile.production",
|
|
"config_": {
|
|
"content": "RUN npm run build\n",
|
|
"value": "npm run build",
|
|
"__startline__": 22,
|
|
"__endline__": 22
|
|
},
|
|
"label_": "resource: RUN",
|
|
"id_": "RUN",
|
|
"source_": "Dockerfile",
|
|
"content": "RUN npm run build\n",
|
|
"value": "npm run build",
|
|
"__startline__": 22,
|
|
"__endline__": 22,
|
|
"resource_type": "RUN",
|
|
"hash": "1bf185fb6038f1b491f2a2686de4dd9869ccdd9c3e34d2772cf43bd368377aa6"
|
|
},
|
|
"evaluated_keys": [
|
|
"value"
|
|
]
|
|
},
|
|
"code_block": [
|
|
[
|
|
23,
|
|
"RUN npm run build\n"
|
|
]
|
|
],
|
|
"file_path": "/Dockerfile.production",
|
|
"file_abs_path": "/scan/Dockerfile.production",
|
|
"repo_file_path": "/Dockerfile.production",
|
|
"file_line_range": [
|
|
23,
|
|
23
|
|
],
|
|
"resource": "/Dockerfile.production.RUN",
|
|
"evaluations": null,
|
|
"check_class": "checkov.common.graph.checks_infra.base_check",
|
|
"fixed_definition": null,
|
|
"entity_tags": null,
|
|
"caller_file_path": null,
|
|
"caller_file_line_range": null,
|
|
"resource_address": null,
|
|
"severity": null,
|
|
"bc_category": null,
|
|
"benchmarks": null,
|
|
"description": null,
|
|
"short_description": null,
|
|
"vulnerability_details": null,
|
|
"connected_node": null,
|
|
"guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-curl-secure",
|
|
"details": [],
|
|
"check_len": null,
|
|
"definition_context_file_path": null
|
|
},
|
|
{
|
|
"check_id": "CKV2_DOCKER_2",
|
|
"bc_check_id": null,
|
|
"check_name": "Ensure that certificate validation isn't disabled with curl",
|
|
"check_result": {
|
|
"result": "PASSED",
|
|
"entity": {
|
|
"block_name_": "RUN",
|
|
"block_type_": "resource",
|
|
"file_path_": "/Dockerfile.production",
|
|
"config_": {
|
|
"content": "RUN corepack enable && corepack prepare npm@10.5.0 --activate\n",
|
|
"value": "corepack enable && corepack prepare npm@10.5.0 --activate",
|
|
"__startline__": 30,
|
|
"__endline__": 30
|
|
},
|
|
"label_": "resource: RUN",
|
|
"id_": "RUN",
|
|
"source_": "Dockerfile",
|
|
"content": "RUN corepack enable && corepack prepare npm@10.5.0 --activate\n",
|
|
"value": "corepack enable && corepack prepare npm@10.5.0 --activate",
|
|
"__startline__": 30,
|
|
"__endline__": 30,
|
|
"resource_type": "RUN",
|
|
"hash": "01c88e306f7db45ae7136e3bdb63c4b15978dd024f6ed18210961fc3db3df382"
|
|
},
|
|
"evaluated_keys": [
|
|
"value"
|
|
]
|
|
},
|
|
"code_block": [
|
|
[
|
|
31,
|
|
"RUN corepack enable && corepack prepare npm@10.5.0 --activate\n"
|
|
]
|
|
],
|
|
"file_path": "/Dockerfile.production",
|
|
"file_abs_path": "/scan/Dockerfile.production",
|
|
"repo_file_path": "/Dockerfile.production",
|
|
"file_line_range": [
|
|
31,
|
|
31
|
|
],
|
|
"resource": "/Dockerfile.production.RUN",
|
|
"evaluations": null,
|
|
"check_class": "checkov.common.graph.checks_infra.base_check",
|
|
"fixed_definition": null,
|
|
"entity_tags": null,
|
|
"caller_file_path": null,
|
|
"caller_file_line_range": null,
|
|
"resource_address": null,
|
|
"severity": null,
|
|
"bc_category": null,
|
|
"benchmarks": null,
|
|
"description": null,
|
|
"short_description": null,
|
|
"vulnerability_details": null,
|
|
"connected_node": null,
|
|
"guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-curl-secure",
|
|
"details": [],
|
|
"check_len": null,
|
|
"definition_context_file_path": null
|
|
},
|
|
{
|
|
"check_id": "CKV2_DOCKER_2",
|
|
"bc_check_id": null,
|
|
"check_name": "Ensure that certificate validation isn't disabled with curl",
|
|
"check_result": {
|
|
"result": "PASSED",
|
|
"entity": {
|
|
"block_name_": "RUN",
|
|
"block_type_": "resource",
|
|
"file_path_": "/Dockerfile.test",
|
|
"config_": {
|
|
"content": "RUN corepack enable && corepack prepare npm@10.5.0 --activate\n",
|
|
"value": "corepack enable && corepack prepare npm@10.5.0 --activate",
|
|
"__startline__": 4,
|
|
"__endline__": 4
|
|
},
|
|
"label_": "resource: RUN",
|
|
"id_": "RUN",
|
|
"source_": "Dockerfile",
|
|
"content": "RUN corepack enable && corepack prepare npm@10.5.0 --activate\n",
|
|
"value": "corepack enable && corepack prepare npm@10.5.0 --activate",
|
|
"__startline__": 4,
|
|
"__endline__": 4,
|
|
"resource_type": "RUN",
|
|
"hash": "1d5fb0a211498b8baf37e5744578ad03459da7798534298981f23fdefb7eb757"
|
|
},
|
|
"evaluated_keys": [
|
|
"value"
|
|
]
|
|
},
|
|
"code_block": [
|
|
[
|
|
5,
|
|
"RUN corepack enable && corepack prepare npm@10.5.0 --activate\n"
|
|
]
|
|
],
|
|
"file_path": "/Dockerfile.test",
|
|
"file_abs_path": "/scan/Dockerfile.test",
|
|
"repo_file_path": "/Dockerfile.test",
|
|
"file_line_range": [
|
|
5,
|
|
5
|
|
],
|
|
"resource": "/Dockerfile.test.RUN",
|
|
"evaluations": null,
|
|
"check_class": "checkov.common.graph.checks_infra.base_check",
|
|
"fixed_definition": null,
|
|
"entity_tags": null,
|
|
"caller_file_path": null,
|
|
"caller_file_line_range": null,
|
|
"resource_address": null,
|
|
"severity": null,
|
|
"bc_category": null,
|
|
"benchmarks": null,
|
|
"description": null,
|
|
"short_description": null,
|
|
"vulnerability_details": null,
|
|
"connected_node": null,
|
|
"guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-curl-secure",
|
|
"details": [],
|
|
"check_len": null,
|
|
"definition_context_file_path": null
|
|
},
|
|
{
|
|
"check_id": "CKV2_DOCKER_2",
|
|
"bc_check_id": null,
|
|
"check_name": "Ensure that certificate validation isn't disabled with curl",
|
|
"check_result": {
|
|
"result": "PASSED",
|
|
"entity": {
|
|
"block_name_": "RUN",
|
|
"block_type_": "resource",
|
|
"file_path_": "/Dockerfile.test",
|
|
"config_": {
|
|
"content": "RUN npm install\n",
|
|
"value": "npm install",
|
|
"__startline__": 10,
|
|
"__endline__": 10
|
|
},
|
|
"label_": "resource: RUN",
|
|
"id_": "RUN",
|
|
"source_": "Dockerfile",
|
|
"content": "RUN npm install\n",
|
|
"value": "npm install",
|
|
"__startline__": 10,
|
|
"__endline__": 10,
|
|
"resource_type": "RUN",
|
|
"hash": "fb809e4860a3131df821aea9480445cc6e2f66dd52744dab5f3d2ef5b2848436"
|
|
},
|
|
"evaluated_keys": [
|
|
"value"
|
|
]
|
|
},
|
|
"code_block": [
|
|
[
|
|
11,
|
|
"RUN npm install\n"
|
|
]
|
|
],
|
|
"file_path": "/Dockerfile.test",
|
|
"file_abs_path": "/scan/Dockerfile.test",
|
|
"repo_file_path": "/Dockerfile.test",
|
|
"file_line_range": [
|
|
11,
|
|
11
|
|
],
|
|
"resource": "/Dockerfile.test.RUN",
|
|
"evaluations": null,
|
|
"check_class": "checkov.common.graph.checks_infra.base_check",
|
|
"fixed_definition": null,
|
|
"entity_tags": null,
|
|
"caller_file_path": null,
|
|
"caller_file_line_range": null,
|
|
"resource_address": null,
|
|
"severity": null,
|
|
"bc_category": null,
|
|
"benchmarks": null,
|
|
"description": null,
|
|
"short_description": null,
|
|
"vulnerability_details": null,
|
|
"connected_node": null,
|
|
"guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-curl-secure",
|
|
"details": [],
|
|
"check_len": null,
|
|
"definition_context_file_path": null
|
|
},
|
|
{
|
|
"check_id": "CKV2_DOCKER_2",
|
|
"bc_check_id": null,
|
|
"check_name": "Ensure that certificate validation isn't disabled with curl",
|
|
"check_result": {
|
|
"result": "PASSED",
|
|
"entity": {
|
|
"block_name_": "RUN",
|
|
"block_type_": "resource",
|
|
"file_path_": "/Dockerfile.dev",
|
|
"config_": {
|
|
"content": "RUN npm install -g npm@10.5.0 --no-fund --no-audit\n",
|
|
"value": "npm install -g npm@10.5.0 --no-fund --no-audit",
|
|
"__startline__": 4,
|
|
"__endline__": 4
|
|
},
|
|
"label_": "resource: RUN",
|
|
"id_": "RUN",
|
|
"source_": "Dockerfile",
|
|
"content": "RUN npm install -g npm@10.5.0 --no-fund --no-audit\n",
|
|
"value": "npm install -g npm@10.5.0 --no-fund --no-audit",
|
|
"__startline__": 4,
|
|
"__endline__": 4,
|
|
"resource_type": "RUN",
|
|
"hash": "435bba968d1d0b4c410ea33851637829a16b2ad878f0b9531a737c7a444f91b9"
|
|
},
|
|
"evaluated_keys": [
|
|
"value"
|
|
]
|
|
},
|
|
"code_block": [
|
|
[
|
|
5,
|
|
"RUN npm install -g npm@10.5.0 --no-fund --no-audit\n"
|
|
]
|
|
],
|
|
"file_path": "/Dockerfile.dev",
|
|
"file_abs_path": "/scan/Dockerfile.dev",
|
|
"repo_file_path": "/Dockerfile.dev",
|
|
"file_line_range": [
|
|
5,
|
|
5
|
|
],
|
|
"resource": "/Dockerfile.dev.RUN",
|
|
"evaluations": null,
|
|
"check_class": "checkov.common.graph.checks_infra.base_check",
|
|
"fixed_definition": null,
|
|
"entity_tags": null,
|
|
"caller_file_path": null,
|
|
"caller_file_line_range": null,
|
|
"resource_address": null,
|
|
"severity": null,
|
|
"bc_category": null,
|
|
"benchmarks": null,
|
|
"description": null,
|
|
"short_description": null,
|
|
"vulnerability_details": null,
|
|
"connected_node": null,
|
|
"guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-curl-secure",
|
|
"details": [],
|
|
"check_len": null,
|
|
"definition_context_file_path": null
|
|
},
|
|
{
|
|
"check_id": "CKV2_DOCKER_2",
|
|
"bc_check_id": null,
|
|
"check_name": "Ensure that certificate validation isn't disabled with curl",
|
|
"check_result": {
|
|
"result": "PASSED",
|
|
"entity": {
|
|
"block_name_": "RUN",
|
|
"block_type_": "resource",
|
|
"file_path_": "/Dockerfile.dev",
|
|
"config_": {
|
|
"content": "RUN npm ci --no-fund --no-audit\n",
|
|
"value": "npm ci --no-fund --no-audit",
|
|
"__startline__": 10,
|
|
"__endline__": 10
|
|
},
|
|
"label_": "resource: RUN",
|
|
"id_": "RUN",
|
|
"source_": "Dockerfile",
|
|
"content": "RUN npm ci --no-fund --no-audit\n",
|
|
"value": "npm ci --no-fund --no-audit",
|
|
"__startline__": 10,
|
|
"__endline__": 10,
|
|
"resource_type": "RUN",
|
|
"hash": "57abb1bbe03890ab19f47e5f96b9cbcee02aab65f6980d523df42faf41b709fa"
|
|
},
|
|
"evaluated_keys": [
|
|
"value"
|
|
]
|
|
},
|
|
"code_block": [
|
|
[
|
|
11,
|
|
"RUN npm ci --no-fund --no-audit\n"
|
|
]
|
|
],
|
|
"file_path": "/Dockerfile.dev",
|
|
"file_abs_path": "/scan/Dockerfile.dev",
|
|
"repo_file_path": "/Dockerfile.dev",
|
|
"file_line_range": [
|
|
11,
|
|
11
|
|
],
|
|
"resource": "/Dockerfile.dev.RUN",
|
|
"evaluations": null,
|
|
"check_class": "checkov.common.graph.checks_infra.base_check",
|
|
"fixed_definition": null,
|
|
"entity_tags": null,
|
|
"caller_file_path": null,
|
|
"caller_file_line_range": null,
|
|
"resource_address": null,
|
|
"severity": null,
|
|
"bc_category": null,
|
|
"benchmarks": null,
|
|
"description": null,
|
|
"short_description": null,
|
|
"vulnerability_details": null,
|
|
"connected_node": null,
|
|
"guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-curl-secure",
|
|
"details": [],
|
|
"check_len": null,
|
|
"definition_context_file_path": null
|
|
},
|
|
{
|
|
"check_id": "CKV2_DOCKER_9",
|
|
"bc_check_id": null,
|
|
"check_name": "Ensure that packages with untrusted or missing GPG signatures are not used by dnf, tdnf, or yum via the '--nogpgcheck' option",
|
|
"check_result": {
|
|
"result": "PASSED",
|
|
"entity": {
|
|
"block_name_": "RUN",
|
|
"block_type_": "resource",
|
|
"file_path_": "/Dockerfile.production",
|
|
"config_": {
|
|
"content": "RUN corepack enable && corepack prepare npm@10.5.0 --activate\n",
|
|
"value": "corepack enable && corepack prepare npm@10.5.0 --activate",
|
|
"__startline__": 4,
|
|
"__endline__": 4
|
|
},
|
|
"label_": "resource: RUN",
|
|
"id_": "RUN",
|
|
"source_": "Dockerfile",
|
|
"content": "RUN corepack enable && corepack prepare npm@10.5.0 --activate\n",
|
|
"value": "corepack enable && corepack prepare npm@10.5.0 --activate",
|
|
"__startline__": 4,
|
|
"__endline__": 4,
|
|
"resource_type": "RUN",
|
|
"hash": "dbd32b6bad6b728919787011f82d60c50d7b2d1c079f814de2b1640696c98816"
|
|
},
|
|
"evaluated_keys": [
|
|
"value"
|
|
]
|
|
},
|
|
"code_block": [
|
|
[
|
|
5,
|
|
"RUN corepack enable && corepack prepare npm@10.5.0 --activate\n"
|
|
]
|
|
],
|
|
"file_path": "/Dockerfile.production",
|
|
"file_abs_path": "/scan/Dockerfile.production",
|
|
"repo_file_path": "/Dockerfile.production",
|
|
"file_line_range": [
|
|
5,
|
|
5
|
|
],
|
|
"resource": "/Dockerfile.production.RUN",
|
|
"evaluations": null,
|
|
"check_class": "checkov.common.graph.checks_infra.base_check",
|
|
"fixed_definition": null,
|
|
"entity_tags": null,
|
|
"caller_file_path": null,
|
|
"caller_file_line_range": null,
|
|
"resource_address": null,
|
|
"severity": null,
|
|
"bc_category": null,
|
|
"benchmarks": null,
|
|
"description": null,
|
|
"short_description": null,
|
|
"vulnerability_details": null,
|
|
"connected_node": null,
|
|
"guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-yum-signed",
|
|
"details": [],
|
|
"check_len": null,
|
|
"definition_context_file_path": null
|
|
},
|
|
{
|
|
"check_id": "CKV2_DOCKER_9",
|
|
"bc_check_id": null,
|
|
"check_name": "Ensure that packages with untrusted or missing GPG signatures are not used by dnf, tdnf, or yum via the '--nogpgcheck' option",
|
|
"check_result": {
|
|
"result": "PASSED",
|
|
"entity": {
|
|
"block_name_": "RUN",
|
|
"block_type_": "resource",
|
|
"file_path_": "/Dockerfile.production",
|
|
"config_": {
|
|
"content": "RUN npm install\n",
|
|
"value": "npm install",
|
|
"__startline__": 20,
|
|
"__endline__": 20
|
|
},
|
|
"label_": "resource: RUN",
|
|
"id_": "RUN",
|
|
"source_": "Dockerfile",
|
|
"content": "RUN npm install\n",
|
|
"value": "npm install",
|
|
"__startline__": 20,
|
|
"__endline__": 20,
|
|
"resource_type": "RUN",
|
|
"hash": "6979b14e6a853ac150ffef85c5e28fd49c956054ea2cb1d01440e13b17260c4a"
|
|
},
|
|
"evaluated_keys": [
|
|
"value"
|
|
]
|
|
},
|
|
"code_block": [
|
|
[
|
|
21,
|
|
"RUN npm install\n"
|
|
]
|
|
],
|
|
"file_path": "/Dockerfile.production",
|
|
"file_abs_path": "/scan/Dockerfile.production",
|
|
"repo_file_path": "/Dockerfile.production",
|
|
"file_line_range": [
|
|
21,
|
|
21
|
|
],
|
|
"resource": "/Dockerfile.production.RUN",
|
|
"evaluations": null,
|
|
"check_class": "checkov.common.graph.checks_infra.base_check",
|
|
"fixed_definition": null,
|
|
"entity_tags": null,
|
|
"caller_file_path": null,
|
|
"caller_file_line_range": null,
|
|
"resource_address": null,
|
|
"severity": null,
|
|
"bc_category": null,
|
|
"benchmarks": null,
|
|
"description": null,
|
|
"short_description": null,
|
|
"vulnerability_details": null,
|
|
"connected_node": null,
|
|
"guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-yum-signed",
|
|
"details": [],
|
|
"check_len": null,
|
|
"definition_context_file_path": null
|
|
},
|
|
{
|
|
"check_id": "CKV2_DOCKER_9",
|
|
"bc_check_id": null,
|
|
"check_name": "Ensure that packages with untrusted or missing GPG signatures are not used by dnf, tdnf, or yum via the '--nogpgcheck' option",
|
|
"check_result": {
|
|
"result": "PASSED",
|
|
"entity": {
|
|
"block_name_": "RUN",
|
|
"block_type_": "resource",
|
|
"file_path_": "/Dockerfile.production",
|
|
"config_": {
|
|
"content": "RUN npm run db:generate\n",
|
|
"value": "npm run db:generate",
|
|
"__startline__": 21,
|
|
"__endline__": 21
|
|
},
|
|
"label_": "resource: RUN",
|
|
"id_": "RUN",
|
|
"source_": "Dockerfile",
|
|
"content": "RUN npm run db:generate\n",
|
|
"value": "npm run db:generate",
|
|
"__startline__": 21,
|
|
"__endline__": 21,
|
|
"resource_type": "RUN",
|
|
"hash": "c1f9cc0c42260bb0183d7e7b9ec2edab99837111ad42dbbdd7fad09ff3e37ab0"
|
|
},
|
|
"evaluated_keys": [
|
|
"value"
|
|
]
|
|
},
|
|
"code_block": [
|
|
[
|
|
22,
|
|
"RUN npm run db:generate\n"
|
|
]
|
|
],
|
|
"file_path": "/Dockerfile.production",
|
|
"file_abs_path": "/scan/Dockerfile.production",
|
|
"repo_file_path": "/Dockerfile.production",
|
|
"file_line_range": [
|
|
22,
|
|
22
|
|
],
|
|
"resource": "/Dockerfile.production.RUN",
|
|
"evaluations": null,
|
|
"check_class": "checkov.common.graph.checks_infra.base_check",
|
|
"fixed_definition": null,
|
|
"entity_tags": null,
|
|
"caller_file_path": null,
|
|
"caller_file_line_range": null,
|
|
"resource_address": null,
|
|
"severity": null,
|
|
"bc_category": null,
|
|
"benchmarks": null,
|
|
"description": null,
|
|
"short_description": null,
|
|
"vulnerability_details": null,
|
|
"connected_node": null,
|
|
"guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-yum-signed",
|
|
"details": [],
|
|
"check_len": null,
|
|
"definition_context_file_path": null
|
|
},
|
|
{
|
|
"check_id": "CKV2_DOCKER_9",
|
|
"bc_check_id": null,
|
|
"check_name": "Ensure that packages with untrusted or missing GPG signatures are not used by dnf, tdnf, or yum via the '--nogpgcheck' option",
|
|
"check_result": {
|
|
"result": "PASSED",
|
|
"entity": {
|
|
"block_name_": "RUN",
|
|
"block_type_": "resource",
|
|
"file_path_": "/Dockerfile.production",
|
|
"config_": {
|
|
"content": "RUN npm run build\n",
|
|
"value": "npm run build",
|
|
"__startline__": 22,
|
|
"__endline__": 22
|
|
},
|
|
"label_": "resource: RUN",
|
|
"id_": "RUN",
|
|
"source_": "Dockerfile",
|
|
"content": "RUN npm run build\n",
|
|
"value": "npm run build",
|
|
"__startline__": 22,
|
|
"__endline__": 22,
|
|
"resource_type": "RUN",
|
|
"hash": "1bf185fb6038f1b491f2a2686de4dd9869ccdd9c3e34d2772cf43bd368377aa6"
|
|
},
|
|
"evaluated_keys": [
|
|
"value"
|
|
]
|
|
},
|
|
"code_block": [
|
|
[
|
|
23,
|
|
"RUN npm run build\n"
|
|
]
|
|
],
|
|
"file_path": "/Dockerfile.production",
|
|
"file_abs_path": "/scan/Dockerfile.production",
|
|
"repo_file_path": "/Dockerfile.production",
|
|
"file_line_range": [
|
|
23,
|
|
23
|
|
],
|
|
"resource": "/Dockerfile.production.RUN",
|
|
"evaluations": null,
|
|
"check_class": "checkov.common.graph.checks_infra.base_check",
|
|
"fixed_definition": null,
|
|
"entity_tags": null,
|
|
"caller_file_path": null,
|
|
"caller_file_line_range": null,
|
|
"resource_address": null,
|
|
"severity": null,
|
|
"bc_category": null,
|
|
"benchmarks": null,
|
|
"description": null,
|
|
"short_description": null,
|
|
"vulnerability_details": null,
|
|
"connected_node": null,
|
|
"guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-yum-signed",
|
|
"details": [],
|
|
"check_len": null,
|
|
"definition_context_file_path": null
|
|
},
|
|
{
|
|
"check_id": "CKV2_DOCKER_9",
|
|
"bc_check_id": null,
|
|
"check_name": "Ensure that packages with untrusted or missing GPG signatures are not used by dnf, tdnf, or yum via the '--nogpgcheck' option",
|
|
"check_result": {
|
|
"result": "PASSED",
|
|
"entity": {
|
|
"block_name_": "RUN",
|
|
"block_type_": "resource",
|
|
"file_path_": "/Dockerfile.production",
|
|
"config_": {
|
|
"content": "RUN corepack enable && corepack prepare npm@10.5.0 --activate\n",
|
|
"value": "corepack enable && corepack prepare npm@10.5.0 --activate",
|
|
"__startline__": 30,
|
|
"__endline__": 30
|
|
},
|
|
"label_": "resource: RUN",
|
|
"id_": "RUN",
|
|
"source_": "Dockerfile",
|
|
"content": "RUN corepack enable && corepack prepare npm@10.5.0 --activate\n",
|
|
"value": "corepack enable && corepack prepare npm@10.5.0 --activate",
|
|
"__startline__": 30,
|
|
"__endline__": 30,
|
|
"resource_type": "RUN",
|
|
"hash": "01c88e306f7db45ae7136e3bdb63c4b15978dd024f6ed18210961fc3db3df382"
|
|
},
|
|
"evaluated_keys": [
|
|
"value"
|
|
]
|
|
},
|
|
"code_block": [
|
|
[
|
|
31,
|
|
"RUN corepack enable && corepack prepare npm@10.5.0 --activate\n"
|
|
]
|
|
],
|
|
"file_path": "/Dockerfile.production",
|
|
"file_abs_path": "/scan/Dockerfile.production",
|
|
"repo_file_path": "/Dockerfile.production",
|
|
"file_line_range": [
|
|
31,
|
|
31
|
|
],
|
|
"resource": "/Dockerfile.production.RUN",
|
|
"evaluations": null,
|
|
"check_class": "checkov.common.graph.checks_infra.base_check",
|
|
"fixed_definition": null,
|
|
"entity_tags": null,
|
|
"caller_file_path": null,
|
|
"caller_file_line_range": null,
|
|
"resource_address": null,
|
|
"severity": null,
|
|
"bc_category": null,
|
|
"benchmarks": null,
|
|
"description": null,
|
|
"short_description": null,
|
|
"vulnerability_details": null,
|
|
"connected_node": null,
|
|
"guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-yum-signed",
|
|
"details": [],
|
|
"check_len": null,
|
|
"definition_context_file_path": null
|
|
},
|
|
{
|
|
"check_id": "CKV2_DOCKER_9",
|
|
"bc_check_id": null,
|
|
"check_name": "Ensure that packages with untrusted or missing GPG signatures are not used by dnf, tdnf, or yum via the '--nogpgcheck' option",
|
|
"check_result": {
|
|
"result": "PASSED",
|
|
"entity": {
|
|
"block_name_": "RUN",
|
|
"block_type_": "resource",
|
|
"file_path_": "/Dockerfile.test",
|
|
"config_": {
|
|
"content": "RUN corepack enable && corepack prepare npm@10.5.0 --activate\n",
|
|
"value": "corepack enable && corepack prepare npm@10.5.0 --activate",
|
|
"__startline__": 4,
|
|
"__endline__": 4
|
|
},
|
|
"label_": "resource: RUN",
|
|
"id_": "RUN",
|
|
"source_": "Dockerfile",
|
|
"content": "RUN corepack enable && corepack prepare npm@10.5.0 --activate\n",
|
|
"value": "corepack enable && corepack prepare npm@10.5.0 --activate",
|
|
"__startline__": 4,
|
|
"__endline__": 4,
|
|
"resource_type": "RUN",
|
|
"hash": "1d5fb0a211498b8baf37e5744578ad03459da7798534298981f23fdefb7eb757"
|
|
},
|
|
"evaluated_keys": [
|
|
"value"
|
|
]
|
|
},
|
|
"code_block": [
|
|
[
|
|
5,
|
|
"RUN corepack enable && corepack prepare npm@10.5.0 --activate\n"
|
|
]
|
|
],
|
|
"file_path": "/Dockerfile.test",
|
|
"file_abs_path": "/scan/Dockerfile.test",
|
|
"repo_file_path": "/Dockerfile.test",
|
|
"file_line_range": [
|
|
5,
|
|
5
|
|
],
|
|
"resource": "/Dockerfile.test.RUN",
|
|
"evaluations": null,
|
|
"check_class": "checkov.common.graph.checks_infra.base_check",
|
|
"fixed_definition": null,
|
|
"entity_tags": null,
|
|
"caller_file_path": null,
|
|
"caller_file_line_range": null,
|
|
"resource_address": null,
|
|
"severity": null,
|
|
"bc_category": null,
|
|
"benchmarks": null,
|
|
"description": null,
|
|
"short_description": null,
|
|
"vulnerability_details": null,
|
|
"connected_node": null,
|
|
"guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-yum-signed",
|
|
"details": [],
|
|
"check_len": null,
|
|
"definition_context_file_path": null
|
|
},
|
|
{
|
|
"check_id": "CKV2_DOCKER_9",
|
|
"bc_check_id": null,
|
|
"check_name": "Ensure that packages with untrusted or missing GPG signatures are not used by dnf, tdnf, or yum via the '--nogpgcheck' option",
|
|
"check_result": {
|
|
"result": "PASSED",
|
|
"entity": {
|
|
"block_name_": "RUN",
|
|
"block_type_": "resource",
|
|
"file_path_": "/Dockerfile.test",
|
|
"config_": {
|
|
"content": "RUN npm install\n",
|
|
"value": "npm install",
|
|
"__startline__": 10,
|
|
"__endline__": 10
|
|
},
|
|
"label_": "resource: RUN",
|
|
"id_": "RUN",
|
|
"source_": "Dockerfile",
|
|
"content": "RUN npm install\n",
|
|
"value": "npm install",
|
|
"__startline__": 10,
|
|
"__endline__": 10,
|
|
"resource_type": "RUN",
|
|
"hash": "fb809e4860a3131df821aea9480445cc6e2f66dd52744dab5f3d2ef5b2848436"
|
|
},
|
|
"evaluated_keys": [
|
|
"value"
|
|
]
|
|
},
|
|
"code_block": [
|
|
[
|
|
11,
|
|
"RUN npm install\n"
|
|
]
|
|
],
|
|
"file_path": "/Dockerfile.test",
|
|
"file_abs_path": "/scan/Dockerfile.test",
|
|
"repo_file_path": "/Dockerfile.test",
|
|
"file_line_range": [
|
|
11,
|
|
11
|
|
],
|
|
"resource": "/Dockerfile.test.RUN",
|
|
"evaluations": null,
|
|
"check_class": "checkov.common.graph.checks_infra.base_check",
|
|
"fixed_definition": null,
|
|
"entity_tags": null,
|
|
"caller_file_path": null,
|
|
"caller_file_line_range": null,
|
|
"resource_address": null,
|
|
"severity": null,
|
|
"bc_category": null,
|
|
"benchmarks": null,
|
|
"description": null,
|
|
"short_description": null,
|
|
"vulnerability_details": null,
|
|
"connected_node": null,
|
|
"guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-yum-signed",
|
|
"details": [],
|
|
"check_len": null,
|
|
"definition_context_file_path": null
|
|
},
|
|
{
|
|
"check_id": "CKV2_DOCKER_9",
|
|
"bc_check_id": null,
|
|
"check_name": "Ensure that packages with untrusted or missing GPG signatures are not used by dnf, tdnf, or yum via the '--nogpgcheck' option",
|
|
"check_result": {
|
|
"result": "PASSED",
|
|
"entity": {
|
|
"block_name_": "RUN",
|
|
"block_type_": "resource",
|
|
"file_path_": "/Dockerfile.dev",
|
|
"config_": {
|
|
"content": "RUN npm install -g npm@10.5.0 --no-fund --no-audit\n",
|
|
"value": "npm install -g npm@10.5.0 --no-fund --no-audit",
|
|
"__startline__": 4,
|
|
"__endline__": 4
|
|
},
|
|
"label_": "resource: RUN",
|
|
"id_": "RUN",
|
|
"source_": "Dockerfile",
|
|
"content": "RUN npm install -g npm@10.5.0 --no-fund --no-audit\n",
|
|
"value": "npm install -g npm@10.5.0 --no-fund --no-audit",
|
|
"__startline__": 4,
|
|
"__endline__": 4,
|
|
"resource_type": "RUN",
|
|
"hash": "435bba968d1d0b4c410ea33851637829a16b2ad878f0b9531a737c7a444f91b9"
|
|
},
|
|
"evaluated_keys": [
|
|
"value"
|
|
]
|
|
},
|
|
"code_block": [
|
|
[
|
|
5,
|
|
"RUN npm install -g npm@10.5.0 --no-fund --no-audit\n"
|
|
]
|
|
],
|
|
"file_path": "/Dockerfile.dev",
|
|
"file_abs_path": "/scan/Dockerfile.dev",
|
|
"repo_file_path": "/Dockerfile.dev",
|
|
"file_line_range": [
|
|
5,
|
|
5
|
|
],
|
|
"resource": "/Dockerfile.dev.RUN",
|
|
"evaluations": null,
|
|
"check_class": "checkov.common.graph.checks_infra.base_check",
|
|
"fixed_definition": null,
|
|
"entity_tags": null,
|
|
"caller_file_path": null,
|
|
"caller_file_line_range": null,
|
|
"resource_address": null,
|
|
"severity": null,
|
|
"bc_category": null,
|
|
"benchmarks": null,
|
|
"description": null,
|
|
"short_description": null,
|
|
"vulnerability_details": null,
|
|
"connected_node": null,
|
|
"guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-yum-signed",
|
|
"details": [],
|
|
"check_len": null,
|
|
"definition_context_file_path": null
|
|
},
|
|
{
|
|
"check_id": "CKV2_DOCKER_9",
|
|
"bc_check_id": null,
|
|
"check_name": "Ensure that packages with untrusted or missing GPG signatures are not used by dnf, tdnf, or yum via the '--nogpgcheck' option",
|
|
"check_result": {
|
|
"result": "PASSED",
|
|
"entity": {
|
|
"block_name_": "RUN",
|
|
"block_type_": "resource",
|
|
"file_path_": "/Dockerfile.dev",
|
|
"config_": {
|
|
"content": "RUN npm ci --no-fund --no-audit\n",
|
|
"value": "npm ci --no-fund --no-audit",
|
|
"__startline__": 10,
|
|
"__endline__": 10
|
|
},
|
|
"label_": "resource: RUN",
|
|
"id_": "RUN",
|
|
"source_": "Dockerfile",
|
|
"content": "RUN npm ci --no-fund --no-audit\n",
|
|
"value": "npm ci --no-fund --no-audit",
|
|
"__startline__": 10,
|
|
"__endline__": 10,
|
|
"resource_type": "RUN",
|
|
"hash": "57abb1bbe03890ab19f47e5f96b9cbcee02aab65f6980d523df42faf41b709fa"
|
|
},
|
|
"evaluated_keys": [
|
|
"value"
|
|
]
|
|
},
|
|
"code_block": [
|
|
[
|
|
11,
|
|
"RUN npm ci --no-fund --no-audit\n"
|
|
]
|
|
],
|
|
"file_path": "/Dockerfile.dev",
|
|
"file_abs_path": "/scan/Dockerfile.dev",
|
|
"repo_file_path": "/Dockerfile.dev",
|
|
"file_line_range": [
|
|
11,
|
|
11
|
|
],
|
|
"resource": "/Dockerfile.dev.RUN",
|
|
"evaluations": null,
|
|
"check_class": "checkov.common.graph.checks_infra.base_check",
|
|
"fixed_definition": null,
|
|
"entity_tags": null,
|
|
"caller_file_path": null,
|
|
"caller_file_line_range": null,
|
|
"resource_address": null,
|
|
"severity": null,
|
|
"bc_category": null,
|
|
"benchmarks": null,
|
|
"description": null,
|
|
"short_description": null,
|
|
"vulnerability_details": null,
|
|
"connected_node": null,
|
|
"guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-yum-signed",
|
|
"details": [],
|
|
"check_len": null,
|
|
"definition_context_file_path": null
|
|
}
|
|
],
|
|
"failed_checks": [
|
|
{
|
|
"check_id": "CKV_DOCKER_2",
|
|
"bc_check_id": "BC_DKR_2",
|
|
"check_name": "Ensure that HEALTHCHECK instructions have been added to container images",
|
|
"check_result": {
|
|
"result": "FAILED",
|
|
"results_configuration": null
|
|
},
|
|
"code_block": [
|
|
[
|
|
1,
|
|
"FROM node:20-bookworm AS builder\n"
|
|
],
|
|
[
|
|
2,
|
|
"\n"
|
|
],
|
|
[
|
|
3,
|
|
"WORKDIR /app\n"
|
|
],
|
|
[
|
|
4,
|
|
"\n"
|
|
],
|
|
[
|
|
5,
|
|
"RUN corepack enable && corepack prepare npm@10.5.0 --activate\n"
|
|
],
|
|
[
|
|
6,
|
|
"\n"
|
|
],
|
|
[
|
|
7,
|
|
"COPY package.json package-lock.json turbo.json tsconfig.base.json ./\n"
|
|
],
|
|
[
|
|
8,
|
|
"COPY apps ./apps\n"
|
|
],
|
|
[
|
|
9,
|
|
"COPY packages ./packages\n"
|
|
],
|
|
[
|
|
10,
|
|
"\n"
|
|
],
|
|
[
|
|
11,
|
|
"# NEXT_PUBLIC_* vars must be present at build time \u2014 they are inlined into JS bundles\n"
|
|
],
|
|
[
|
|
12,
|
|
"ARG NEXT_PUBLIC_API_URL\n"
|
|
],
|
|
[
|
|
13,
|
|
"ARG NEXT_PUBLIC_MARKETPLACE_URL\n"
|
|
],
|
|
[
|
|
14,
|
|
"ARG NEXT_PUBLIC_DASHBOARD_URL\n"
|
|
],
|
|
[
|
|
15,
|
|
"ARG NEXT_PUBLIC_ADMIN_URL\n"
|
|
],
|
|
[
|
|
16,
|
|
"ENV NEXT_PUBLIC_API_URL=$NEXT_PUBLIC_API_URL \\\n"
|
|
],
|
|
[
|
|
17,
|
|
" NEXT_PUBLIC_MARKETPLACE_URL=$NEXT_PUBLIC_MARKETPLACE_URL \\\n"
|
|
],
|
|
[
|
|
18,
|
|
" NEXT_PUBLIC_DASHBOARD_URL=$NEXT_PUBLIC_DASHBOARD_URL \\\n"
|
|
],
|
|
[
|
|
19,
|
|
" NEXT_PUBLIC_ADMIN_URL=$NEXT_PUBLIC_ADMIN_URL\n"
|
|
],
|
|
[
|
|
20,
|
|
"\n"
|
|
],
|
|
[
|
|
21,
|
|
"RUN npm install\n"
|
|
],
|
|
[
|
|
22,
|
|
"RUN npm run db:generate\n"
|
|
],
|
|
[
|
|
23,
|
|
"RUN npm run build\n"
|
|
],
|
|
[
|
|
24,
|
|
"\n"
|
|
],
|
|
[
|
|
25,
|
|
"FROM node:20-bookworm AS runner\n"
|
|
],
|
|
[
|
|
26,
|
|
"\n"
|
|
],
|
|
[
|
|
27,
|
|
"WORKDIR /app\n"
|
|
],
|
|
[
|
|
28,
|
|
"\n"
|
|
],
|
|
[
|
|
29,
|
|
"ENV NODE_ENV=production\n"
|
|
],
|
|
[
|
|
30,
|
|
"\n"
|
|
],
|
|
[
|
|
31,
|
|
"RUN corepack enable && corepack prepare npm@10.5.0 --activate\n"
|
|
],
|
|
[
|
|
32,
|
|
"\n"
|
|
],
|
|
[
|
|
33,
|
|
"COPY --from=builder /app/package.json /app/package-lock.json /app/turbo.json /app/tsconfig.base.json ./\n"
|
|
],
|
|
[
|
|
34,
|
|
"COPY --from=builder /app/node_modules ./node_modules\n"
|
|
],
|
|
[
|
|
35,
|
|
"COPY --from=builder /app/apps ./apps\n"
|
|
],
|
|
[
|
|
36,
|
|
"COPY --from=builder /app/packages ./packages\n"
|
|
],
|
|
[
|
|
37,
|
|
"\n"
|
|
],
|
|
[
|
|
38,
|
|
"EXPOSE 3000 3001 3002 4000\n"
|
|
],
|
|
[
|
|
39,
|
|
"\n"
|
|
],
|
|
[
|
|
40,
|
|
"CMD [\"npm\", \"run\", \"start\", \"--workspace\", \"@rentaldrivego/api\"]"
|
|
]
|
|
],
|
|
"file_path": "/Dockerfile.production",
|
|
"file_abs_path": "/scan/Dockerfile.production",
|
|
"repo_file_path": "/Dockerfile.production",
|
|
"file_line_range": [
|
|
1,
|
|
40
|
|
],
|
|
"resource": "/Dockerfile.production.",
|
|
"evaluations": null,
|
|
"check_class": "checkov.dockerfile.checks.HealthcheckExists",
|
|
"fixed_definition": null,
|
|
"entity_tags": null,
|
|
"caller_file_path": null,
|
|
"caller_file_line_range": null,
|
|
"resource_address": null,
|
|
"severity": null,
|
|
"bc_category": null,
|
|
"benchmarks": null,
|
|
"description": null,
|
|
"short_description": null,
|
|
"vulnerability_details": null,
|
|
"connected_node": null,
|
|
"guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-that-healthcheck-instructions-have-been-added-to-container-images",
|
|
"details": [],
|
|
"check_len": null,
|
|
"definition_context_file_path": null
|
|
},
|
|
{
|
|
"check_id": "CKV_DOCKER_3",
|
|
"bc_check_id": "BC_DKR_3",
|
|
"check_name": "Ensure that a user for the container has been created",
|
|
"check_result": {
|
|
"result": "FAILED",
|
|
"results_configuration": null
|
|
},
|
|
"code_block": [
|
|
[
|
|
1,
|
|
"FROM node:20-bookworm AS builder\n"
|
|
],
|
|
[
|
|
2,
|
|
"\n"
|
|
],
|
|
[
|
|
3,
|
|
"WORKDIR /app\n"
|
|
],
|
|
[
|
|
4,
|
|
"\n"
|
|
],
|
|
[
|
|
5,
|
|
"RUN corepack enable && corepack prepare npm@10.5.0 --activate\n"
|
|
],
|
|
[
|
|
6,
|
|
"\n"
|
|
],
|
|
[
|
|
7,
|
|
"COPY package.json package-lock.json turbo.json tsconfig.base.json ./\n"
|
|
],
|
|
[
|
|
8,
|
|
"COPY apps ./apps\n"
|
|
],
|
|
[
|
|
9,
|
|
"COPY packages ./packages\n"
|
|
],
|
|
[
|
|
10,
|
|
"\n"
|
|
],
|
|
[
|
|
11,
|
|
"# NEXT_PUBLIC_* vars must be present at build time \u2014 they are inlined into JS bundles\n"
|
|
],
|
|
[
|
|
12,
|
|
"ARG NEXT_PUBLIC_API_URL\n"
|
|
],
|
|
[
|
|
13,
|
|
"ARG NEXT_PUBLIC_MARKETPLACE_URL\n"
|
|
],
|
|
[
|
|
14,
|
|
"ARG NEXT_PUBLIC_DASHBOARD_URL\n"
|
|
],
|
|
[
|
|
15,
|
|
"ARG NEXT_PUBLIC_ADMIN_URL\n"
|
|
],
|
|
[
|
|
16,
|
|
"ENV NEXT_PUBLIC_API_URL=$NEXT_PUBLIC_API_URL \\\n"
|
|
],
|
|
[
|
|
17,
|
|
" NEXT_PUBLIC_MARKETPLACE_URL=$NEXT_PUBLIC_MARKETPLACE_URL \\\n"
|
|
],
|
|
[
|
|
18,
|
|
" NEXT_PUBLIC_DASHBOARD_URL=$NEXT_PUBLIC_DASHBOARD_URL \\\n"
|
|
],
|
|
[
|
|
19,
|
|
" NEXT_PUBLIC_ADMIN_URL=$NEXT_PUBLIC_ADMIN_URL\n"
|
|
],
|
|
[
|
|
20,
|
|
"\n"
|
|
],
|
|
[
|
|
21,
|
|
"RUN npm install\n"
|
|
],
|
|
[
|
|
22,
|
|
"RUN npm run db:generate\n"
|
|
],
|
|
[
|
|
23,
|
|
"RUN npm run build\n"
|
|
],
|
|
[
|
|
24,
|
|
"\n"
|
|
],
|
|
[
|
|
25,
|
|
"FROM node:20-bookworm AS runner\n"
|
|
],
|
|
[
|
|
26,
|
|
"\n"
|
|
],
|
|
[
|
|
27,
|
|
"WORKDIR /app\n"
|
|
],
|
|
[
|
|
28,
|
|
"\n"
|
|
],
|
|
[
|
|
29,
|
|
"ENV NODE_ENV=production\n"
|
|
],
|
|
[
|
|
30,
|
|
"\n"
|
|
],
|
|
[
|
|
31,
|
|
"RUN corepack enable && corepack prepare npm@10.5.0 --activate\n"
|
|
],
|
|
[
|
|
32,
|
|
"\n"
|
|
],
|
|
[
|
|
33,
|
|
"COPY --from=builder /app/package.json /app/package-lock.json /app/turbo.json /app/tsconfig.base.json ./\n"
|
|
],
|
|
[
|
|
34,
|
|
"COPY --from=builder /app/node_modules ./node_modules\n"
|
|
],
|
|
[
|
|
35,
|
|
"COPY --from=builder /app/apps ./apps\n"
|
|
],
|
|
[
|
|
36,
|
|
"COPY --from=builder /app/packages ./packages\n"
|
|
],
|
|
[
|
|
37,
|
|
"\n"
|
|
],
|
|
[
|
|
38,
|
|
"EXPOSE 3000 3001 3002 4000\n"
|
|
],
|
|
[
|
|
39,
|
|
"\n"
|
|
],
|
|
[
|
|
40,
|
|
"CMD [\"npm\", \"run\", \"start\", \"--workspace\", \"@rentaldrivego/api\"]"
|
|
]
|
|
],
|
|
"file_path": "/Dockerfile.production",
|
|
"file_abs_path": "/scan/Dockerfile.production",
|
|
"repo_file_path": "/Dockerfile.production",
|
|
"file_line_range": [
|
|
1,
|
|
40
|
|
],
|
|
"resource": "/Dockerfile.production.",
|
|
"evaluations": null,
|
|
"check_class": "checkov.dockerfile.checks.UserExists",
|
|
"fixed_definition": null,
|
|
"entity_tags": null,
|
|
"caller_file_path": null,
|
|
"caller_file_line_range": null,
|
|
"resource_address": null,
|
|
"severity": null,
|
|
"bc_category": null,
|
|
"benchmarks": null,
|
|
"description": null,
|
|
"short_description": null,
|
|
"vulnerability_details": null,
|
|
"connected_node": null,
|
|
"guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-that-a-user-for-the-container-has-been-created",
|
|
"details": [],
|
|
"check_len": null,
|
|
"definition_context_file_path": null
|
|
},
|
|
{
|
|
"check_id": "CKV_DOCKER_2",
|
|
"bc_check_id": "BC_DKR_2",
|
|
"check_name": "Ensure that HEALTHCHECK instructions have been added to container images",
|
|
"check_result": {
|
|
"result": "FAILED",
|
|
"results_configuration": null
|
|
},
|
|
"code_block": [
|
|
[
|
|
1,
|
|
"FROM node:20-bookworm\n"
|
|
],
|
|
[
|
|
2,
|
|
"\n"
|
|
],
|
|
[
|
|
3,
|
|
"WORKDIR /app\n"
|
|
],
|
|
[
|
|
4,
|
|
"\n"
|
|
],
|
|
[
|
|
5,
|
|
"RUN corepack enable && corepack prepare npm@10.5.0 --activate\n"
|
|
],
|
|
[
|
|
6,
|
|
"\n"
|
|
],
|
|
[
|
|
7,
|
|
"COPY package.json package-lock.json turbo.json tsconfig.base.json ./\n"
|
|
],
|
|
[
|
|
8,
|
|
"COPY apps ./apps\n"
|
|
],
|
|
[
|
|
9,
|
|
"COPY packages ./packages\n"
|
|
],
|
|
[
|
|
10,
|
|
"\n"
|
|
],
|
|
[
|
|
11,
|
|
"RUN npm install\n"
|
|
],
|
|
[
|
|
12,
|
|
"\n"
|
|
],
|
|
[
|
|
13,
|
|
"ENV NODE_ENV=test\n"
|
|
],
|
|
[
|
|
14,
|
|
"\n"
|
|
],
|
|
[
|
|
15,
|
|
"CMD [\"sh\", \"-c\", \"npm run db:deploy && npm run db:generate && npm run type-check && npm run build && npm run test:api:integration\"]"
|
|
]
|
|
],
|
|
"file_path": "/Dockerfile.test",
|
|
"file_abs_path": "/scan/Dockerfile.test",
|
|
"repo_file_path": "/Dockerfile.test",
|
|
"file_line_range": [
|
|
1,
|
|
15
|
|
],
|
|
"resource": "/Dockerfile.test.",
|
|
"evaluations": null,
|
|
"check_class": "checkov.dockerfile.checks.HealthcheckExists",
|
|
"fixed_definition": null,
|
|
"entity_tags": null,
|
|
"caller_file_path": null,
|
|
"caller_file_line_range": null,
|
|
"resource_address": null,
|
|
"severity": null,
|
|
"bc_category": null,
|
|
"benchmarks": null,
|
|
"description": null,
|
|
"short_description": null,
|
|
"vulnerability_details": null,
|
|
"connected_node": null,
|
|
"guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-that-healthcheck-instructions-have-been-added-to-container-images",
|
|
"details": [],
|
|
"check_len": null,
|
|
"definition_context_file_path": null
|
|
},
|
|
{
|
|
"check_id": "CKV_DOCKER_3",
|
|
"bc_check_id": "BC_DKR_3",
|
|
"check_name": "Ensure that a user for the container has been created",
|
|
"check_result": {
|
|
"result": "FAILED",
|
|
"results_configuration": null
|
|
},
|
|
"code_block": [
|
|
[
|
|
1,
|
|
"FROM node:20-bookworm\n"
|
|
],
|
|
[
|
|
2,
|
|
"\n"
|
|
],
|
|
[
|
|
3,
|
|
"WORKDIR /app\n"
|
|
],
|
|
[
|
|
4,
|
|
"\n"
|
|
],
|
|
[
|
|
5,
|
|
"RUN corepack enable && corepack prepare npm@10.5.0 --activate\n"
|
|
],
|
|
[
|
|
6,
|
|
"\n"
|
|
],
|
|
[
|
|
7,
|
|
"COPY package.json package-lock.json turbo.json tsconfig.base.json ./\n"
|
|
],
|
|
[
|
|
8,
|
|
"COPY apps ./apps\n"
|
|
],
|
|
[
|
|
9,
|
|
"COPY packages ./packages\n"
|
|
],
|
|
[
|
|
10,
|
|
"\n"
|
|
],
|
|
[
|
|
11,
|
|
"RUN npm install\n"
|
|
],
|
|
[
|
|
12,
|
|
"\n"
|
|
],
|
|
[
|
|
13,
|
|
"ENV NODE_ENV=test\n"
|
|
],
|
|
[
|
|
14,
|
|
"\n"
|
|
],
|
|
[
|
|
15,
|
|
"CMD [\"sh\", \"-c\", \"npm run db:deploy && npm run db:generate && npm run type-check && npm run build && npm run test:api:integration\"]"
|
|
]
|
|
],
|
|
"file_path": "/Dockerfile.test",
|
|
"file_abs_path": "/scan/Dockerfile.test",
|
|
"repo_file_path": "/Dockerfile.test",
|
|
"file_line_range": [
|
|
1,
|
|
15
|
|
],
|
|
"resource": "/Dockerfile.test.",
|
|
"evaluations": null,
|
|
"check_class": "checkov.dockerfile.checks.UserExists",
|
|
"fixed_definition": null,
|
|
"entity_tags": null,
|
|
"caller_file_path": null,
|
|
"caller_file_line_range": null,
|
|
"resource_address": null,
|
|
"severity": null,
|
|
"bc_category": null,
|
|
"benchmarks": null,
|
|
"description": null,
|
|
"short_description": null,
|
|
"vulnerability_details": null,
|
|
"connected_node": null,
|
|
"guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-that-a-user-for-the-container-has-been-created",
|
|
"details": [],
|
|
"check_len": null,
|
|
"definition_context_file_path": null
|
|
},
|
|
{
|
|
"check_id": "CKV_DOCKER_2",
|
|
"bc_check_id": "BC_DKR_2",
|
|
"check_name": "Ensure that HEALTHCHECK instructions have been added to container images",
|
|
"check_result": {
|
|
"result": "FAILED",
|
|
"results_configuration": null
|
|
},
|
|
"code_block": [
|
|
[
|
|
1,
|
|
"FROM node:20-bookworm\n"
|
|
],
|
|
[
|
|
2,
|
|
"\n"
|
|
],
|
|
[
|
|
3,
|
|
"WORKDIR /app\n"
|
|
],
|
|
[
|
|
4,
|
|
"\n"
|
|
],
|
|
[
|
|
5,
|
|
"RUN npm install -g npm@10.5.0 --no-fund --no-audit\n"
|
|
],
|
|
[
|
|
6,
|
|
"\n"
|
|
],
|
|
[
|
|
7,
|
|
"COPY package.json package-lock.json turbo.json tsconfig.base.json ./\n"
|
|
],
|
|
[
|
|
8,
|
|
"COPY apps ./apps\n"
|
|
],
|
|
[
|
|
9,
|
|
"COPY packages ./packages\n"
|
|
],
|
|
[
|
|
10,
|
|
"\n"
|
|
],
|
|
[
|
|
11,
|
|
"RUN npm ci --no-fund --no-audit\n"
|
|
],
|
|
[
|
|
12,
|
|
"\n"
|
|
],
|
|
[
|
|
13,
|
|
"EXPOSE 3000 3001 3002 3003 4000\n"
|
|
],
|
|
[
|
|
14,
|
|
"\n"
|
|
],
|
|
[
|
|
15,
|
|
"CMD [\"sh\", \"-c\", \"npm run db:generate && npm run dev\"]"
|
|
]
|
|
],
|
|
"file_path": "/Dockerfile.dev",
|
|
"file_abs_path": "/scan/Dockerfile.dev",
|
|
"repo_file_path": "/Dockerfile.dev",
|
|
"file_line_range": [
|
|
1,
|
|
15
|
|
],
|
|
"resource": "/Dockerfile.dev.",
|
|
"evaluations": null,
|
|
"check_class": "checkov.dockerfile.checks.HealthcheckExists",
|
|
"fixed_definition": null,
|
|
"entity_tags": null,
|
|
"caller_file_path": null,
|
|
"caller_file_line_range": null,
|
|
"resource_address": null,
|
|
"severity": null,
|
|
"bc_category": null,
|
|
"benchmarks": null,
|
|
"description": null,
|
|
"short_description": null,
|
|
"vulnerability_details": null,
|
|
"connected_node": null,
|
|
"guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-that-healthcheck-instructions-have-been-added-to-container-images",
|
|
"details": [],
|
|
"check_len": null,
|
|
"definition_context_file_path": null
|
|
},
|
|
{
|
|
"check_id": "CKV_DOCKER_3",
|
|
"bc_check_id": "BC_DKR_3",
|
|
"check_name": "Ensure that a user for the container has been created",
|
|
"check_result": {
|
|
"result": "FAILED",
|
|
"results_configuration": null
|
|
},
|
|
"code_block": [
|
|
[
|
|
1,
|
|
"FROM node:20-bookworm\n"
|
|
],
|
|
[
|
|
2,
|
|
"\n"
|
|
],
|
|
[
|
|
3,
|
|
"WORKDIR /app\n"
|
|
],
|
|
[
|
|
4,
|
|
"\n"
|
|
],
|
|
[
|
|
5,
|
|
"RUN npm install -g npm@10.5.0 --no-fund --no-audit\n"
|
|
],
|
|
[
|
|
6,
|
|
"\n"
|
|
],
|
|
[
|
|
7,
|
|
"COPY package.json package-lock.json turbo.json tsconfig.base.json ./\n"
|
|
],
|
|
[
|
|
8,
|
|
"COPY apps ./apps\n"
|
|
],
|
|
[
|
|
9,
|
|
"COPY packages ./packages\n"
|
|
],
|
|
[
|
|
10,
|
|
"\n"
|
|
],
|
|
[
|
|
11,
|
|
"RUN npm ci --no-fund --no-audit\n"
|
|
],
|
|
[
|
|
12,
|
|
"\n"
|
|
],
|
|
[
|
|
13,
|
|
"EXPOSE 3000 3001 3002 3003 4000\n"
|
|
],
|
|
[
|
|
14,
|
|
"\n"
|
|
],
|
|
[
|
|
15,
|
|
"CMD [\"sh\", \"-c\", \"npm run db:generate && npm run dev\"]"
|
|
]
|
|
],
|
|
"file_path": "/Dockerfile.dev",
|
|
"file_abs_path": "/scan/Dockerfile.dev",
|
|
"repo_file_path": "/Dockerfile.dev",
|
|
"file_line_range": [
|
|
1,
|
|
15
|
|
],
|
|
"resource": "/Dockerfile.dev.",
|
|
"evaluations": null,
|
|
"check_class": "checkov.dockerfile.checks.UserExists",
|
|
"fixed_definition": null,
|
|
"entity_tags": null,
|
|
"caller_file_path": null,
|
|
"caller_file_line_range": null,
|
|
"resource_address": null,
|
|
"severity": null,
|
|
"bc_category": null,
|
|
"benchmarks": null,
|
|
"description": null,
|
|
"short_description": null,
|
|
"vulnerability_details": null,
|
|
"connected_node": null,
|
|
"guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-that-a-user-for-the-container-has-been-created",
|
|
"details": [],
|
|
"check_len": null,
|
|
"definition_context_file_path": null
|
|
}
|
|
],
|
|
"skipped_checks": [],
|
|
"parsing_errors": []
|
|
},
|
|
"summary": {
|
|
"passed": 205,
|
|
"failed": 6,
|
|
"skipped": 0,
|
|
"parsing_errors": 0,
|
|
"resource_count": 3,
|
|
"checkov_version": "3.2.501"
|
|
},
|
|
"url": "Add an api key '--bc-api-key <api-key>' to see more detailed insights via https://bridgecrew.cloud"
|
|
},
|
|
{
|
|
"check_type": "gitlab_ci",
|
|
"results": {
|
|
"passed_checks": [
|
|
{
|
|
"check_id": "CKV_GITLABCI_1",
|
|
"bc_check_id": null,
|
|
"check_name": "Suspicious use of curl with CI environment variables in script",
|
|
"check_result": {
|
|
"result": "PASSED",
|
|
"results_configuration": {
|
|
"0": "ssh $VPS_USER@$VPS_IP \"docker login -u $CI_REGISTRY_USER -p $CI_REGISTRY_PASSWORD $CI_REGISTRY\"",
|
|
"__startline__": 25,
|
|
"__endline__": 25
|
|
}
|
|
},
|
|
"code_block": [
|
|
[
|
|
25,
|
|
" - ssh $VPS_USER@$VPS_IP \"docker login -u $CI_REGISTRY_USER -p $CI_REGISTRY_PASSWORD $CI_REGISTRY\"\n"
|
|
],
|
|
[
|
|
26,
|
|
" - ssh $VPS_USER@$VPS_IP \"docker pull $DOCKER_IMAGE\"\n"
|
|
]
|
|
],
|
|
"file_path": "/.gitlab-ci.yml",
|
|
"file_abs_path": "/scan/.gitlab-ci.yml",
|
|
"repo_file_path": "/.gitlab-ci.yml",
|
|
"file_line_range": [
|
|
25,
|
|
26
|
|
],
|
|
"resource": "deploy",
|
|
"evaluations": null,
|
|
"check_class": "checkov.gitlab_ci.checks.job.SuspectCurlInScript",
|
|
"fixed_definition": null,
|
|
"entity_tags": null,
|
|
"caller_file_path": null,
|
|
"caller_file_line_range": null,
|
|
"resource_address": null,
|
|
"severity": null,
|
|
"bc_category": null,
|
|
"benchmarks": null,
|
|
"description": null,
|
|
"short_description": null,
|
|
"vulnerability_details": null,
|
|
"connected_node": null,
|
|
"guideline": null,
|
|
"details": [],
|
|
"check_len": null,
|
|
"definition_context_file_path": null
|
|
},
|
|
{
|
|
"check_id": "CKV_GITLABCI_1",
|
|
"bc_check_id": null,
|
|
"check_name": "Suspicious use of curl with CI environment variables in script",
|
|
"check_result": {
|
|
"result": "PASSED",
|
|
"results_configuration": {
|
|
"0": "docker build -t $DOCKER_IMAGE .",
|
|
"__startline__": 15,
|
|
"__endline__": 15
|
|
}
|
|
},
|
|
"code_block": [
|
|
[
|
|
15,
|
|
" - docker build -t $DOCKER_IMAGE .\n"
|
|
],
|
|
[
|
|
16,
|
|
" - docker push $DOCKER_IMAGE\n"
|
|
]
|
|
],
|
|
"file_path": "/.gitlab-ci.yml",
|
|
"file_abs_path": "/scan/.gitlab-ci.yml",
|
|
"repo_file_path": "/.gitlab-ci.yml",
|
|
"file_line_range": [
|
|
15,
|
|
16
|
|
],
|
|
"resource": "build",
|
|
"evaluations": null,
|
|
"check_class": "checkov.gitlab_ci.checks.job.SuspectCurlInScript",
|
|
"fixed_definition": null,
|
|
"entity_tags": null,
|
|
"caller_file_path": null,
|
|
"caller_file_line_range": null,
|
|
"resource_address": null,
|
|
"severity": null,
|
|
"bc_category": null,
|
|
"benchmarks": null,
|
|
"description": null,
|
|
"short_description": null,
|
|
"vulnerability_details": null,
|
|
"connected_node": null,
|
|
"guideline": null,
|
|
"details": [],
|
|
"check_len": null,
|
|
"definition_context_file_path": null
|
|
},
|
|
{
|
|
"check_id": "CKV_GITLABCI_1",
|
|
"bc_check_id": null,
|
|
"check_name": "Suspicious use of curl with CI environment variables in script",
|
|
"check_result": {
|
|
"result": "PASSED",
|
|
"results_configuration": {
|
|
"0": "docker push $DOCKER_IMAGE",
|
|
"__startline__": 16,
|
|
"__endline__": 16
|
|
}
|
|
},
|
|
"code_block": [
|
|
[
|
|
16,
|
|
" - docker push $DOCKER_IMAGE\n"
|
|
],
|
|
[
|
|
17,
|
|
" only:\n"
|
|
]
|
|
],
|
|
"file_path": "/.gitlab-ci.yml",
|
|
"file_abs_path": "/scan/.gitlab-ci.yml",
|
|
"repo_file_path": "/.gitlab-ci.yml",
|
|
"file_line_range": [
|
|
16,
|
|
17
|
|
],
|
|
"resource": "build",
|
|
"evaluations": null,
|
|
"check_class": "checkov.gitlab_ci.checks.job.SuspectCurlInScript",
|
|
"fixed_definition": null,
|
|
"entity_tags": null,
|
|
"caller_file_path": null,
|
|
"caller_file_line_range": null,
|
|
"resource_address": null,
|
|
"severity": null,
|
|
"bc_category": null,
|
|
"benchmarks": null,
|
|
"description": null,
|
|
"short_description": null,
|
|
"vulnerability_details": null,
|
|
"connected_node": null,
|
|
"guideline": null,
|
|
"details": [],
|
|
"check_len": null,
|
|
"definition_context_file_path": null
|
|
},
|
|
{
|
|
"check_id": "CKV_GITLABCI_1",
|
|
"bc_check_id": null,
|
|
"check_name": "Suspicious use of curl with CI environment variables in script",
|
|
"check_result": {
|
|
"result": "PASSED",
|
|
"results_configuration": {
|
|
"0": "ssh $VPS_USER@$VPS_IP \"docker pull $DOCKER_IMAGE\"",
|
|
"__startline__": 26,
|
|
"__endline__": 26
|
|
}
|
|
},
|
|
"code_block": [
|
|
[
|
|
26,
|
|
" - ssh $VPS_USER@$VPS_IP \"docker pull $DOCKER_IMAGE\"\n"
|
|
],
|
|
[
|
|
27,
|
|
" - ssh $VPS_USER@$VPS_IP \"docker stop myapp || true\"\n"
|
|
]
|
|
],
|
|
"file_path": "/.gitlab-ci.yml",
|
|
"file_abs_path": "/scan/.gitlab-ci.yml",
|
|
"repo_file_path": "/.gitlab-ci.yml",
|
|
"file_line_range": [
|
|
26,
|
|
27
|
|
],
|
|
"resource": "deploy",
|
|
"evaluations": null,
|
|
"check_class": "checkov.gitlab_ci.checks.job.SuspectCurlInScript",
|
|
"fixed_definition": null,
|
|
"entity_tags": null,
|
|
"caller_file_path": null,
|
|
"caller_file_line_range": null,
|
|
"resource_address": null,
|
|
"severity": null,
|
|
"bc_category": null,
|
|
"benchmarks": null,
|
|
"description": null,
|
|
"short_description": null,
|
|
"vulnerability_details": null,
|
|
"connected_node": null,
|
|
"guideline": null,
|
|
"details": [],
|
|
"check_len": null,
|
|
"definition_context_file_path": null
|
|
},
|
|
{
|
|
"check_id": "CKV_GITLABCI_1",
|
|
"bc_check_id": null,
|
|
"check_name": "Suspicious use of curl with CI environment variables in script",
|
|
"check_result": {
|
|
"result": "PASSED",
|
|
"results_configuration": {
|
|
"0": "ssh $VPS_USER@$VPS_IP \"docker stop myapp || true\"",
|
|
"__startline__": 27,
|
|
"__endline__": 27
|
|
}
|
|
},
|
|
"code_block": [
|
|
[
|
|
27,
|
|
" - ssh $VPS_USER@$VPS_IP \"docker stop myapp || true\"\n"
|
|
],
|
|
[
|
|
28,
|
|
" - ssh $VPS_USER@$VPS_IP \"docker run -d --name myapp -p 80:3000 $DOCKER_IMAGE\""
|
|
]
|
|
],
|
|
"file_path": "/.gitlab-ci.yml",
|
|
"file_abs_path": "/scan/.gitlab-ci.yml",
|
|
"repo_file_path": "/.gitlab-ci.yml",
|
|
"file_line_range": [
|
|
27,
|
|
28
|
|
],
|
|
"resource": "deploy",
|
|
"evaluations": null,
|
|
"check_class": "checkov.gitlab_ci.checks.job.SuspectCurlInScript",
|
|
"fixed_definition": null,
|
|
"entity_tags": null,
|
|
"caller_file_path": null,
|
|
"caller_file_line_range": null,
|
|
"resource_address": null,
|
|
"severity": null,
|
|
"bc_category": null,
|
|
"benchmarks": null,
|
|
"description": null,
|
|
"short_description": null,
|
|
"vulnerability_details": null,
|
|
"connected_node": null,
|
|
"guideline": null,
|
|
"details": [],
|
|
"check_len": null,
|
|
"definition_context_file_path": null
|
|
},
|
|
{
|
|
"check_id": "CKV_GITLABCI_1",
|
|
"bc_check_id": null,
|
|
"check_name": "Suspicious use of curl with CI environment variables in script",
|
|
"check_result": {
|
|
"result": "PASSED",
|
|
"results_configuration": {
|
|
"0": "ssh $VPS_USER@$VPS_IP \"docker run -d --name myapp -p 80:3000 $DOCKER_IMAGE\"",
|
|
"__startline__": 28,
|
|
"__endline__": 28
|
|
}
|
|
},
|
|
"code_block": [
|
|
[
|
|
28,
|
|
" - ssh $VPS_USER@$VPS_IP \"docker run -d --name myapp -p 80:3000 $DOCKER_IMAGE\""
|
|
]
|
|
],
|
|
"file_path": "/.gitlab-ci.yml",
|
|
"file_abs_path": "/scan/.gitlab-ci.yml",
|
|
"repo_file_path": "/.gitlab-ci.yml",
|
|
"file_line_range": [
|
|
28,
|
|
29
|
|
],
|
|
"resource": "deploy",
|
|
"evaluations": null,
|
|
"check_class": "checkov.gitlab_ci.checks.job.SuspectCurlInScript",
|
|
"fixed_definition": null,
|
|
"entity_tags": null,
|
|
"caller_file_path": null,
|
|
"caller_file_line_range": null,
|
|
"resource_address": null,
|
|
"severity": null,
|
|
"bc_category": null,
|
|
"benchmarks": null,
|
|
"description": null,
|
|
"short_description": null,
|
|
"vulnerability_details": null,
|
|
"connected_node": null,
|
|
"guideline": null,
|
|
"details": [],
|
|
"check_len": null,
|
|
"definition_context_file_path": null
|
|
},
|
|
{
|
|
"check_id": "CKV_GITLABCI_3",
|
|
"bc_check_id": null,
|
|
"check_name": "Detecting image usages in gitlab workflows",
|
|
"check_result": {
|
|
"result": "PASSED",
|
|
"results_configuration": {
|
|
"0": "docker:24",
|
|
"__startline__": 10,
|
|
"__endline__": 10
|
|
}
|
|
},
|
|
"code_block": [
|
|
[
|
|
10,
|
|
" image: docker:24\n"
|
|
],
|
|
[
|
|
11,
|
|
" services:\n"
|
|
]
|
|
],
|
|
"file_path": "/.gitlab-ci.yml",
|
|
"file_abs_path": "/scan/.gitlab-ci.yml",
|
|
"repo_file_path": "/.gitlab-ci.yml",
|
|
"file_line_range": [
|
|
10,
|
|
11
|
|
],
|
|
"resource": "build",
|
|
"evaluations": null,
|
|
"check_class": "checkov.gitlab_ci.checks.job.DetectImagesUsage",
|
|
"fixed_definition": null,
|
|
"entity_tags": null,
|
|
"caller_file_path": null,
|
|
"caller_file_line_range": null,
|
|
"resource_address": null,
|
|
"severity": null,
|
|
"bc_category": null,
|
|
"benchmarks": null,
|
|
"description": null,
|
|
"short_description": null,
|
|
"vulnerability_details": null,
|
|
"connected_node": null,
|
|
"guideline": null,
|
|
"details": [],
|
|
"check_len": null,
|
|
"definition_context_file_path": null
|
|
},
|
|
{
|
|
"check_id": "CKV_GITLABCI_3",
|
|
"bc_check_id": null,
|
|
"check_name": "Detecting image usages in gitlab workflows",
|
|
"check_result": {
|
|
"result": "PASSED",
|
|
"results_configuration": {
|
|
"0": "docker:dind",
|
|
"__startline__": 12,
|
|
"__endline__": 12
|
|
}
|
|
},
|
|
"code_block": [
|
|
[
|
|
12,
|
|
" - docker:dind\n"
|
|
],
|
|
[
|
|
13,
|
|
" script:\n"
|
|
]
|
|
],
|
|
"file_path": "/.gitlab-ci.yml",
|
|
"file_abs_path": "/scan/.gitlab-ci.yml",
|
|
"repo_file_path": "/.gitlab-ci.yml",
|
|
"file_line_range": [
|
|
12,
|
|
13
|
|
],
|
|
"resource": "build",
|
|
"evaluations": null,
|
|
"check_class": "checkov.gitlab_ci.checks.job.DetectImagesUsage",
|
|
"fixed_definition": null,
|
|
"entity_tags": null,
|
|
"caller_file_path": null,
|
|
"caller_file_line_range": null,
|
|
"resource_address": null,
|
|
"severity": null,
|
|
"bc_category": null,
|
|
"benchmarks": null,
|
|
"description": null,
|
|
"short_description": null,
|
|
"vulnerability_details": null,
|
|
"connected_node": null,
|
|
"guideline": null,
|
|
"details": [],
|
|
"check_len": null,
|
|
"definition_context_file_path": null
|
|
}
|
|
],
|
|
"failed_checks": [],
|
|
"skipped_checks": [],
|
|
"parsing_errors": []
|
|
},
|
|
"summary": {
|
|
"passed": 8,
|
|
"failed": 0,
|
|
"skipped": 0,
|
|
"parsing_errors": 0,
|
|
"resource_count": 0,
|
|
"checkov_version": "3.2.501"
|
|
},
|
|
"url": "Add an api key '--bc-api-key <api-key>' to see more detailed insights via https://bridgecrew.cloud"
|
|
}
|
|
]
|