Mitigate possible injection attack #311
tboeghkAnnotations
6 warnings
|
build
ubuntu-latest pipelines will use ubuntu-24.04 soon. For more details, see https://github.com/actions/runner-images/issues/10636
|
|
docker
ubuntu-latest pipelines will use ubuntu-24.04 soon. For more details, see https://github.com/actions/runner-images/issues/10636
|
|
Sensitive data should not be used in the ARG or ENV commands:
Dockerfile#L5
SecretsUsedInArgOrEnv: Do not use ARG or ENV instructions for sensitive data (ARG "MAXMIND_LICENSE_KEY")
More info: https://docs.docker.com/go/dockerfile/rule/secrets-used-in-arg-or-env/
|
|
Legacy key/value format with whitespace separator should not be used:
Dockerfile#L48
LegacyKeyValueFormat: "ENV key=value" should be used instead of legacy "ENV key value" format
More info: https://docs.docker.com/go/dockerfile/rule/legacy-key-value-format/
|
|
Legacy key/value format with whitespace separator should not be used:
Dockerfile#L49
LegacyKeyValueFormat: "ENV key=value" should be used instead of legacy "ENV key value" format
More info: https://docs.docker.com/go/dockerfile/rule/legacy-key-value-format/
|
|
JSON arguments recommended for ENTRYPOINT/CMD to prevent unintended behavior related to OS signals:
Dockerfile#L52
JSONArgsRecommended: JSON arguments recommended for CMD to prevent unintended behavior related to OS signals
More info: https://docs.docker.com/go/dockerfile/rule/json-args-recommended/
|
Artifacts
Produced during runtime
| Name | Size | Digest | |
|---|---|---|---|
|
observabilitystack~geoip-api~KVXIL2.dockerbuild
Expired
|
48.2 KB |
sha256:fbb16ccb36493e901e879fd43d1d75f24d279186a3bd818b4b6c023cd7e548aa
|
|