Dockercompose queries

DockerCompose Queries List¶

This page contains all queries from DockerCompose.

Query	Severity	Category	Description	Help
Volume Has Sensitive Host Directory ^{_{1c1325ff-831d-43a1-973e-839ae57dfcc0}}	High	Build Process	Container has sensitive host directory mounted as a volume	Documentation
Privileged Containers Enabled ^{_{ae5b6871-7f45-42e0-bb4c-ab300c4d2026}}	High	Resource Management	Privileged containers should be used with extreme caution, they have all of the capabilities that the linux kernel offers for docker.	Documentation
Shared Host Network Namespace ^{_{071a71ff-f868-47a4-ac0b-3c59e4ab5443}}	Medium	Networking and Firewall	Container should not share the host network namespace	Documentation
Privileged Ports Mapped In Container ^{_{bc2908f3-f73c-40a9-8793-c1b7d5544f79}}	Medium	Networking and Firewall	Privileged ports (1 to 1023) should not be mapped. Also you should drop net_bind_service linux capability from the container unless you absolutely need to use priviledged ports.	Documentation
Security Opt Not Set ^{_{610e266e-6c12-4bca-9925-1ed0cd29742b}}	Medium	Resource Management	Attribute 'security_opt' should be defined.	Documentation
Memory Not Limited ^{_{bb9ac4f7-e13b-423d-a010-c74a1bfbe492}}	Medium	Resource Management	Memory limits should be defined for each container. This prevents potential resource exhaustion by ensuring that containers consume not more than the designated amount of memory	Documentation
Container Capabilities Unrestricted ^{_{ce76b7d0-9e77-464d-b86f-c5c48e03e22d}}	Low	Resource Management	Some capabilities are not needed in certain (or any) containers. Make sure that you only add capabilities that your container needs. Drop unnecessary capabilities as well.	Documentation
Cpus Not Limited ^{_{6b610c50-99fb-4ef0-a5f3-e312fd945bc3}}	Low	Resource Management	CPU limits should be set because if the system has CPU time free, a container is guaranteed to be allocated as much CPU as it requests	Documentation