Networks Not Set

• Query id: ce14a68b-1668-41a0-ab7d-facd9f784742
• Query name: Networks Not Set
• Platform: DockerCompose
• Severity: Medium
• Category: Networking and Firewall
• URL: Github

Description

Setting networks in services ensures you are not using dockers default bridge (docker0), which shares traffic bewteen all containers.
Documentation

Code samples

Code samples with security vulnerabilities

Postitive test num. 1 - yaml file

version: '2.2'

volumes:
  front_build:

services:
  auth:
    build:
      context: .
      dockerfile: docker_config/Dockerfile
    restart: on-failure
    pids_limit: 10
    cpus: 0.25
    mem_limit: 500M

Postitive test num. 2 - yaml file

version: '2.2'

services:      
  service-service-service:
    build:
      context: .
      dockerfile: service.dockerfile
    ports:
      - "6969:8080"
    networks:
      - service-service-frontend
    restart: always
    security_opt:
      - no-new-privileges:true

  auth:
    build:
      context: .
      dockerfile: docker_config/Dockerfile
    restart: on-failure
    pids_limit: 10
    cpus: 0.25
    mem_limit: 500M

networks:
  service-service-frontend:

volumes:
  front_build:

Code samples without security vulnerabilities

Negative test num. 1 - yaml file

version: "3.4"
services:
  service-service-service:
    build:
      context: .
      dockerfile: service.dockerfile
    ports:
      - "6969:8080"
    networks:
      - service-service-frontend
    restart: always
    security_opt:
      - no-new-privileges:true

networks:
  service-service-frontend: