Update Instruction Alone

• Query id: 9bae49be-0aa3-4de5-bab2-4c3a069e40cd
• Query name: Update Instruction Alone
• Platform: Dockerfile
• Severity: Medium
• Category: Build Process
• URL: Github

Description

Instruction 'RUN update' should always be followed by ' install' in the same RUN statement
Documentation

Code samples

Code samples with security vulnerabilities

Postitive test num. 1 - dockerfile file

FROM ubuntu:18.04
RUN apt-get update
RUN apt-get install -y --no-install-recommends mysql-client \
    && rm -rf /var/lib/apt/lists/*
RUN apk update
ENTRYPOINT ["mysql"]

Code samples without security vulnerabilities

Negative test num. 1 - dockerfile file

FROM ubuntu:18.04
RUN apt-get update \
    && apt-get install -y --no-install-recommends mysql-client \
    && rm -rf /var/lib/apt/lists/*
RUN apk update \
    && apk add --no-cache git ca-certificates
RUN apk --update add easy-rsa
ENTRYPOINT ["mysql"]