Using Platform Flag with FROM Command

  • Query id: b16e8501-ef3c-44e1-a543-a093238099c9
  • Query name: Using Platform Flag with FROM Command
  • Platform: Dockerfile
  • Severity: Medium
  • Category: Supply-Chain
  • URL: Github

Description

Don't use '--platform' flag with FROM
Documentation

Code samples

Code samples with security vulnerabilities

Positive test num. 1 - dockerfile file
FROM alpine:3.5
RUN apk add --update py2-pip
RUN pip install --upgrade pip
LABEL maintainer="SvenDowideit@home.org.au"
COPY requirements.txt /usr/src/app/
FROM --platform=arm64 baseimage

Code samples without security vulnerabilities

Negative test num. 1 - dockerfile file
FROM alpine:3.5
RUN apk add --update py2-pip
RUN pip install --upgrade pip
LABEL maintainer="SvenDowideit@home.org.au"
COPY requirements.txt /usr/src/app/
FROM baseimage