APT-GET Not Avoiding Additional Packages

  • Query id: 7384dfb2-fcd1-4fbf-91cd-6c44c318c33c
  • Query name: APT-GET Not Avoiding Additional Packages
  • Platform: Dockerfile
  • Severity: Info
  • Category: Supply-Chain
  • CWE: 710
  • URL: Github

Description

Check if any apt-get installs don't use '--no-install-recommends' flag to avoid installing additional packages.
Documentation

Code samples

Code samples with security vulnerabilities

Positive test num. 1 - dockerfile file
FROM node:12
RUN apt-get install apt-utils
RUN ["apt-get", "install", "apt-utils"]

Code samples without security vulnerabilities

Negative test num. 1 - dockerfile file
FROM node:12
RUN apt-get --no-install-recommends install apt-utils
RUN ["apt-get", "apt::install-recommends=false", "install", "apt-utils"]