APT-GET Not Avoiding Additional Packages
- Query id: 7384dfb2-fcd1-4fbf-91cd-6c44c318c33c
- Query name: APT-GET Not Avoiding Additional Packages
- Platform: Dockerfile
- Severity: Info
- Category: Supply-Chain
- CWE: 710
- URL: Github
Description¶
Check if any apt-get installs don't use '--no-install-recommends' flag to avoid installing additional packages.
Documentation
Code samples¶
Code samples with security vulnerabilities¶
Positive test num. 1 - dockerfile file
FROM node:12
RUN apt-get install apt-utils
RUN ["apt-get", "install", "apt-utils"]