Update docker-build-context-abuse.md

Author: carlospolop

src/pentesting-ci-cd/docker-build-context-abuse.md

@@ -101,21 +101,6 @@ curl -s -X POST -H "Authorization: Bearer fm2_..." \
 
 Captured requests often contain client credentials in headers, bodies, or query params.
 
-## Detection ideas
-
-- Flag suspicious build contexts ("..", absolute paths, or paths escaping the repo root).
-- Build logs showing COPY of non-repo paths or network egress during build (curl, wget) from Dockerfile RUN.
-- Control-plane audit anomalies (e.g., spikes in exec calls, package installs like apk add tcpdump).
-- Egress monitoring from builder hosts and hosted servers.
-
-## Mitigations
-
-- Canonicalize and constrain build contexts to the repository root (disallow ".." and absolute paths). Allow-list subpaths only.
-- Mount a minimal, read-only build context; run builds in ephemeral, sandboxed builders with least-privilege.
-- Separate credentials and scope them narrowly (registry vs control-plane). Prefer short-lived tokens and automatic rotation.
-- Restrict egress from build steps and from hosted servers; block unsolid outbound exfiltration.
-- Prefer OAuth with narrow scopes and short lifetimes for client-to-server authentication, reducing blast radius.
-
 ## References
 
 - [Breaking MCP Server Hosting: Build-Context Path Traversal to Org-wide RCE and Secret Theft](https://blog.gitguardian.com/breaking-mcp-server-hosting/)