Merge pull request #2331 from OWASP/renovate/com.github.spotbugs-spot… #203
commjoenmaster-container-publish.yml
on: push
build-and-publish
9m 13s
Annotations
5 warnings
|
JSON arguments recommended for ENTRYPOINT/CMD to prevent unintended behavior related to OS signals:
Dockerfile#L73
JSONArgsRecommended: JSON arguments recommended for CMD to prevent unintended behavior related to OS signals
More info: https://docs.docker.com/go/dockerfile/rule/json-args-recommended/
|
|
Sensitive data should not be used in the ARG or ENV commands:
Dockerfile#L19
SecretsUsedInArgOrEnv: Do not use ARG or ENV instructions for sensitive data (ENV "AZURE_KEY_VAULT_ENABLED")
More info: https://docs.docker.com/go/dockerfile/rule/secrets-used-in-arg-or-env/
|
|
Sensitive data should not be used in the ARG or ENV commands:
Dockerfile#L18
SecretsUsedInArgOrEnv: Do not use ARG or ENV instructions for sensitive data (ENV "DOCKER_ENV_PASSWORD")
More info: https://docs.docker.com/go/dockerfile/rule/secrets-used-in-arg-or-env/
|
|
Variables should be defined before their use:
Dockerfile#L17
UndefinedVar: Usage of undefined variable '$argBasedVersion'
More info: https://docs.docker.com/go/dockerfile/rule/undefined-var/
|
|
Sensitive data should not be used in the ARG or ENV commands:
Dockerfile#L16
SecretsUsedInArgOrEnv: Do not use ARG or ENV instructions for sensitive data (ENV "ARG_BASED_PASSWORD")
More info: https://docs.docker.com/go/dockerfile/rule/secrets-used-in-arg-or-env/
|
Artifacts
Produced during runtime
| Name | Size | Digest | |
|---|---|---|---|
|
OWASP~wrongsecrets~K2BTZQ.dockerbuild
|
174 KB |
sha256:1020c9b2ea4cb7153c7a5745127d0a3d027ef0f64c73da2701bbf81c8c5998cc
|
|