False positive on DKL-DI-0001 (Avoid sudo command)

[mreiche]

Description

I'm scanning an image that removes sudo binary from the image via:

RUN /bin/sh -o pipefail -c find /bin /etc /lib /sbin /usr -xdev \\(   -iname hexdump -o   -iname chgrp -o   -iname ln -o   -iname od -o   -iname strings -o   -iname su -o   -iname sudo   \\) -delete

which raises the error

FATAL   - DKL-DI-0001: Avoid sudo command

What did you expect to happen?

sudo should not just found by string search.

What happened instead?

The string sudo is detected as running sudo

Output of dockle -v:

dockle version 0.4.15

Additional details (base image name, container registry info...):

The base image is https://github.com/ironpeakservices/iron-alpine