# docker (Dockerfile) Security Rules

15 detection rules for docker framework in Dockerfile

- Total rules: 15
- CWE coverage: 5

## CRITICAL (1)

- **Docker Secrets and Security Best Practices**: Detects hardcoded secrets in ENV/ARG and piping curl/wget to shell.

## HIGH (2)

- **Container runs as root**: Detects CMD or ENTRYPOINT without a preceding USER instruction.
The container will run as root, which is a security risk.
- **Docker User and File Permissions**: Detects explicit root user and overly permissive chmod 777 permissions.

## MEDIUM (3)

- **Docker Base Image Security**: Detects base images using "latest" tag or missing version tags.
- **Multiple ENTRYPOINT Instructions**: Detects multiple ENTRYPOINT instructions where only the last one takes effect.
- **Dockerfile Uses Outdated Node.js Version**: Detects Dockerfiles using outdated or end-of-life Node.js versions.

## LOW (8)

- **Docker apt-get Missing Cache Cleanup**: Detects apt-get commands without cache cleanup in the same RUN layer.
- **Docker apt-get Missing --no-install-recommends**: Detects apt-get install commands without --no-install-recommends flag.
- **Docker apt-get Missing -y Flag**: Detects apt-get install commands without the -y flag for non-interactive builds.
- **Docker Build Optimization and Best Practices**: Detects build optimization issues like relative WORKDIR paths.
- **Docker Compose Obsolete Version Field**: Detects Docker Compose files using the obsolete 'version' field.
- **Docker File Operations Best Practices**: Detects ADD usage instead of COPY and copying entire build context.
- **Missing Healthcheck Configuration**: Detects Dockerfiles missing HEALTHCHECK instructions for container monitoring.
- **Use npm ci for Reproducible Builds**: Detects Dockerfiles using `npm install` instead of `npm ci` for production builds.