Dependency on Vulnerable Third-Party Component
The product uses a third-party component that contains one or more known vulnerabilities.
Using vulnerable dependencies exposes the application to known exploits. Container images and application dependencies should be regularly scanned and updated.
Jak naprawić tę podatność
Strategie zapobiegania dla Dependency on Vulnerable Third-Party oparte na 3 regułach detekcji Shoulder.
Clean apt cache in the same RUN layer to reduce image size
FROM ubuntu:22.04 - RUN apt-get update && apt-get install -y --no-install-recommends curl + RUN apt-get update && \ + apt-get install -y --no-install-recommends curl && \ + rm -rf /var/lib/apt/lists/*
Add --no-install-recommends to apt-get install to minimize image size
FROM ubuntu:22.04 - RUN apt-get update && apt-get install -y curl + RUN apt-get update && apt-get install -y --no-install-recommends curl
Add -y flag to apt-get install for non-interactive Docker builds
FROM ubuntu:22.04 - RUN apt-get update && apt-get install curl + RUN apt-get update && apt-get install -y curl
Znajdz podatnosci w swoim kodzie
Uzyj Shoulder do skanowania kodu w poszukiwaniu wzorcow Dependency on Vulnerable Third-Party Component. 3 reguly.
# Scan with Shoulder CLI npx @shoulderdev/cli trust --cwe=1395 # Or scan entire project npx @shoulderdev/cli trust .
Reguly Wykrywania (3)
Na co zwracac uwage podczas przegladu kodu
Te wzorce wskazuja na potencjalne podatnosci Dependency on Vulnerable Third-Party Component. Szukaj ich podczas przegladow kodu i audytow bezpieczenstwa.
Przeskanuj swój kod w poszukiwaniu Dependency on Vulnerable Third-Party Component
Shoulder CLI znajduje podatne wzorce w całym Twoim kodzie.