# Docker (Dockerfile) Security

Security vulnerabilities and detection rules for docker framework. 15 rules across 5 CWE categories.

- Total rules: 15
- CWE categories: 5
- Critical rules: 1

## CWEs

- **CWE-1104**: Use of Unmaintained Third Party Components
- **CWE-1395**: Dependency on Vulnerable Third-Party Component
- **CWE-250**: Execution with Unnecessary Privileges
- **CWE-693**: Protection Mechanism Failure
- **CWE-798**: Use of Hard-coded Credentials

## Rules

- **Docker apt-get Missing Cache Cleanup** [LOW]: Detects apt-get commands without cache cleanup in the same RUN layer.
- **Docker apt-get Missing --no-install-recommends** [LOW]: Detects apt-get install commands without --no-install-recommends flag.
- **Docker apt-get Missing -y Flag** [LOW]: Detects apt-get install commands without the -y flag for non-interactive builds.
- **Docker Base Image Security** [MEDIUM]: Detects base images using "latest" tag or missing version tags.
- **Docker Build Optimization and Best Practices** [LOW]: Detects build optimization issues like relative WORKDIR paths.
- **Docker Compose Obsolete Version Field** [LOW]: Detects Docker Compose files using the obsolete 'version' field.
- **Docker File Operations Best Practices** [LOW]: Detects ADD usage instead of COPY and copying entire build context.
- **Invalid Port Number in EXPOSE** [ERROR]: Detects invalid port numbers in EXPOSE instructions (valid range: 0-65535).
- **Missing Healthcheck Configuration** [LOW]: Detects Dockerfiles missing HEALTHCHECK instructions for container monitoring.
- **Container runs as root** [HIGH]: Detects CMD or ENTRYPOINT without a preceding USER instruction.
The container will run as root, which is a security risk.
- **Multiple ENTRYPOINT Instructions** [MEDIUM]: Detects multiple ENTRYPOINT instructions where only the last one takes effect.
- **Use npm ci for Reproducible Builds** [LOW]: Detects Dockerfiles using `npm install` instead of `npm ci` for production builds.
- **Dockerfile Uses Outdated Node.js Version** [MEDIUM]: Detects Dockerfiles using outdated or end-of-life Node.js versions.
- **Docker Secrets and Security Best Practices** [CRITICAL]: Detects hardcoded secrets in ENV/ARG and piping curl/wget to shell.
- **Docker User and File Permissions** [HIGH]: Detects explicit root user and overly permissive chmod 777 permissions.