Dockerfile support 🐳
almost 3 years ago by Gilad Mark
Bridgecrew now supports Dockerfile scanning!
Docker builds images by reading the instructions from a Dockerfile, a document with commands a user would call on the command line to assemble an image. Dockerfile scanning enables you to spot misconfigurations before pushing the image to a registry.
By adding Dockerfile scanning to your VCS or CI/CD tools, you'll be able to find and fix the following policy violations in your Dockerfiles:
- Ensure that COPY is used instead of ADD in Dockerfiles
- Ensure that HEALTHCHECK instructions have been added to container images
- Ensure update instructions are not used alone in the Dockerfile
- Ensure that a user for the container has been created
- Ensure port 22 is not exposed
Full documentation
This feature is also available for Checkov, our open source IaC scanning tool.