Copy is not used instead of Add in Dockerfiles

Description

The Copy instruction simply copies files from the local host machine to the container file system. The Add instruction could potentially retrieve files from remote URLs and perform operations such as unpacking them. The Add instruction, therefore, introduces security risks. For example, malicious files may be directly accessed from URLs without scanning, or there may be vulnerabilities associated with decompressing them

We recommend you use the Copy instruction instead of the Add instruction in the Dockerfile.

Fix - Buildtime

Dockerfile

- ADD config.txt /app/
+ COPY config.txt /app/