PlatformResourcesSign inSign Up

Ensure update instructions are not used alone in a Dockerfile

Error: Update instructions are used alone in a Dockerfile

Bridgecrew Policy ID: BC_DKR_4
Checkov Check ID: CKV_DOCKER_5
Severity: LOW

Suggest Edits

Update instructions are used alone in a Dockerfile

Description

You should not use OS package manager update instructions such as apt-get update or yum update either alone or in a single line in the Dockerfile.

Adding update instructions in a single line on the Dockerfile will cause the update layer to be cached. When you then build any image later using the same instruction, this will cause the previously cached update layer to be used, potentially preventing any fresh updates from being applied to later builds.

Fix - Buildtime

Docker

FROM base

RUN apt-get update \
 && apt-get install -y --no-install-recommends foo \
 && echo gooo

RUN apk update \
 && apk add --no-cache suuu looo

RUN apk --update add moo

Updated 8 months ago