Check your code using Checkov

We will fix a dockerfile via checkov

In the previous post I made an Nginx container using Docker, Terraform and Checkov and now we will show the details of how to solve the vulnerabilities of a simple file.

Post : https://epma.medium.com/create-nginx-in-docker-using-terraform-and-checkov-a45692c69c04

Dockerfile Example

The command to check : checkov -d your path directory your code or not know in mac and linux type: pwd and Windows : echo %cd% .

First check

Do not use images of any product being: unstable, latest may contain vulnerabilities. Use stable images or with versions 2.9, 5.0 and etc.

Second Check

Place a healthcheck to help test your images via checkov used as a good practice.

Third Check

For security reasons put a user in a symbolic way, to avoid using escalated privilege and use a root account.

Fourth Check

Containers must run as a non-root user. It’s good practice to run the container as a non-root user whenever possible. This can be done via the USER directive in the Dockerfile. Let’s prevent our images from using root.

I’ll make the corrections and run the docker build file again:

Then run the checkov.

It's done

Related posts:

For those people who love drinking coffee, there are plenty of reasons to rejoice. Studies around the world have repeatedly shown that there are many health benefits associated with drinking this…

In this article I will share a simple approach how one can build a graph from vectorised data and apply graph community detection algorithm to cluster this data. This is a toy example which clusters…

In the shadow of Dubai’s sail-molded Burj Al Arab inn, crypto chiefs hobnobbed with Emirati royals, Wall Street investors, and Instagram powerhouses. The merriments in late March were coordinated by…