You cannot select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
134 lines
5.9 KiB
Plaintext
134 lines
5.9 KiB
Plaintext
{
|
|
"version": "2.1.0",
|
|
"$schema": "https://json.schemastore.org/sarif-2.1.0-rtm.5.json",
|
|
"runs": [
|
|
{
|
|
"tool": {
|
|
"driver": {
|
|
"fullName": "Trivy Vulnerability Scanner",
|
|
"informationUri": "https://github.com/aquasecurity/trivy",
|
|
"name": "Trivy",
|
|
"rules": [
|
|
{
|
|
"id": "DS002",
|
|
"name": "Misconfiguration",
|
|
"shortDescription": {
|
|
"text": "Image user should not be \u0026#39;root\u0026#39;"
|
|
},
|
|
"fullDescription": {
|
|
"text": "Running containers with \u0026#39;root\u0026#39; user can lead to a container escape situation. It is a best practice to run containers as non-root users, which can be done by adding a \u0026#39;USER\u0026#39; statement to the Dockerfile."
|
|
},
|
|
"defaultConfiguration": {
|
|
"level": "error"
|
|
},
|
|
"helpUri": "https://avd.aquasec.com/misconfig/ds002",
|
|
"help": {
|
|
"text": "Misconfiguration DS002\nType: Dockerfile Security Check\nSeverity: HIGH\nCheck: Image user should not be 'root'\nMessage: Specify at least 1 USER command in Dockerfile with non-root user as argument\nLink: [DS002](https://avd.aquasec.com/misconfig/ds002)\nRunning containers with 'root' user can lead to a container escape situation. It is a best practice to run containers as non-root users, which can be done by adding a 'USER' statement to the Dockerfile.",
|
|
"markdown": "**Misconfiguration DS002**\n| Type | Severity | Check | Message | Link |\n| --- | --- | --- | --- | --- |\n|Dockerfile Security Check|HIGH|Image user should not be 'root'|Specify at least 1 USER command in Dockerfile with non-root user as argument|[DS002](https://avd.aquasec.com/misconfig/ds002)|\n\nRunning containers with 'root' user can lead to a container escape situation. It is a best practice to run containers as non-root users, which can be done by adding a 'USER' statement to the Dockerfile."
|
|
},
|
|
"properties": {
|
|
"precision": "very-high",
|
|
"security-severity": "8.0",
|
|
"tags": [
|
|
"misconfiguration",
|
|
"security",
|
|
"HIGH"
|
|
]
|
|
}
|
|
},
|
|
{
|
|
"id": "DS026",
|
|
"name": "Misconfiguration",
|
|
"shortDescription": {
|
|
"text": "No HEALTHCHECK defined"
|
|
},
|
|
"fullDescription": {
|
|
"text": "You shoud add HEALTHCHECK instruction in your docker container images to perform the health check on running containers."
|
|
},
|
|
"defaultConfiguration": {
|
|
"level": "note"
|
|
},
|
|
"helpUri": "https://avd.aquasec.com/misconfig/ds026",
|
|
"help": {
|
|
"text": "Misconfiguration DS026\nType: Dockerfile Security Check\nSeverity: LOW\nCheck: No HEALTHCHECK defined\nMessage: Add HEALTHCHECK instruction in your Dockerfile\nLink: [DS026](https://avd.aquasec.com/misconfig/ds026)\nYou shoud add HEALTHCHECK instruction in your docker container images to perform the health check on running containers.",
|
|
"markdown": "**Misconfiguration DS026**\n| Type | Severity | Check | Message | Link |\n| --- | --- | --- | --- | --- |\n|Dockerfile Security Check|LOW|No HEALTHCHECK defined|Add HEALTHCHECK instruction in your Dockerfile|[DS026](https://avd.aquasec.com/misconfig/ds026)|\n\nYou shoud add HEALTHCHECK instruction in your docker container images to perform the health check on running containers."
|
|
},
|
|
"properties": {
|
|
"precision": "very-high",
|
|
"security-severity": "2.0",
|
|
"tags": [
|
|
"misconfiguration",
|
|
"security",
|
|
"LOW"
|
|
]
|
|
}
|
|
}
|
|
],
|
|
"version": "0.37.2"
|
|
}
|
|
},
|
|
"results": [
|
|
{
|
|
"ruleId": "DS002",
|
|
"ruleIndex": 0,
|
|
"level": "error",
|
|
"message": {
|
|
"text": "Artifact: Dockerfile\nType: dockerfile\nVulnerability DS002\nSeverity: HIGH\nMessage: Specify at least 1 USER command in Dockerfile with non-root user as argument\nLink: [DS002](https://avd.aquasec.com/misconfig/ds002)"
|
|
},
|
|
"locations": [
|
|
{
|
|
"physicalLocation": {
|
|
"artifactLocation": {
|
|
"uri": "Dockerfile",
|
|
"uriBaseId": "ROOTPATH"
|
|
},
|
|
"region": {
|
|
"startLine": 1,
|
|
"startColumn": 1,
|
|
"endLine": 1,
|
|
"endColumn": 1
|
|
}
|
|
},
|
|
"message": {
|
|
"text": "Dockerfile"
|
|
}
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"ruleId": "DS026",
|
|
"ruleIndex": 1,
|
|
"level": "note",
|
|
"message": {
|
|
"text": "Artifact: Dockerfile\nType: dockerfile\nVulnerability DS026\nSeverity: LOW\nMessage: Add HEALTHCHECK instruction in your Dockerfile\nLink: [DS026](https://avd.aquasec.com/misconfig/ds026)"
|
|
},
|
|
"locations": [
|
|
{
|
|
"physicalLocation": {
|
|
"artifactLocation": {
|
|
"uri": "Dockerfile",
|
|
"uriBaseId": "ROOTPATH"
|
|
},
|
|
"region": {
|
|
"startLine": 1,
|
|
"startColumn": 1,
|
|
"endLine": 1,
|
|
"endColumn": 1
|
|
}
|
|
},
|
|
"message": {
|
|
"text": "Dockerfile"
|
|
}
|
|
}
|
|
]
|
|
}
|
|
],
|
|
"columnKind": "utf16CodeUnits",
|
|
"originalUriBaseIds": {
|
|
"ROOTPATH": {
|
|
"uri": "file:///"
|
|
}
|
|
}
|
|
}
|
|
]
|
|
} |