Ledger Wiz (CSPM & secret detection) / Wiz IaC Scanner
completed
Oct 7, 2024 in 5s
Wiz IaC Scanner
Annotations
Check warning on line 22 in .github/workflows/Dockerfile
ledger-wiz-cspm-secret-detection / Wiz IaC Scanner
COPY '--from' Without FROM Alias Defined Previously
Rule ID: 3cc68033-2ce9-4f64-9949-a0d36aeff197
Severity: Medium
Resource: FROM={{ghcr.io/ledgerhq/speculos:latest}}.{{COPY --from=0 /usr/local/bin/ /usr/local/bin/}}
COPY command with the flag '--from' should mention a previously defined FROM alias
Raw output
Expected: COPY '--from' should reference a previously defined FROM alias
Found: COPY '--from' does not reference a previously defined FROM alias
Check warning on line 10 in .github/workflows/Dockerfile
ledger-wiz-cspm-secret-detection / Wiz IaC Scanner
Run Using apt
Rule ID: 853ed0e2-f329-4e58-95bb-9094a29691a7
Severity: Medium
Resource: FROM={{ghcr.io/ledgerhq/speculos:latest}}.{{RUN apt install -y bsdmainutils build-essential cmake pkg-config ccache git libboost-dev libboost-filesystem-dev libboost-system-dev libboost-test-dev libevent-dev libminiupnpc-dev libnatpmp-dev libqt5gui5 libqt5core5a libqt5dbus5 libsqlite3-dev libtool libzmq3-dev pkg-config python3 qttools5-dev qttools5-dev-tools qtwayland5 systemtap-sdt-dev}}
apt is discouraged by the Linux distributions as an unattended tool as its interface may suffer changes between versions. Better use the more stable apt-get and apt-cache
Raw output
Expected: RUN instructions should not use the 'apt' program
Found: RUN instruction is invoking the 'apt' program
Loading