Check your code using Checkov
We will fix a dockerfile via checkov
In the previous post I made an Nginx container using Docker, Terraform and Checkov and now we will show the details of how to solve the vulnerabilities of a simple file.
Post : https://epma.medium.com/create-nginx-in-docker-using-terraform-and-checkov-a45692c69c04
Dockerfile Example
FROM nginx:latest
COPY index.html /usr/share/nginx/html
The command to check : checkov -d your path directory your code or not know in mac and linux type: pwd and Windows : echo %cd% .
First check
Do not use images of any product being: unstable, latest may contain vulnerabilities. Use stable images or with versions 2.9, 5.0 and etc.
Second Check
Place a healthcheck to help test your images via checkov used as a good practice.
Third Check
For security reasons put a user in a symbolic way, to avoid using escalated privilege and use a root account.
Fourth Check
Containers must run as a non-root user. It’s good practice to run the container as a non-root user whenever possible. This can be done via the USER directive in the Dockerfile. Let’s prevent our images from using root.
I’ll make the corrections and run the docker build file again:
docker build -t Nginx .Then run the checkov.
It's done
