Hello,
We just added again 7 new rules to help you write cleaner Dockerfiles:
- S6504: Having executables not owned by root is security-sensitive
- S6437: Credentials should not be hard-coded
- S6505: Allowing shell scripts execution during package installation is security-sensitive
- S4423: Weak SSL/TLS protocols should not be used
- S4790: Using weak hashing algorithms is security-sensitive
- S4830: Server certificates should be verified during SSL/TLS connections
- S6506: Allowing downgrades to a clear-text protocol is security-sensitive
Overall, it’s now 21 rules that are available now on SonarCloud for Dockerfile. These rules will be part of the upcoming SonarQube 10.0.
Alex