7 new rules to clean your Dockerfiles


We just added 7 new rules to help you write cleaner Dockerfiles:

  • S4507: Delivering code in production with debug features activated is security-sensitive
  • S6502: Disabling builder sandboxes is security-sensitive
  • S6472: Add ARG secret handling detection
  • S2612: Dangerous “chmod” options on COPY, ADD, and RUN instructions
  • S6497: Using a container image based on its digest is security-sensitive
  • S6474: Sharing the host’s network namespace is security-sensitive
  • S6500: Installing unnecessary packages is security-sensitive

This is available now on SonarCloud and will be part of SonarQube 10.0 soon.


1 Like