Hello,
We just added 7 new rules to help you write cleaner Dockerfiles:
- S4507: Delivering code in production with debug features activated is security-sensitive
- S6502: Disabling builder sandboxes is security-sensitive
- S6472: Using ENV or ARG to handle secrets is security-sensitive
- S2612: Dangerous “chmod” options on COPY, ADD, and RUN instructions
- S6497: Using a container image based on its digest is security-sensitive
- S6474: Sharing the host’s network namespace is security-sensitive
- S6500: Installing unnecessary packages is security-sensitive
This is available now on SonarCloud and will be part of SonarQube 10.0 soon.
Alex