We are happy to announce that you can now scan your Dockerfiles with SonarCloud or SonarQube Community Edition 9.9+ LTS.
Here is the list of the first set of rules provided:
- S6472: Using ENV to handle secrets is security-sensitive
- S6469: Permissions of sensitive mount points should be restrictive
- S6473: Exposing administration services is security-sensitive
- S6470: Recursively copying context directories is security-sensitive
- S5332: Using clear-text protocols is security-sensitive
- S6476: Instructions should be upper case
- S6471: Running containers as a privileged user is security-sensitive
More rules are coming in a few weeks. Meanwhile, we would be very happy to get your feedback on these rules.