Skip to content

OPSEXP-2921 Add ACS version 7.3 (#113) #396

OPSEXP-2921 Add ACS version 7.3 (#113)

OPSEXP-2921 Add ACS version 7.3 (#113) #396

Triggered via push November 12, 2024 13:10
Status Success
Total duration 43s
Artifacts

kics.yml

on: push
Fit to window
Zoom out
Zoom in

Annotations

10 warnings
[HIGH] Missing User Instruction: java/Dockerfile#L24
A user should be specified in the dockerfile, otherwise the image will run as root
[MEDIUM] Add Instead of Copy: ats/sfs/Dockerfile#L11
Using ADD to load external installation scripts could lead to an evil web server leveraging this and loading a malicious script.
[MEDIUM] Add Instead of Copy: tengine/misc/Dockerfile#L12
Using ADD to load external installation scripts could lead to an evil web server leveraging this and loading a malicious script.
[MEDIUM] Add Instead of Copy: connector/msteams/Dockerfile#L10
Using ADD to load external installation scripts could lead to an evil web server leveraging this and loading a malicious script.
[MEDIUM] Add Instead of Copy: ats/trouter/Dockerfile#L11
Using ADD to load external installation scripts could lead to an evil web server leveraging this and loading a malicious script.
[MEDIUM] Add Instead of Copy: tengine/pdfrenderer/Dockerfile#L18
Using ADD to load external installation scripts could lead to an evil web server leveraging this and loading a malicious script.
[MEDIUM] Add Instead of Copy: tengine/tika/Dockerfile#L17
Using ADD to load external installation scripts could lead to an evil web server leveraging this and loading a malicious script.
[MEDIUM] Add Instead of Copy: tengine/libreoffice/Dockerfile#L26
Using ADD to load external installation scripts could lead to an evil web server leveraging this and loading a malicious script.
[MEDIUM] Add Instead of Copy: connector/ms365/Dockerfile#L10
Using ADD to load external installation scripts could lead to an evil web server leveraging this and loading a malicious script.
[MEDIUM] Apt Get Install Pin Version Not Defined: tomcat/Dockerfile#L21
When installing a package, its pin version should be defined