Skip to content

Commit

Permalink
Update core/mondoo-dockerfile-security.mql.yaml
Browse files Browse the repository at this point in the history 
Co-authored-by: Letha <[email protected]>
Signed-off-by: Tim Smith <[email protected]>
  • Loading branch information
@tas50 @misterpantz
tas50 and misterpantz committed Aug 8, 2024
1 parent bba09fe commit 73c39ed
Showing 1 changed file with 2 additions and 2 deletions.
4 changes: 2 additions & 2 deletions core/mondoo-dockerfile-security.mql.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -162,8 +162,8 @@ queries:
Ensure that the `--nogpgcheck` option is not used with YUM or DNF in Dockerfile `RUN` instructions.
Skipping GPG validation can expose the container to risks by allowing packages with untrusted or missing GPG signatures.
remediation: |
Review the Dockerfile `RUN` instructions to ensure that YUM or DNF commands do not use the `--nogpgcheck` option.
Configure YUM or DNF to perform GPG validation to enhance the security of your container configurations.
- Review the Dockerfile `RUN` instructions to ensure that YUM or DNF commands do not use the `--nogpgcheck` option.
- Configure YUM or DNF to perform GPG validation to enhance the security of your container configurations.
- uid: mondoo-docker-security-non-root-user
title: Don't run containers as root user
impact: 100
Expand Down

0 comments on commit 73c39ed

Please sign in to comment.