Invalid detection of CIS-DI-0010 if specfic versions are installed
030 opened this issue · comments
Description
RUN apk add --no-cache
libcrypto3=3.1.4-r1
libssl3=3.1.4-r1
What did you expect to happen?
no CIS-DI-0010 as packages are installed and it are no environment variables
What happened instead?
FATAL - CIS-DI-0010: Do not store credential in environment variables/files
* Suspicious ENV key found : libcrypto3 on RUN /bin/sh -c apk add --no-cache libcrypto3=3.1.4-r1 libssl3=3.1.4-r1 # buildkit (You can suppress it with --accept-key)
Output of run with -debug
:
(paste your output here)
Output of dockle -v
:
v0.4.13
Additional details (base image name, container registry info...):