Ensure not to use in RUN both 'curl' and 'wget'
The curl
and wget
are utilities which doing the same, to reduce the dependencies inside an image, and to reduce potential vulnerabilities in those tools in the future, choose only one of those programs.
Risk Level: medium
Platform: Docker
Spectral Rule ID: DOCKR046
REMEDIATION
Choose curl
OR wget
in RUN
.
FROM ubuntu:22.10
...
- RUN curl https://spectralops.io
+ RUN wget https://spectralops.io
RUN wget https://checkpoint.com
Read more:
Updated over 1 year ago