rspec/rules/S6502/docker/rule.adoc

include::../description.adoc[]

include::../ask-yourself.adoc[]

include::../recommended.adoc[]

== Sensitive Code Example

[source,docker]
----
# syntax=docker/dockerfile:1-labs
FROM ubuntu:22.04
# Sensitive
RUN --security=insecure ./example.sh
----

== Compliant Solution

[source,docker]
----
# syntax=docker/dockerfile:1-labs
FROM ubuntu:22.04
RUN ./example.sh
RUN --security=sandbox ./example.sh
----

include::../see.adoc[]

include::../implementation.adoc[]
Create rule S6502: Disabling builder sandboxes is security-sensitive (#1547) 2023-02-07 10:32:16 +01:00			`include::../description.adoc[]`

			`include::../ask-yourself.adoc[]`

			`include::../recommended.adoc[]`

			`== Sensitive Code Example`

			`[source,docker]`
			`----`
			`# syntax=docker/dockerfile:1-labs`
			`FROM ubuntu:22.04`
			`# Sensitive`
			`RUN --security=insecure ./example.sh`
			`----`

			`== Compliant Solution`

			`[source,docker]`
			`----`
			`# syntax=docker/dockerfile:1-labs`
			`FROM ubuntu:22.04`
			`RUN ./example.sh`
			`RUN --security=sandbox ./example.sh`
			`----`

			`include::../see.adoc[]`

			`include::../implementation.adoc[]`