rspec/rules/S6469/docker/rule.adoc

== Why is this an issue?

include::../description.adoc[]

=== Noncompliant code example

[source,docker]
----
RUN --mount=type=secret,id=build_secret,mode=0777 ./installer.sh # Noncompliant
----

=== Compliant solution

[source,docker]
----
RUN --mount=type=secret,id=build_secret,uid=1000 ./installer.sh
----

include::../see.adoc[]

ifdef::env-github,rspecator-view[]

'''
== Implementation Specification
(visible only on this page)

include::../message.adoc[]


'''
endif::env-github,rspecator-view[]
migrate rule descriptions to new education format 2023-05-03 11:06:20 +02:00			`== Why is this an issue?`

Create rule S6469: Permissions of sensitive mount points should be restrictive (#1394) 2022-11-18 14:47:39 +01:00			`include::../description.adoc[]`

migrate rule descriptions to new education format 2023-05-03 11:06:20 +02:00			`=== Noncompliant code example`
Create rule S6469: Permissions of sensitive mount points should be restrictive (#1394) 2022-11-18 14:47:39 +01:00
			`[source,docker]`
			`----`
			`RUN --mount=type=secret,id=build_secret,mode=0777 ./installer.sh # Noncompliant`
			`----`

migrate rule descriptions to new education format 2023-05-03 11:06:20 +02:00			`=== Compliant solution`
Create rule S6469: Permissions of sensitive mount points should be restrictive (#1394) 2022-11-18 14:47:39 +01:00
			`[source,docker]`
			`----`
			`RUN --mount=type=secret,id=build_secret,uid=1000 ./installer.sh`
			`----`

			`include::../see.adoc[]`

			`ifdef::env-github,rspecator-view[]`

			`'''`
			`== Implementation Specification`
			`(visible only on this page)`

			`include::../message.adoc[]`


			`'''`
			`endif::env-github,rspecator-view[]`