new dockerfile #4
Conversation
![prisma-cloud-devsecops[bot]](https://avatars.githubusercontent.com/in/135857?s=60&v=4){kind=small}
| uri: | ||
| url: https://www.example.com | ||
|
|
||
| - name: Download foo.conf |
There was a problem hiding this comment.
Certificate validation disabled with Ansible get_url module
Resource: tasks.ansible.builtin.get_url.Download foo.conf | Checkov ID: CKV_ANSIBLE_2
Description
This policy detects whether the Ansible get_url tasks enforce SSL certificate validation. Disabling certificate validation in get_url tasks may allow accepting potentially compromised certificates, leading to security vulnerabilities, such as man-in-the-middle attacks.
| amazon.aws.ec2_instance_info: | ||
| register: ec2info | ||
|
|
||
| - name: enabled |
There was a problem hiding this comment.
AWS EC2 instances with public IP and associated with security groups have Internet access
Resource: tasks.amazon.aws.ec2_instance.enabled | Checkov ID: CKV_AWS_88
Description
A public IP address is an IPv4 address that is reachable from the Internet.
You can use public addresses for communication between your instances and the Internet.
Each instance that receives a public IP address is also given an external DNS hostname.
We recommend you control whether your instance receives a public IP address as required.
| - hosts: localhost | ||
| gather_facts: false | ||
| tasks: | ||
| - name: Launch ec2 instances 1 |
There was a problem hiding this comment.
AWS EC2 instances with public IP and associated with security groups have Internet access
Resource: tasks.amazon.aws.ec2_instance.Launch ec2 instances 1 | Checkov ID: CKV_AWS_88
Description
A public IP address is an IPv4 address that is reachable from the Internet.
You can use public addresses for communication between your instances and the Internet.
Each instance that receives a public IP address is also given an external DNS hostname.
We recommend you control whether your instance receives a public IP address as required.
| tasks: | ||
| - name: Install, configure, and start Apache | ||
| block: | ||
| - name: Install httpd and memcached |
There was a problem hiding this comment.
SSL validation is disabled with yum
Resource: tasks.block.ansible.builtin.yum.Install httpd and memcached | Checkov ID: CKV_ANSIBLE_4
Description
This policy detects whether Ansible yum tasks have SSL validation disabled. Disabling SSL validation can significantly increase security risks as it allows the system to accept potentially compromised SSL certificates without verification. This could result in exposing the system to potential man-in-the-middle attacks.
| tasks: | ||
| - name: Install, configure, and start Apache | ||
| block: | ||
| - name: Install httpd and memcached |
There was a problem hiding this comment.
SSL validation is disabled with yum
Resource: tasks.block.ansible.builtin.yum.Install httpd and memcached | Checkov ID: CKV_ANSIBLE_4
Description
This policy detects whether Ansible yum tasks have SSL validation disabled. Disabling SSL validation can significantly increase security risks as it allows the system to accept potentially compromised SSL certificates without verification. This could result in exposing the system to potential man-in-the-middle attacks.
| @@ -0,0 +1,15 @@ | |||
| FROM node:12-alpine | |||
There was a problem hiding this comment.
minimist 1.2.5 / dockerfile.FROM
Total vulnerabilities: 1
| Critical: 1 | High: 0 | Medium: 0 | Low: 0 |
|---|
| Vulnerability ID | Severity | CVSS | Fixed in | Status |
|---|---|---|---|---|
| CVE-2021-44906 |  CRITICAL |
9.8 | 1.2.6 |
Open |
| @@ -0,0 +1,15 @@ | |||
| FROM node:12-alpine | |||
There was a problem hiding this comment.
zlib 1.2.12-r0 / dockerfile.FROM
Total vulnerabilities: 2
| Critical: 1 | High: 0 | Medium: 1 | Low: 0 |
|---|
| Vulnerability ID | Severity | CVSS | Fixed in | Status |
|---|---|---|---|---|
| CVE-2022-37434 | CRITICAL |
9.8 | 1.2.12-r2 |
Open |
| CVE-2023-6992 |  MEDIUM |
5.5 | - |
Open |
| @@ -0,0 +1,15 @@ | |||
| FROM node:12-alpine | |||
There was a problem hiding this comment.
busybox 1.34.1-r5 / dockerfile.FROM
Total vulnerabilities: 1
| Critical: 1 | High: 0 | Medium: 0 | Low: 0 |
|---|
| Vulnerability ID | Severity | CVSS | Fixed in | Status |
|---|---|---|---|---|
| CVE-2022-48174 | CRITICAL |
9.8 | - |
Open |
| @@ -0,0 +1,15 @@ | |||
| FROM node:12-alpine | |||
There was a problem hiding this comment.
tough-cookie 2.4.3 / dockerfile.FROM
Total vulnerabilities: 1
| Critical: 1 | High: 0 | Medium: 0 | Low: 0 |
|---|
| Vulnerability ID | Severity | CVSS | Fixed in | Status |
|---|---|---|---|---|
| CVE-2023-26136 | CRITICAL |
9.8 | 4.1.3 |
Open |
| @@ -0,0 +1,15 @@ | |||
| FROM node:12-alpine | |||
There was a problem hiding this comment.
ip 1.1.5 / dockerfile.FROM
Total vulnerabilities: 2
| Critical: 1 | High: 1 | Medium: 0 | Low: 0 |
|---|
| Vulnerability ID | Severity | CVSS | Fixed in | Status |
|---|---|---|---|---|
| CVE-2023-42282 | CRITICAL |
9.8 | 1.1.9 |
Open |
| CVE-2024-29415 |  HIGH |
8.1 | - |
Open |
No description provided.