{ "summary": { "fatal": 6, "warn": 2, "info": 2, "pass": 7 }, "details": [ { "code": "CIS-DI-0001", "title": "Create a user for the container", "level": "WARN", "alerts": [ "Last user should not be root" ] }, { "code": "CIS-DI-0005", "title": "Enable Content trust for Docker", "level": "INFO", "alerts": [ "export DOCKER_CONTENT_TRUST=1 before docker pull/build" ] }, { "code": "CIS-DI-0006", "title": "Add HEALTHCHECK instruction to the container image", "level": "WARN", "alerts": [ "not found HEALTHCHECK statement" ] }, { "code": "CIS-DI-0008", "title": "Remove setuid and setgid permissions in the images", "level": "INFO", "alerts": [ "Found setuid file: usr/lib/openssh/ssh-keysign urwxr-xr-x" ] }, { "code": "CIS-DI-0009", "title": "Use COPY instead of ADD in Dockerfile", "level": "FATAL", "alerts": [ "Use COPY : /bin/sh -c #(nop) ADD file:81c0a803075715d1a6b4f75a29f8a01b21cc170cfc1bff6702317d1be2fe71a3 in /app/credentials.json " ] }, { "code": "CIS-DI-0010", "title": "Do not store secrets in ENVIRONMENT variables", "level": "FATAL", "alerts": [ "Suspicious ENV key found : MYSQL_PASSWD" ] }, { "code": "CIS-DI-0010", "title": "Do not store secret files", "level": "FATAL", "alerts": [ "Suspicious filename found : app/credentials.json " ] }, { "code": "DKL-DI-0002", "title": "Avoid sensitive directory mounting", "level": "FATAL", "alerts": [ "Avoid mounting sensitive dirs : /usr" ] }, { "code": "DKL-DI-0005", "title": "Clear apt-get caches", "level": "FATAL", "alerts": [ "Use 'rm -rf /var/lib/apt/lists' after 'apt-get install' : /bin/sh -c apt-get update \u0026\u0026 apt-get install -y git" ] }, { "code": "DKL-LI-0001", "title": "Avoid empty password", "level": "FATAL", "alerts": [ "No password user found! username : nopasswd" ] } ] }