Skip to content

Commit

Permalink
Update location of lcov package
Browse files Browse the repository at this point in the history
  • Loading branch information
@fbeutin-ledger
fbeutin-ledger committed May 13, 2024
1 parent f87be5f commit a552cb3
Showing 1 changed file with 1 addition and 2 deletions.
3 changes: 1 addition & 2 deletions lite/Dockerfile
View file
Original file line number Diff line number Diff line change
Expand Up @@ -33,8 +33,7 @@ RUN python3 -m ensurepip --upgrade \
&& pip3 install --upgrade pip \
&& pip3 install wheel

# lcov is only present in the testing repository of the edge branch
RUN apk add --repository=http://dl-cdn.alpinelinux.org/alpine/edge/testing lcov
RUN apk add lcov

Check warning on line 36 in lite/Dockerfile

View check run for this annotation

Ledger Wiz (CSPM & secret detection) / Wiz IaC Scanner

Unpinned Package Version in Apk Add 

Rule ID: 9b55ae16-9e49-41dc-885f-a59ee0bb54bd
Severity: Medium
Resource: FROM={{alpine:3.15}}.{{RUN apk add lcov}}

Package version pinning reduces the range of versions that can be installed, reducing the chances of failure due to unanticipated changes
Raw output 
Expected: RUN instruction with 'apk add <package>' should use package pinning form 'apk add <package>=<version>'
Found: RUN instruction apk add lcov does not use package pinning form

Check notice on line 36 in lite/Dockerfile

View check run for this annotation

Ledger Wiz (CSPM & secret detection) / Wiz IaC Scanner

Apk Add Using Local Cache Path 

Rule ID: 8ac96529-88bd-41af-ad98-b24bf7a8a85c
Severity: None
Resource: FROM={{alpine:3.15}}.{{RUN apk add lcov}}

When installing packages, use the '--no-cache' switch to avoid the need to use '--update' and remove '/var/cache/apk/*'
Raw output 
Expected: 'RUN' should not contain 'apk add' command without '--no-cache' switch
Found: 'RUN' contains 'apk add' command without '--no-cache' switch

# This package is required by lcov
RUN apk add gzip
Expand Down

0 comments on commit a552cb3

Please sign in to comment.