-
Notifications
You must be signed in to change notification settings - Fork 289
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
bug(query): false positive from dockerfile/apt_get_install_lists_were_not_deleted #6892
Comments
Hi @rossi-fi! I created the following code sample for this issue, which doesn't reproduce the false positive: FROM busyboxneg6 Do you think it covers it? |
Using ARG to declare the variable is a valid workaround to avoid the false positive. Ideally the rules could be modified so one doesn't need to code around tool behaviour. |
It's common to use
DEBIAN_FRONTEND=noninteractive apt-get install package
. However the variable causes a false positive even though the install command is followed by cleanup.Expected Behavior
No vulnerabilities reported
Actual Behavior
Apt Get Install Lists Were Not Deleted
Workaround
Remove variable from apt-get install and precede it with
dpkg-reconfigure debconf --frontend=noninteractive
The text was updated successfully, but these errors were encountered: