Audit

Audit and compliance rules

2
Security Rules

Run All Audit Rules

pathfinder scan --ruleset docker/audit --project .

Rules

Dockerfile Source Not Pinned

LOW

FROM instruction without digest pinning. Consider using @sha256:... for immutable builds.

dockerdockerfilefromdigestsha256immutabilitysupply-chainreproducibilityauditsecurity
CWE-1188
Updated 2026-03-22

Privileged Port Exposed

MEDIUM

Exposing port below 1024 typically requires root privileges to bind. Consider using non-privileged ports (>1024) with port mapping or granting CAP_NET_BIND_SERVICE capability.

dockerdockerfileportexposeprivilegedrootsecurityunixnetworkingcapabilitiesbest-practice
CWE-250
Updated 2026-03-22

Other Docker Categories

Best Practice

28 rules

Correctness

3 rules

Security

4 rules

Back to Docker CategoriesAll Languages →