Audit

Audit and compliance rules

2
Security Rules

Run All Audit Rules

pathfinder scan --ruleset cpf/docker/audit

Rules

Dockerfile Source Not Pinned

LOW

FROM instruction without digest pinning. Consider using @sha256:... for immutable builds.

dockerdockerfilefromdigestsha256immutabilitysupply-chainreproducibilityauditsecurity
CWE-1188
Updated 2026-01-17

Privileged Port Exposed

MEDIUM

Exposing port below 1024 typically requires root privileges to bind. Consider using non-privileged ports (>1024) with port mapping or granting CAP_NET_BIND_SERVICE capability.

dockerdockerfileportexposeprivilegedrootsecurityunixnetworkingcapabilitiesbest-practice
CWE-250
Updated 2026-01-17
Back to Docker CategoriesAll Languages →