# DOCKER-BP-025: Missing -y flag for yum > **Severity:** LOW | **CWE:** CWE-710 - **Language:** Docker - **Category:** Best Practice - **URL:** https://codepathfinder.dev/registry/docker/best-practice/DOCKER-BP-025 - **Detection:** `pathfinder scan --ruleset docker/DOCKER-BP-025 --project .` ## Description yum install without -y flag. Add -y for non-interactive builds. ## Vulnerable Code ```python FROM centos:7 # Bad: Missing -y flag # Build will hang waiting for confirmation RUN yum install httpd mod_ssl ``` ## Secure Code ```python FROM centos:7 # Good: Using -y flag for non-interactive installation RUN yum install -y httpd mod_ssl && \ yum clean all && \ rm -rf /var/cache/yum ``` ## Detection Rule (Python SDK) ```python from rules.container_decorators import dockerfile_rule from rules.container_matchers import instruction from rules.container_combinators import all_of @dockerfile_rule( id="DOCKER-BP-025", name="Missing -y flag for yum", severity="LOW", cwe="CWE-710", category="best-practice", tags="docker,dockerfile,yum,package-manager,centos,rhel,automation,ci-cd,build,best-practice,non-interactive", message="yum install without -y flag. Add -y for non-interactive builds." ) def missing_yum_assume_yes(): return all_of( instruction(type="RUN", contains="yum install"), instruction(type="RUN", not_contains="-y") ) ``` ## How to Fix - Review your Dockerfile to address the missing -y flag for yum issue - Follow Docker official best practices for image building - Use docker build --check to validate Dockerfile syntax and best practices ## FAQ **Q: Why does this rule flag missing -y flag for yum?** yum install without -y flag. Add -y for non-interactive builds. **Q: How do I fix this?** Review the secure code example in the playground above and apply the recommended pattern to your Dockerfile or docker-compose.yml. --- Source: https://codepathfinder.dev/registry/docker/best-practice/DOCKER-BP-025 Code Pathfinder — Open source, type-aware SAST with cross-file dataflow analysis