Rule Information
Tags
dockerdockerfilednfpackage-managerfedorarhelautomationci-cdbuildbest-practicenon-interactive
CWE References
Interactive Playground
Experiment with the vulnerable code and security rule below. Edit the code to see how the rule detects different vulnerability patterns.
pathfinder scan --ruleset docker/DOCKER-BP-026 --project .1
2
3
4
5
rule.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
About This Rule
Understanding the vulnerability and how it is detected
dnf install without -y flag. Add -y for non-interactive builds.
How to Fix
Recommended remediation steps
- 1Review your Dockerfile to address the missing -y flag for dnf issue
- 2Follow Docker official best practices for image building
- 3Use docker build --check to validate Dockerfile syntax and best practices
Similar Rules
Explore related security rules for Docker
MEDIUM
Base Image Uses :latest Tag
Base image uses ':latest' tag or no tag (defaults to latest). This makes builds non-reproducible.
INFO
Deprecated MAINTAINER Instruction
MAINTAINER instruction is deprecated. Use LABEL org.opencontainers.image.authors instead.
LOW
apt-get Without --no-install-recommends
apt-get install without --no-install-recommends. This installs unnecessary packages, increasing image size and attack surface.
Frequently Asked Questions
Common questions about Missing -y flag for dnf
dnf install without -y flag. Add -y for non-interactive builds.
Review the secure code example in the playground above and apply the recommended pattern to your Dockerfile or docker-compose.yml.
New feature
Get these findings posted directly on your GitHub pull requests
The Missing -y flag for dnf rule runs in CI and posts inline review comments on the exact lines — no dashboard, no SARIF viewer.