Rule Information
Tags
dockerdockerfilefromplatformmulti-archportabilitybuildxarchitecturebest-practice
CWE References
Interactive Playground
Experiment with the vulnerable code and security rule below. Edit the code to see how the rule detects different vulnerability patterns.
pathfinder scan --ruleset docker/DOCKER-BP-027 --project .1
2
3
rule.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
About This Rule
Understanding the vulnerability and how it is detected
Detects use of --platform flag in FROM instructions. Hardcoding platform reduces portability and prevents Docker from automatically selecting the appropriate platform for multi-architecture builds.
How to Fix
Recommended remediation steps
- 1Review your Dockerfile to address the avoid --platform flag with from issue
- 2Follow Docker official best practices for image building
- 3Use docker build --check to validate Dockerfile syntax and best practices
References
External resources and documentation
Similar Rules
Explore related security rules for Docker
MEDIUM
Base Image Uses :latest Tag
Base image uses ':latest' tag or no tag (defaults to latest). This makes builds non-reproducible.
INFO
Deprecated MAINTAINER Instruction
MAINTAINER instruction is deprecated. Use LABEL org.opencontainers.image.authors instead.
LOW
apt-get Without --no-install-recommends
apt-get install without --no-install-recommends. This installs unnecessary packages, increasing image size and attack surface.
Frequently Asked Questions
Common questions about Avoid --platform Flag with FROM
FROM with --platform flag reduces portability. Let Docker handle platform selection.
Review the secure code example in the playground above and apply the recommended pattern to your Dockerfile or docker-compose.yml.
New feature
Get these findings posted directly on your GitHub pull requests
The Avoid --platform Flag with FROM rule runs in CI and posts inline review comments on the exact lines — no dashboard, no SARIF viewer.