Container Security

Critical security rules for Docker containers

4
Security Rules

Run All Container Security Rules

pathfinder scan --ruleset cpf/docker/security

Rules

Container Running as Root

high

Detects Dockerfiles without USER instruction, causing containers to run with root privileges

dockercontainerprivilege-escalationsecurity
CWE-250
Updated 2024-12-10

Secret in Build Argument

critical

Detects ARG instructions with names suggesting secrets. Build args are visible in image history

dockersecretscredentialsleak
CWE-538
Updated 2024-12-10

Docker Socket Mounted as Volume

critical

Detects Docker socket mount which gives container full control over host Docker daemon

dockercontainer-escapeprivilege-escalation
CWE-250
Updated 2024-12-10

Sudo Usage in Dockerfile

medium

Detects use of sudo in RUN instructions which is an anti-pattern indicating privilege model confusion

dockersecurityprivilege
CWE-250
Updated 2024-12-10
Back to Docker CategoriesAll Languages →
Container Security Security Rules for Docker - 4 SAST Rules | Code Pathfinder | Code Pathfinder