Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

auth-layer-proxy improvements for envoy configuration configurable #47

Merged
merged 6 commits into from
Apr 2, 2024

minor improvements suggested by PR Review:

415e82b
Select commit
Loading
Failed to load commit list.
Merged

auth-layer-proxy improvements for envoy configuration configurable #47

minor improvements suggested by PR Review:
415e82b
Select commit
Loading
Failed to load commit list.
Wiz Inc. (8f76296f7c) / Wiz IaC Scanner completed Apr 2, 2024 in 7s

Wiz IaC Scanner

Well Met, Squire of Source Code! 🛡️

The scrolls of foresight offered glimpses of hidden enigmas within this code. 📜🔍

Revealing IaC misconfigurations with Wiz 🪄

🔮 IaC Misconfigurations Detected: 2

0C 0H 0M 1L 1I

― Note from Wiz: "With every keystroke, you weave a tapestry of digital enchantment! 🧵🔥"

Annotations

Check notice on line 9 in auth-layer-proxy/Dockerfile

See this annotation in the file changed.

@wiz-inc-8f76296f7c wiz-inc-8f76296f7c / Wiz IaC Scanner

APT-GET Not Avoiding Additional Packages 

Rule ID: 15862929-8b16-4974-b8dc-04bb9db86686
Severity: None
Resource: FROM={{envoyproxy/envoy:v1.28-latest}}.{{RUN chmod +x /etc/envoy/start-envoy.sh &&     chown -R envoy:envoy /etc/envoy &&     apt-get update &&     apt-get install -y gettext-base=0.19.* lua5.1=5.1.* luarocks=2.4.* git=1:2.* &&     luarocks install lua-cjson &&     luarocks install luasocket &&     rm -rf /var/lib/apt/lists/*}}

Check if any apt-get installs don't use '--no-install-recommends' flag to avoid installing additional packages.
Raw output 
Expected: 'RUN chmod +x /etc/envoy/start-envoy.sh &&     chown -R envoy:envoy /etc/envoy &&     apt-get update &&     apt-get install -y gettext-base=0.19.* lua5.1=5.1.* luarocks=2.4.* git=1:2.* &&     luarocks install lua-cjson &&     luarocks install luasocket &&     rm -rf /var/lib/apt/lists/*' uses '--no-install-recommends' flag to avoid installing additional packages
Found: 'RUN chmod +x /etc/envoy/start-envoy.sh &&     chown -R envoy:envoy /etc/envoy &&     apt-get update &&     apt-get install -y gettext-base=0.19.* lua5.1=5.1.* luarocks=2.4.* git=1:2.* &&     luarocks install lua-cjson &&     luarocks install luasocket &&     rm -rf /var/lib/apt/lists/*' does not use '--no-install-recommends' flag to avoid installing additional packages

Check notice on line 1 in auth-layer-proxy/Dockerfile

See this annotation in the file changed.

@wiz-inc-8f76296f7c wiz-inc-8f76296f7c / Wiz IaC Scanner

Healthcheck Instruction Missing 

Rule ID: 52ab40ee-72d1-4fcf-b295-20834d179270
Severity: Low
Resource: FROM={{envoyproxy/envoy:v1.28-latest}}

Ensure that HEALTHCHECK is being used. The HEALTHCHECK instruction tells Docker how to test a container to check that it is still working
Raw output 
Expected: Dockerfile should contain instruction 'HEALTHCHECK'
Found: Dockerfile doesn't contain instruction 'HEALTHCHECK'
View more details on Wiz Inc. (8f76296f7c)