Added fastapi server and Docker files.
Wiz IaC Scanner
Annotations
Check failure on line 1 in Dockerfile
wiz-inc-a28a8b7b4c / Wiz IaC Scanner
Missing User Instruction
Rule ID: da8c7b4f-5324-4d73-9d52-09c5ce91e8e7
Severity: High
Resource: FROM={{python:slim}}
A user should be specified in the dockerfile, otherwise the image will run as root
Raw output
Expected: The 'Dockerfile' should contain the 'USER' instruction
Found: The 'Dockerfile' does not contain any 'USER' instruction
Check warning on line 15 in Dockerfile
wiz-inc-a28a8b7b4c / Wiz IaC Scanner
Pip install keeping cached packages
Rule ID: 86805785-1b59-4f12-9718-3867bc187cc1
Severity: Medium
Resource: FROM={{python:slim}}.{{python -m pip install -r requirements.txt}}
When installing packages with pip, the '--no-cache-dir' flag should be set to make Docker images smaller
Raw output
Expected: The '--no-cache-dir' flag should be set when running 'pip/pip3 install'
Found: The '--no-cache-dir' flag isn't set when running 'pip/pip3 install'
Check warning on line 14 in Dockerfile
wiz-inc-a28a8b7b4c / Wiz IaC Scanner
Pip install keeping cached packages
Rule ID: 86805785-1b59-4f12-9718-3867bc187cc1
Severity: Medium
Resource: FROM={{python:slim}}.{{python -m pip install torch torchvision torchaudio setuptools==69.5.1 wheel}}
When installing packages with pip, the '--no-cache-dir' flag should be set to make Docker images smaller
Raw output
Expected: The '--no-cache-dir' flag should be set when running 'pip/pip3 install'
Found: The '--no-cache-dir' flag isn't set when running 'pip/pip3 install'
Check warning on line 14 in Dockerfile
wiz-inc-a28a8b7b4c / Wiz IaC Scanner
Unpinned Package Version in Pip Install
Rule ID: 441843a8-0981-4faf-a188-6deeaf3d0be4
Severity: Medium
Resource: FROM={{python:slim}}.{{RUN python -m pip install torch torchvision torchaudio setuptools==69.5.1 wheel}}
Package version pinning reduces the range of versions that can be installed, reducing the chances of failure due to unanticipated changes
Raw output
Expected: RUN instruction with 'pip/pip3 install <package>' should use package pinning form 'pip/pip3 install <package>=<version>'
Found: RUN instruction python -m pip install torch torchvision torchaudio setuptools==69.5.1 wheel does not use package pinning form
Check warning on line 4 in Dockerfile
wiz-inc-a28a8b7b4c / Wiz IaC Scanner
Apt Get Install Pin Version Not Defined
Rule ID: ea2428c4-65af-4ac2-b4fb-a7c9babde2dd
Severity: Medium
Resource: FROM={{python:slim}}.RUN={{apt-get update && apt-get upgrade -y && apt-get install -y git build-essential python3-setuptools}}
When installing a package, its pin version should be defined
Raw output
Expected: Package 'git' has version defined
Found: Package 'git' does not have version defined
Check warning on line 4 in Dockerfile
wiz-inc-a28a8b7b4c / Wiz IaC Scanner
Apt Get Install Pin Version Not Defined
Rule ID: ea2428c4-65af-4ac2-b4fb-a7c9babde2dd
Severity: Medium
Resource: FROM={{python:slim}}.RUN={{apt-get update && apt-get upgrade -y && apt-get install -y git build-essential python3-setuptools}}
When installing a package, its pin version should be defined
Raw output
Expected: Package 'python3-setuptools' has version defined
Found: Package 'python3-setuptools' does not have version defined
Check warning on line 4 in Dockerfile
wiz-inc-a28a8b7b4c / Wiz IaC Scanner
Apt Get Install Pin Version Not Defined
Rule ID: ea2428c4-65af-4ac2-b4fb-a7c9babde2dd
Severity: Medium
Resource: FROM={{python:slim}}.RUN={{apt-get update && apt-get upgrade -y && apt-get install -y git build-essential python3-setuptools}}
When installing a package, its pin version should be defined
Raw output
Expected: Package 'build-essential' has version defined
Found: Package 'build-essential' does not have version defined
Check notice on line 12 in Dockerfile
wiz-inc-a28a8b7b4c / Wiz IaC Scanner
Multiple RUN, ADD, COPY, Instructions Listed
Rule ID: c9b556f6-4b22-40b7-88bc-f25a8ed7b646
Severity: Low
Resource: FROM={{python:slim}}.{{RUN mkdir model}}
Multiple commands (RUN, Copy, And) should be grouped in order to reduce the number of layers.
Raw output
Expected: There isn´t any RUN instruction that could be grouped
Found: There are RUN instructions that could be grouped
Check notice on line 4 in Dockerfile
wiz-inc-a28a8b7b4c / Wiz IaC Scanner
APT-GET Not Avoiding Additional Packages
Rule ID: bdec9117-4d5d-4d8f-bebe-93174383d99e
Severity: None
Resource: FROM={{python:slim}}.{{RUN apt-get update && apt-get upgrade -y && apt-get install -y git build-essential python3-setuptools}}
Check if any apt-get installs don't use '--no-install-recommends' flag to avoid installing additional packages.
Raw output
Expected: 'RUN apt-get update && apt-get upgrade -y && apt-get install -y git build-essential python3-setuptools' uses '--no-install-recommends' flag to avoid installing additional packages
Found: 'RUN apt-get update && apt-get upgrade -y && apt-get install -y git build-essential python3-setuptools' does not use '--no-install-recommends' flag to avoid installing additional packages
Check notice on line 1 in Dockerfile
wiz-inc-a28a8b7b4c / Wiz IaC Scanner
Healthcheck Instruction Missing
Rule ID: 5f039761-874b-4dac-94cc-89067fb2315b
Severity: Low
Resource: FROM={{python:slim}}
Ensure that HEALTHCHECK is being used. The HEALTHCHECK instruction tells Docker how to test a container to check that it is still working
Raw output
Expected: Dockerfile should contain instruction 'HEALTHCHECK'
Found: Dockerfile doesn't contain instruction 'HEALTHCHECK'
Check notice on line 4 in Dockerfile
wiz-inc-a28a8b7b4c / Wiz IaC Scanner
Apt Get Install Lists Were Not Deleted
Rule ID: 366ed13d-f2bb-40b8-85c9-894ce13e43c7
Severity: None
Resource: FROM={{python:slim}}.RUN={{apt-get update && apt-get upgrade -y && apt-get install -y git build-essential python3-setuptools}}
After using apt-get install, it is needed to delete apt-get lists
Raw output
Expected: After using apt-get install, the apt-get lists should be deleted
Found: After using apt-get install, the apt-get lists were not deleted