Bump SDK versions and Ragger version #113
Merged
Ledger Wiz (CSPM & secret detection) / Wiz IaC Scanner
completed
Mar 27, 2024 in 2s
Wiz IaC Scanner
Ave, Master of Magic Constants! 🎩
Wiz's wand of discovery waved over this realm, revealing untold wonders. 🪄🌟
Revealing IaC misconfigurations with Wiz 🪄
🔮 IaC Misconfigurations Detected: 2
― Note from Wiz: "Keep channeling the magic! 🪄🖋️✨"
Annotations
Check warning on line 23 in dev-tools/Dockerfile
ledger-wiz-cspm-secret-detection / Wiz IaC Scanner
Unpinned Package Version in Pip Install
Rule ID: c9d92d07-9951-4503-8875-7c96f04359ad
Severity: Medium
Package version pinning reduces the range of versions that can be installed, reducing the chances of failure due to unanticipated changes
Raw output
Resource: FROM={{ghcr.io/ledgerhq/ledger-app-builder/ledger-app-builder:latest}}.{{RUN pip3 install ragger[tests,all_backends]==1.16.0}}
File Type: Dockerfile
Expected: RUN instruction with 'pip/pip3 install <package>' should use package pinning form 'pip/pip3 install <package>=<version>'
Found: RUN instruction pip3 install ragger[tests,all_backends]==1.16.0 does not use package pinning form
Check warning on line 23 in dev-tools/Dockerfile
ledger-wiz-cspm-secret-detection / Wiz IaC Scanner
Pip install keeping cached packages
Rule ID: 825ae084-a21d-4595-9378-0b5b9edbc4d1
Severity: Medium
When installing packages with pip, the '--no-cache-dir' flag should be set to make Docker images smaller
Raw output
Resource: FROM={{ghcr.io/ledgerhq/ledger-app-builder/ledger-app-builder:latest}}.{{pip3 install ragger[tests,all_backends]==1.16.0}}
File Type: Dockerfile
Expected: The '--no-cache-dir' flag should be set when running 'pip/pip3 install'
Found: The '--no-cache-dir' flag isn't set when running 'pip/pip3 install'
Loading