Problem
The Checkov security scanning workflow has been consistently failing across recent pull requests (#22, #23, #24, #25, #26) with the same Docker-related security issues.
Checkov Failures
The following security checks are currently failing:
-
CKV_DOCKER_7: "Ensure the base image uses a non latest version tag"
- Issue:
FROM coredns/coredns uses implicit latest tag
- Fix: Use specific version like
FROM coredns/coredns:1.11.1
-
CKV_DOCKER_2: "Ensure that HEALTHCHECK instructions have been added to container images"
- Issue: No HEALTHCHECK instruction in Dockerfile
- Fix: Add appropriate health check for CoreDNS
-
CKV_DOCKER_3: "Ensure that a user for the container has been created"
- Issue: Container runs as root user
- Fix: Create and switch to non-root user
Impact
- All recent PRs show failing Checkov scans
- Security best practices not being followed
- CI pipeline shows red status
Proposed Solution
Update the Dockerfile to address all three security issues:
- Pin CoreDNS to specific version
- Add health check using
dig command
- Create and use non-root user for container execution
Files to Update
Dockerfile- Potentially update documentation if health check behavior changes
Priority
Medium - affects security posture and CI reliability but doesn't block functionality.
Problem
The Checkov security scanning workflow has been consistently failing across recent pull requests (#22, #23, #24, #25, #26) with the same Docker-related security issues.
Checkov Failures
The following security checks are currently failing:
CKV_DOCKER_7: "Ensure the base image uses a non latest version tag"
FROM coredns/corednsuses implicit latest tagFROM coredns/coredns:1.11.1CKV_DOCKER_2: "Ensure that HEALTHCHECK instructions have been added to container images"
CKV_DOCKER_3: "Ensure that a user for the container has been created"
Impact
Proposed Solution
Update the Dockerfile to address all three security issues:
digcommandFiles to Update
DockerfilePriority
Medium - affects security posture and CI reliability but doesn't block functionality.