Adding IAC check for secrets inserted into docker layer #7570
Closed
tzurielweisberg
started this conversation in
Ideas
Replies: 3 comments
-
|
@nikpivkin could you take a look at this? |
Beta Was this translation helpful? Give feedback.
0 replies
-
|
@tzurielweisberg Check should use heuristic algorithms to detect possible uses of credentials? We may encounter false positives, especially for keywords like “PSW”. |
Beta Was this translation helpful? Give feedback.
0 replies
-
|
Track #7639 |
Beta Was this translation helpful? Give feedback.
0 replies
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
Description
Wbserved recently that when the secrets are passed to docker build with --build-args, it saved into the image layers unexposed and that leads to a secret leak if someone inspects the image layers or reviews the scan layers from Aqua UI for the scanned image.
We need a IAC rule for Dockefile to search for Secrets/Password usage.
It of course will be matched in secret scanning later, but we want to know about it before
Target
Filesystem
Scanner
Misconfiguration
Beta Was this translation helpful? Give feedback.
All reactions