TF 0282 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki
zypper clean' missing
| Property | Value |
|---|---|
| Language |  |
| Severity |  |
| Vulnerability Type | omission |
Description
Dockerfiles that use 'zypper' to install packages without running 'zypper clean' leave behind unnecessary cache files, increasing the final image size. This results in larger, less efficient container images that retain unwanted package metadata.
Impact
Excessive image size can lead to longer build and deployment times, higher storage costs, and a larger attack surface, as leftover cache files may expose package lists or metadata that could aid attackers in identifying vulnerabilities.
Resolution
Add 'zypper clean' to Dockerfile