TF 0458 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki
apk add' is missing '--no-cache
| Property | Value |
|---|---|
| Language |  |
| Severity |  |
| Vulnerability Type | omission |
Description
The 'apk add' command in the Dockerfile is used without the '--no-cache' flag, causing package cache data to remain in the final image and unnecessarily increasing its size.
Impact
Retaining package cache can expose sensitive metadata and inflate container images, leading to increased attack surface, slower deployments, and higher storage and bandwidth costs. Attackers may leverage leftover files to gain insights into package versions or exploit unneeded cache files.
Resolution
Add '--no-cache' to 'apk add' in Dockerfile