Avoid fetching data from HTTP endpoint
ID: docker-best-practices/avoid-http
Language: Docker
Severity: Warning
Category: Security
CWE: 319
Description
Always use https
links instead of http
. Do not use clear-text protocols as they lack encryption and authentication.
Non-Compliant Code Examples
RUN cd /tmp && wget http://www.scalastyle.org/scalastyle_config.xml && mv scalastyle_config.xml /scalastyle_config.xml
RUN cd /tmp && curl -O http://www.scalastyle.org/scalastyle_config.xml && mv scalastyle_config.xml /scalastyle_config.xml
RUN foobar http://domain.tld
Compliant Code Examples
RUN cd /tmp && wget https://www.scalastyle.org/scalastyle_config.xml && mv scalastyle_config.xml /scalastyle_config.xml
RUN cd /tmp && curl -O https://www.scalastyle.org/scalastyle_config.xml && mv scalastyle_config.xml /scalastyle_config.xml
RUN cd /tmp && curl -O http://localhost:8080/path
Seamless integrations. Try Datadog Code Analysis