microdnf clean all’ missing
| Property | |
|---|---|
| Language |  |
| Severity |  |
| Vulnerability Type | omission |
Description#
Dockerfiles using ‘microdnf install’ do not include ‘microdnf clean all’ afterward, leaving cached package data in the image. This unnecessary cache increases image size and persists sensitive package metadata.
Impact#
Larger image sizes can lead to longer build, transfer, and deployment times, and may expose package metadata that could aid attackers in targeting known vulnerabilities or sensitive dependencies within the container.
Resolution#
Add ‘microdnf clean all’ to Dockerfile