yum clean all’ missing
| Property | |
|---|---|
| Language |  |
| Severity |  |
| Vulnerability Type | omission |
Description#
The Dockerfile omits the ‘yum clean all’ command after running ‘yum install’, resulting in cached package data being left in the image. This increases image size and retains unnecessary files that should be removed.
Impact#
Leaving package caches in the image can significantly inflate image size, leading to longer build and deployment times, increased storage costs, and a larger attack surface due to leftover files that could contain sensitive metadata or be exploited in later stages.
Resolution#
Add ‘yum clean all’ to Dockerfile