zypper clean’ missing
| Property | |
|---|---|
| Language |  |
| Severity |  |
| Vulnerability Type | omission |
Description#
Dockerfiles that use ‘zypper’ to install packages without running ‘zypper clean’ leave behind unnecessary cache files, increasing the final image size. This results in larger, less efficient container images that retain unwanted package metadata.
Impact#
Excessive image size can lead to longer build and deployment times, higher storage costs, and a larger attack surface, as leftover cache files may expose package lists or metadata that could aid attackers in identifying vulnerabilities.
Resolution#
Add ‘zypper clean’ to Dockerfile