apk add’ is missing ‘–no-cache
| Property | |
|---|---|
| Language |  |
| Severity |  |
| Vulnerability Type | omission |
Description#
The ‘apk add’ command in the Dockerfile is used without the ‘–no-cache’ flag, causing package cache data to remain in the final image and unnecessarily increasing its size.
Impact#
Retaining package cache can expose sensitive metadata and inflate container images, leading to increased attack surface, slower deployments, and higher storage and bandwidth costs. Attackers may leverage leftover files to gain insights into package versions or exploit unneeded cache files.
Resolution#
Add ‘–no-cache’ to ‘apk add’ in Dockerfile