dnf clean all’ missing
| Property | |
|---|---|
| Language |  |
| Severity |  |
| Vulnerability Type | omission |
Description#
The Dockerfile installs packages with ‘dnf’ but does not run ‘dnf clean all’ afterward, leaving cached package data in the image. This unnecessary cache increases the image size and may persist sensitive or outdated package metadata.
Impact#
Leaving package caches in container images increases their size, which can lead to longer build and deployment times, higher storage costs, and a larger attack surface if sensitive package data is exposed. Attackers could exploit outdated or unnecessary files for reconnaissance or to identify vulnerabilities.
Resolution#
Add ‘dnf clean all’ to Dockerfile