[bump] Ragger dependency
Ledger Wiz (CSPM & secret detection) / Wiz IaC Scanner
completed
Apr 3, 2024 in 4s
Wiz IaC Scanner
Howdy, Warden of Whitespace Wilderness! ๐๏ธ
The threads of enchantment revealed enigmatic tapestries of knowledge within this realm. ๐งต๐
Revealing IaC misconfigurations with Wiz ๐ช
๐ฎ IaC Misconfigurations Detected: 2
โ Note from Wiz: "Your code casts a charm that even the most stubborn bugs can't resist! ๐ช๐"
Annotations
Check warning on line 23 in dev-tools/Dockerfile
ledger-wiz-cspm-secret-detection / Wiz IaC Scanner
Unpinned Package Version in Pip Install
Rule ID: c9d92d07-9951-4503-8875-7c96f04359ad
Severity: Medium
Resource: FROM={{ghcr.io/ledgerhq/ledger-app-builder/ledger-app-builder:latest}}.{{RUN pip3 install ragger[tests,all_backends]==1.16.2}}
Package version pinning reduces the range of versions that can be installed, reducing the chances of failure due to unanticipated changes
Raw output
Expected: RUN instruction with 'pip/pip3 install <package>' should use package pinning form 'pip/pip3 install <package>=<version>'
Found: RUN instruction pip3 install ragger[tests,all_backends]==1.16.2 does not use package pinning form
Check warning on line 23 in dev-tools/Dockerfile
ledger-wiz-cspm-secret-detection / Wiz IaC Scanner
Pip install keeping cached packages
Rule ID: 825ae084-a21d-4595-9378-0b5b9edbc4d1
Severity: Medium
Resource: FROM={{ghcr.io/ledgerhq/ledger-app-builder/ledger-app-builder:latest}}.{{pip3 install ragger[tests,all_backends]==1.16.2}}
When installing packages with pip, the '--no-cache-dir' flag should be set to make Docker images smaller
Raw output
Expected: The '--no-cache-dir' flag should be set when running 'pip/pip3 install'
Found: The '--no-cache-dir' flag isn't set when running 'pip/pip3 install'
Loading