Details
Use COPY instruction instead of ADD instruction in the Dockerfile.
Rationale:
COPY instruction just copies the files from the local host machine to the container file system. ADD instruction potentially could retrieve files from remote URLs and perform operations such as unpacking. Thus, ADD instruction introduces risks such as adding malicious files from URLs without scanning and unpacking procedure vulnerabilities.
Solution
Use COPY instructions in Dockerfiles.
Impact:
You would need to take care of the functionalities provided by ADD instructions such as fetching files from remote URLs.
Default Value:
Not Applicable
Supportive Information
The following resource is also helpful.
This security hardening control applies to the following category of controls within NIST 800-53: Configuration Management.This control applies to the following type of system Unix.