Skip to content

Fix Checkov Security Scan Failures in DockerfileΒ #27

New issue
New issue
Open
Bug
Open
Fix Checkov Security Scan Failures in Dockerfile#27
Bug
Assignees
chicks-net
Labels
bugSomething isn't working
@chicks-net

Description

@chicks-net
chicks-net
opened on Sep 10, 2025

Problem

The Checkov security scanning workflow has been consistently failing across recent pull requests (#22, #23, #24, #25, #26) with the same Docker-related security issues.

Checkov Failures

The following security checks are currently failing:

  1. CKV_DOCKER_7: "Ensure the base image uses a non latest version tag"

    • Issue: FROM coredns/coredns uses implicit latest tag
    • Fix: Use specific version like FROM coredns/coredns:1.11.1

  2. CKV_DOCKER_2: "Ensure that HEALTHCHECK instructions have been added to container images"

    • Issue: No HEALTHCHECK instruction in Dockerfile
    • Fix: Add appropriate health check for CoreDNS

  3. CKV_DOCKER_3: "Ensure that a user for the container has been created"

    • Issue: Container runs as root user
    • Fix: Create and switch to non-root user

Impact

  • All recent PRs show failing Checkov scans
  • Security best practices not being followed
  • CI pipeline shows red status

Proposed Solution

Update the Dockerfile to address all three security issues:

  • Pin CoreDNS to specific version
  • Add health check using dig command
  • Create and use non-root user for container execution

Files to Update

  • Dockerfile
  • Potentially update documentation if health check behavior changes

Priority

Medium - affects security posture and CI reliability but doesn't block functionality.

Metadata

Metadata

Assignees

Labels

bugSomething isn't working

Type

Bug

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions