github.com/khulnasoft-lab/defsec@v1.0.5-0.20230827010352-5e9f46893d95/rules/docker/policies/multiple_entrypoint_instructions_listed.rego (about) 1 # METADATA 2 # title: "Multiple ENTRYPOINT instructions listed" 3 # description: "There can only be one ENTRYPOINT instruction in a Dockerfile. Only the last ENTRYPOINT instruction in the Dockerfile will have an effect." 4 # scope: package 5 # schemas: 6 # - input: schema["dockerfile"] 7 # related_resources: 8 # - https://docs.docker.com/engine/reference/builder/#entrypoint 9 # custom: 10 # id: DS007 11 # avd_id: AVD-DS-0007 12 # severity: CRITICAL 13 # short_code: only-one-entrypoint 14 # recommended_action: "Remove unnecessary ENTRYPOINT instruction." 15 # input: 16 # selector: 17 # - type: dockerfile 18 package builtin.dockerfile.DS007 19 20 import data.lib.docker 21 22 deny[res] { 23 entrypoints := docker.stage_entrypoints[stage] 24 count(entrypoints) > 1 25 msg := sprintf("There are %d duplicate ENTRYPOINT instructions", [count(entrypoints)]) 26 res := result.new(msg, entrypoints[1]) 27 }