Insecure specified in CMD
No violationsstackroxlowbuilddeployAlert on deployments using 'insecure' in the command
- Rationale
- Using insecure in a command implies accessing or providing data from a server on an unencrypted connection.
- Remediation
- Use a certificate manager and certificate rotation routinely to ensure secure service-to-service communication.
CategoriesSecurity Best Practices
Compliance mappingsView coverage →
- DORA EU 2022/2554
- Art. 9.2
- ISO/IEC 27001 2022
- A.8.25A.8.9
- NIST SP 800-53 rev. 5
- CM-2
- PCI DSS 4.0
- 2.2.1
Generated artifacts
1 of 5 targets supportedinsecure-specified-in-cmd.rego
# Insecure specified in CMD (trivy)
# severity: low
# source: stackrox/657f4d37-55ab-42f2-bdce-9a4b74a67328
package trivy.insecure_specified_in_cmd
deny[msg] {
# rule 1
some inst
inst := input.Misconfigurations[_].Message
contains(inst, {"CMD=.*insecure.*"}[_])
msg := "[low] Insecure specified in CMD: Alert on deployments using 'insecure' in the command"
}
IR (canonical)
{
"id": "657f4d37-55ab-42f2-bdce-9a4b74a67328",
"name": "Insecure specified in CMD",
"description": "Alert on deployments using 'insecure' in the command",
"rationale": "Using insecure in a command implies accessing or providing data from a server on an unencrypted connection.",
"remediation": "Use a certificate manager and certificate rotation routinely to ensure secure service-to-service communication.",
"severity": "low",
"categories": [
"Security Best Practices"
],
"lifecycle": [
"build",
"deploy"
],
"eventSource": "none",
"scope": [],
"exclusions": [],
"enforcement": {
"failBuild": false
},
"expression": {
"op": "criterion",
"field": "dockerfile-line",
"values": [
"CMD=.*insecure.*"
],
"valuesOp": "or",
"negate": false
},
"disabled": false
}Original StackRox JSON
{
"id": "657f4d37-55ab-42f2-bdce-9a4b74a67328",
"name": "Insecure specified in CMD",
"description": "Alert on deployments using 'insecure' in the command",
"rationale": "Using insecure in a command implies accessing or providing data from a server on an unencrypted connection.",
"remediation": "Use a certificate manager and certificate rotation routinely to ensure secure service-to-service communication.",
"disabled": false,
"categories": [
"Security Best Practices"
],
"lifecycleStages": [
"BUILD",
"DEPLOY"
],
"eventSource": "NOT_APPLICABLE",
"exclusions": [],
"scope": [],
"severity": "LOW_SEVERITY",
"enforcementActions": [],
"policySections": [
{
"sectionName": "",
"policyGroups": [
{
"fieldName": "Dockerfile Line",
"booleanOperator": "OR",
"negate": false,
"values": [
{
"value": "CMD=.*insecure.*"
}
]
}
]
}
],
"notifiers": [],
"lastUpdated": null,
"SORTName": "",
"SORTLifecycleStage": "",
"SORTEnforcement": false,
"policyVersion": "1.1",
"mitreAttackVectors": [],
"criteriaLocked": true,
"mitreVectorsLocked": true,
"isDefault": true,
"source": "IMPERATIVE"
}