Back to catalog

Wget in Image

No violationsstackroxlowbuilddeploy

Alert on deployments with wget present

Rationale
Leaving download tools like wget in an image makes it easier for attackers to use compromised containers, since they can easily download software.
Remediation
Use your package manager's "remove" command to remove wget from the image build for production containers.
CategoriesSecurity Best Practices
Compliance mappingsView coverage →
DORA EU 2022/2554
Art. 9.2
ISO/IEC 27001 2022
A.8.9
NIST SP 800-53 rev. 5
CM-2
PCI DSS 4.0
2.2.16.3.2

Generated artifacts

1 of 5 targets supported
wget-in-image.rego
# Wget in Image (trivy)
# severity: low
# source: stackrox/842feb9f-ecb1-4e3c-a4bf-8a1dcb63948a
package trivy.wget_in_image

deny[msg] {
  # rule 1
  some p
  p := input.Packages[_]
  p.Name == {"wget"}[_]
  msg := "[low] Wget in Image: Alert on deployments with wget present"
}
IR (canonical)
{
  "id": "842feb9f-ecb1-4e3c-a4bf-8a1dcb63948a",
  "name": "Wget in Image",
  "description": "Alert on deployments with wget present",
  "rationale": "Leaving download tools like wget in an image makes it easier for attackers to use compromised containers, since they can easily download software.",
  "remediation": "Use your package manager's \"remove\" command to remove wget from the image build for production containers.",
  "severity": "low",
  "categories": [
    "Security Best Practices"
  ],
  "lifecycle": [
    "build",
    "deploy"
  ],
  "eventSource": "none",
  "scope": [],
  "exclusions": [],
  "enforcement": {
    "failBuild": false
  },
  "expression": {
    "op": "criterion",
    "field": "image-component",
    "values": [
      "wget="
    ],
    "valuesOp": "or",
    "negate": false
  },
  "disabled": true
}
Original StackRox JSON
{
  "id": "842feb9f-ecb1-4e3c-a4bf-8a1dcb63948a",
  "name": "Wget in Image",
  "description": "Alert on deployments with wget present",
  "rationale": "Leaving download tools like wget in an image makes it easier for attackers to use compromised containers, since they can easily download software.",
  "remediation": "Use your package manager's \"remove\" command to remove wget from the image build for production containers.",
  "disabled": true,
  "categories": [
    "Security Best Practices"
  ],
  "lifecycleStages": [
    "BUILD",
    "DEPLOY"
  ],
  "eventSource": "NOT_APPLICABLE",
  "exclusions": [],
  "scope": [],
  "severity": "LOW_SEVERITY",
  "enforcementActions": [],
  "policySections": [
    {
      "sectionName": "",
      "policyGroups": [
        {
          "fieldName": "Image Component",
          "booleanOperator": "OR",
          "negate": false,
          "values": [
            {
              "value": "wget="
            }
          ]
        }
      ]
    }
  ],
  "notifiers": [],
  "lastUpdated": null,
  "SORTName": "",
  "SORTLifecycleStage": "",
  "SORTEnforcement": false,
  "policyVersion": "1.1",
  "mitreAttackVectors": [],
  "criteriaLocked": true,
  "mitreVectorsLocked": true,
  "isDefault": true,
  "source": "IMPERATIVE"
}