Menu
I'm running a Checkmarx scan, which raised an error that the Security Opt flag isn't set in the 'docker-compose.yaml' file. I've searched but there seems to be very little on actually setting these options in a docker compose file.
Initially I added the security_opt flag with the 'apparmor=docker-default', which I got from https://docs.docker.com/engine/security/apparmor/. This got rid of that error but it then raised a new one that the 'no-new-privileges' wasn't set. I've tried various things, but the scanner keeps picking it up. What I've tried so far:
version: "3.6"
services:
myService:
image: <some image>
security_opt:
- apparmor=docker-default
- no-new-privileges=true
Also tried:
security_opt: [apparmor=docker-default, no-new-privileges=true] //Apparently security_opt is an array.
This way complains that security_opt is an array and doesn't compile
security_opt:
apparmor: docker-default
no-new-privileges: true
350
The warning disappears with:
security_opt:
- no-new-privileges:true
(Note the lack of spaces.)
This is the only combination I've found that Checkmarx recognises.
77
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
