Information
You should use the COPY instruction instead of the ADD instruction in the Dockerfile.
Rationale:
The COPY instruction simply copies files from the local host machine to the container file system. The ADD instruction could potentially retrieve files from remote URLs and perform operations such as unpacking them. The ADD instruction therefore introduces security risks. For example, malicious files may be directly accessed from URLs without scanning, or there may be vulnerabilities associated with decompressing them.
Impact:
Care needs to be taken in implementing this control if the application requires functionality that is part of the ADD instruction, for example, if you need to retrieve files from remote URLs.
NOTE: Nessus has not performed this check. Please review the benchmark to ensure target compliance.
Solution
You should use COPY rather than ADD instructions in Dockerfiles.
Default Value:
Not Applicable