Same alias in different FROM statements

Docs > Plateforme de sécurité Datadog > Code Security > Infrastructure as Code (IaC) Security > IaC Security Rules > Same alias in different FROM statements

Cette page n'est pas encore disponible en français, sa traduction est en cours.
Si vous avez des questions ou des retours sur notre projet de traduction actuel, n'hésitez pas à nous contacter.

Metadata

Id: f2daed12-c802-49cd-afed-fe41d0b82fed

Cloud Provider: Dockerfile

Platform: Dockerfile

Severity: Low

Category: Build Process

Learn More

Provider Reference

Description

FROM stage aliases must be unique because duplicate aliases make references such as COPY --from=<alias> ambiguous, which can cause incorrect artifacts or unintended files (including secrets) to be pulled into later stages and compromise image integrity.

Check every Dockerfile FROM command and ensure the token following AS (the stage alias) is distinct across all FROM commands. This rule flags cases where two or more FROM commands define the same alias. Resources without an AS alias are not affected. Ensure each multi-stage build uses a unique alias for each stage so stage references resolve unambiguously.

Secure example:

FROM golang:1.20 AS builder
WORKDIR /src
RUN go build -o /app/myapp

FROM alpine:3.18 AS runtime
COPY --from=builder /app/myapp /usr/local/bin/myapp

Compliant Code Examples

FROM debian:jesse1 as build
RUN stuff

FROM debian:jesse1 as another-alias
RUN more_stuff

Non-Compliant Code Examples

FROM baseImage
RUN Test

FROM debian:jesse2 as build
RUN stuff

FROM debian:jesse1 as build
RUN more_stuff