Same alias in different FROM statements

문서 > Datadog 보안 > Code Security > Infrastructure as Code (IaC) Security > IaC Security Rules > Same alias in different FROM statements

이 페이지는 아직 한국어로 제공되지 않습니다. 번역 작업 중입니다.
현재 번역 프로젝트에 대한 질문이나 피드백이 있으신 경우 언제든지 연락주시기 바랍니다.

Metadata

Id: f2daed12-c802-49cd-afed-fe41d0b82fed

Cloud Provider: Dockerfile

Platform: Dockerfile

Severity: Low

Category: Build Process

Learn More

Provider Reference

Description

FROM stage aliases must be unique because duplicate aliases make references such as COPY --from=<alias> ambiguous, which can cause incorrect artifacts or unintended files (including secrets) to be pulled into later stages and compromise image integrity.

Check every Dockerfile FROM command and ensure the token following AS (the stage alias) is distinct across all FROM commands. This rule flags cases where two or more FROM commands define the same alias. Resources without an AS alias are not affected. Ensure each multi-stage build uses a unique alias for each stage so stage references resolve unambiguously.

Secure example:

FROM golang:1.20 AS builder
WORKDIR /src
RUN go build -o /app/myapp

FROM alpine:3.18 AS runtime
COPY --from=builder /app/myapp /usr/local/bin/myapp

Compliant Code Examples

FROM debian:jesse1 as build
RUN stuff

FROM debian:jesse1 as another-alias
RUN more_stuff

Non-Compliant Code Examples

FROM baseImage
RUN Test

FROM debian:jesse2 as build
RUN stuff

FROM debian:jesse1 as build
RUN more_stuff