---
title: apt-get missing flags to avoid manual input
description: Datadog, the leading service for cloud-scale monitoring.
breadcrumbs: >-
  Docs > Datadog Security > Code Security > Infrastructure as Code (IaC)
  Security > IaC Security Rules > apt-get missing flags to avoid manual input
---

# apt-get missing flags to avoid manual input

{% callout %}
# Important note for users on the following Datadog sites: app.ddog-gov.com, us2.ddog-gov.com

{% alert level="danger" %}
This product is not supported for your selected [Datadog site](https://docs.datadoghq.com/getting_started/site.md). ({% placeholder "user-datadog-site-name" /%}).
{% /alert %}

{% /callout %}

## Metadata{% #metadata %}

**Id:** `dockerfile-apt-get-missing-flags-to-avoid-manual-input` 

**Platform:** Dockerfile

**Severity:** Low

**Category:** Supply-Chain

#### Learn More{% #learn-more %}

- [Provider Reference](https://docs.docker.com/engine/reference/builder/#run)

### Description{% #description %}

`apt-get install` commands in Dockerfile `RUN` instructions must be non-interactive to avoid build hangs and inconsistent or improperly configured images. Interactive prompts can stall CI/CD pipelines or lead to images being produced with unintended defaults.

This rule inspects Dockerfile `RUN` instructions and requires that any command invoking `apt-get install` includes non-interactive flags such as `-y`, `--yes`, `--assume-yes`, `-qq`, `-q=2`, `-qy` or an equivalent use of quiet flags to suppress prompts. `RUN` lines missing these flags will be flagged.

For reliable automated builds, also consider setting `DEBIAN_FRONTEND=noninteractive` in the same `RUN` line and using `--no-install-recommends` to reduce prompts and avoid installing extra packages.

Secure example:

```Dockerfile
RUN apt-get update && DEBIAN_FRONTEND=noninteractive apt-get install -y --no-install-recommends ca-certificates curl
```

## Compliant Code Examples{% #compliant-code-examples %}

```dockerfile
FROM node:12
RUN apt-get -y install apt-utils
RUN apt-get -qy install git gcc
RUN ["apt-get", "-y", "install", "apt-utils"]
```

```dockerfile
FROM node:12
RUN sudo apt-get -y install apt-utils
RUN sudo apt-get -qy install git gcc
RUN ["sudo", "apt-get", "-y", "install", "apt-utils"]
```

```dockerfile
FROM node:12
RUN apt-get --yes install apt-utils
RUN ["sudo", "apt-get", "--yes" ,"install", "apt-utils"]
```

## Non-Compliant Code Examples{% #non-compliant-code-examples %}

```dockerfile
FROM node:12
RUN apt-get install python=2.7
RUN apt-get install apt-utils
RUN ["apt-get", "install", "apt-utils"]
```

```dockerfile
FROM node:12
RUN sudo apt-get install python=2.7
RUN sudo apt-get install apt-utils
RUN ["sudo", "apt-get", "install", "apt-utils"]
```

```dockerfile
FROM node:12
RUN DUMMY=test apt-get install python=2.7
```