Multiple RUN, ADD, COPY instructions listed

Docs > Datadog Security > Code Security > Infrastructure as Code (IaC) Security > IaC Security Rules > Multiple RUN, ADD, COPY instructions listed

Metadata

Id: dockerfile-multiple-run-add-copy-instructions-listed

Platform: Dockerfile

Severity: Low

Category: Best Practices

Learn More

Provider Reference

Description

Dockerfiles that use multiple consecutive RUN, COPY, or ADD instructions create extra image layers, which increases image size and can preserve intermediate artifacts (including secrets), raising the risk of sensitive data exposure and making images harder to scan.

This rule inspects Dockerfile instructions and flags adjacent RUN instructions or adjacent COPY/ADD instructions that target the same destination (the last argument) because these can be consolidated into single instructions to avoid extra layers. Group shell commands with && into one RUN, and combine multiple sources into a single COPY/ADD that lists all source paths with one destination.

Secure examples:

# Combine RUN commands
RUN apt-get update && apt-get install -y curl ca-certificates && rm -rf /var/lib/apt/lists/*

# Combine COPY sources to a single destination
COPY config/app.conf config/db.conf /app/config/

Compliant Code Examples

FROM ubuntu
RUN apt-get install wget && wget https://…/downloadedfile.tar && tar xvzf downloadedfile.tar && rm downloadedfile.tar && apt-get remove wget

FROM ubuntu
COPY README.md package.json gulpfile.js __BUILD_NUMBER ./

FROM ubuntu
ADD cairo.spec cairo-1.13.1.tar.xz cairo-multilib.patch  /rpmbuild/SOURCES

Non-Compliant Code Examples

FROM ubuntu
RUN apt-get install -y wget
RUN wget https://…/downloadedfile.tar
RUN tar xvzf downloadedfile.tar
RUN rm downloadedfile.tar
RUN apt-get remove wget

FROM ubuntu
COPY README.md ./
COPY package.json ./
COPY gulpfile.js ./
COPY __BUILD_NUMBER ./

FROM ubuntu
ADD cairo.spec /rpmbuild/SOURCES
ADD cairo-1.13.1.tar.xz /rpmbuild/SOURCES
ADD cairo-multilib.patch /rpmbuild/SOURCES