---
title: yum install allows manual input
description: Datadog, the leading service for cloud-scale monitoring.
breadcrumbs: >-
  Docs > Datadog Security > Code Security > Infrastructure as Code (IaC)
  Security > IaC Security Rules > yum install allows manual input
---

# yum install allows manual input

{% callout %}
# Important note for users on the following Datadog sites: app.ddog-gov.com

{% alert level="danger" %}
This product is not supported for your selected [Datadog site](https://docs.datadoghq.com/getting_started/site.md). ().
{% /alert %}

{% /callout %}

## Metadata{% #metadata %}

**Id:** `6e19193a-8753-436d-8a09-76dcff91bb03`

**Cloud Provider:** Dockerfile

**Platform:** Dockerfile

**Severity:** Low

**Category:** Supply-Chain

#### Learn More{% #learn-more %}

- [Provider Reference](https://docs.docker.com/engine/reference/builder/#run)

### Description{% #description %}

`RUN` instructions that invoke `yum install` without a non-interactive flag can prompt for user input during image builds, causing automated CI/CD pipelines to hang or produce inconsistent images when builds are completed manually.

Check Dockerfile `RUN` commands for invocations of `yum install` (including `groupinstall` or `localinstall`). The command must include a non-interactive flag such as `-y`, `yes`, or `--assumeyes`. This rule flags `RUN` entries where a `yum` install is detected but none of those flags are present. It applies to both single-string `RUN` commands and list-form `RUN` arguments.

Secure example:

```dockerfile
RUN yum -y install curl
```

## Compliant Code Examples{% #compliant-code-examples %}

```dockerfile
FROM alpine:3.5
RUN apk add --update py2-pip
RUN sudo yum install -y bundler
COPY requirements.txt /usr/src/app/
RUN pip install --no-cache-dir -r /usr/src/app/requirements.txt
COPY app.py /usr/src/app/
COPY templates/index.html /usr/src/app/templates/
EXPOSE 5000
CMD ["python", "/usr/src/app/app.py"] 
```

## Non-Compliant Code Examples{% #non-compliant-code-examples %}

```dockerfile
FROM alpine:3.5
RUN apk add --update py2-pip
RUN sudo yum install bundler
RUN ["sudo yum", "install", "bundler"]
COPY requirements.txt /usr/src/app/
RUN pip install --no-cache-dir -r /usr/src/app/requirements.txt
COPY app.py /usr/src/app/
COPY templates/index.html /usr/src/app/templates/
EXPOSE 5000
CMD ["python", "/usr/src/app/app.py"]
```