Rockford:
How do we perform static code analysis of a Dockerfile, in the course we just talk about kube manifest.
Rockford:
@Mumshad Mannambeth help would be appreciated.
Rockford:
And I am asking with respect to exam, in general we use different stuff.
Mohamed Ayman:
there are two ways to do static analysis of the Dockerfile.
using FromLatest
using Hadolint
Option#2 is mostly preferable since this can be used as an automated process inside CICD pipelines.
Jia:
if this comes in exam, are these packages pre-installed ?
Yes this kind of question comes in CKS exam end unfortunately none of the tools are installed. I think that analysis should be done manually based on best practices only and not using tools.
@Chaimae-Rakhim you are correct; you need to be able to do a manual inspection of a Dockerfile and recognize common security issues.