Open
Description
From what I can tell, Busybox defaults to ash these days, which doesn't have the same limitations as its sh used to have. That seems to have made some rules obsolete, that is they are false positives now.
Examples I encountered follow; there may be more.
DL4006
FROM alpine:3.21
SHELL ["/bin/sh", "-e", "-u", "-o", "pipefail", "-c"]
RUN echo $foo | echo "should not get here"fails to build as expected, but DL4006 triggers on line 3.
SC3037
FROM alpine:3.21
RUN echo -e "abc\ndef"prints two lines as expected, but SC3037 triggers on line 2.
Metadata
Metadata
Assignees
Labels
No labels