"DKL-DI-0005: Clear apt-get caches" occurs in non-apt distros

Question

"DKL-DI-0005: Clear apt-get caches" occurs in non-apt distros

KEINOS opened this issue 3 years ago · 2 comments

KEINOS commented 3 years ago

Description

Dockle 0.4.0 detects the wrong package manager in the Alpine-base image.

What did you expect to happen?

Check if /var/cache/apk/* is empty instead of /var/lib/apt/lists/*

What happened instead?

It encourages to clear apt-get cache dir /var/lib/apt/lists (DKL-DI-0005).
But this directory doesn't exist since Alpine uses apk as a package manager and not apt, which is the package manager for Debian-ish distros.

Output of run with -debug:

output log

$ docker pull golang:1.17.1-alpine
alpine: Pulling from library/golang
Digest: sha256:13919fb9091f6667cb375d5fdf016ecd6d3a5d5995603000d422b04583de4ef9
Status: Downloaded newer image for golang:alpine
docker.io/library/golang:alpine

$ dockle -v
dockle version 0.4.0

$ dockle --debug golang:1.17.1-alpine
2021-09-11T19:22:50.284+0900	DEBUG	Add new ignore code: DKL-DI-0006
2021-09-11T19:22:50.284+0900	DEBUG	Add new ignore code: CIS-DI-0005
2021-09-11T19:22:50.284+0900	DEBUG	Fetch latest version from github
2021-09-11T19:22:50.732+0900	DEBUG	Start assessments...
2021-09-11T19:23:01.288+0900	DEBUG	Start scan : password files
2021-09-11T19:23:01.288+0900	DEBUG	Start scan : /etc/passwd
2021-09-11T19:23:01.288+0900	DEBUG	Start scan : /etc/group
2021-09-11T19:23:01.288+0900	DEBUG	Start scan : /etc/hosts
2021-09-11T19:23:01.289+0900	DEBUG	Start scan : credential files
2021-09-11T19:23:01.289+0900	DEBUG	Scan start : config file
2021-09-11T19:23:01.291+0900	DEBUG	Scan start : DOCKER_CONTENT_TRUST
2021-09-11T19:23:01.291+0900	DEBUG	Start scan : cache files
2021-09-11T19:23:01.291+0900	DEBUG	End assessments...
FATAL	- CIS-DI-0010: Do not store credential in ENVIRONMENT vars/files
	* Suspicious file extension found : etc/ssl/certs/ca-cert-Izenpe.com.pem (You can suppress it with "-ae pem")
	* Suspicious file extension found : etc/ssl/certs/ca-cert-certSIGN_ROOT_CA.pem (You can suppress it with "-ae pem")
	* Suspicious file extension found : etc/ssl/certs/ca-cert-Comodo_AAA_Services_root.pem (You can suppress it with "-ae pem")
	* Suspicious file extension found : etc/ssl/certs/ca-cert-thawte_Primary_Root_CA.pem (You can suppress it with "-ae pem")
	* Suspicious file extension found : etc/ssl/certs/ca-cert-Cybertrust_Global_Root.pem (You can suppress it with "-ae pem")
	* Suspicious file extension found : etc/ssl/certs/ca-cert-COMODO_RSA_Certification_Authority.pem (You can suppress it with "-ae pem")
	* Suspicious file extension found : etc/ssl/certs/ca-cert-OISTE_WISeKey_Global_Root_GC_CA.pem (You can suppress it with "-ae pem")
	* Suspicious file extension found : etc/ssl/certs/ca-cert-QuoVadis_Root_CA_3.pem (You can suppress it with "-ae pem")
	* Suspicious file extension found : etc/ssl/certs/ca-cert-IdenTrust_Public_Sector_Root_CA_1.pem (You can suppress it with "-ae pem")
	* Suspicious file extension found : etc/ssl/certs/ca-cert-USERTrust_RSA_Certification_Authority.pem (You can suppress it with "-ae pem")
	* Suspicious file extension found : etc/ssl/certs/ca-cert-DST_Root_CA_X3.pem (You can suppress it with "-ae pem")
	* Suspicious file extension found : etc/ssl/certs/ca-cert-GeoTrust_Global_CA.pem (You can suppress it with "-ae pem")
	* Suspicious file extension found : etc/ssl/certs/ca-cert-Amazon_Root_CA_4.pem (You can suppress it with "-ae pem")
	* Suspicious file extension found : etc/ssl/certs/ca-cert-SwissSign_Gold_CA_-_G2.pem (You can suppress it with "-ae pem")
	* Suspicious file extension found : etc/ssl/certs/ca-cert-GeoTrust_Primary_Certification_Authority.pem (You can suppress it with "-ae pem")
	* Suspicious file extension found : etc/ssl/certs/ca-cert-DigiCert_Assured_ID_Root_CA.pem (You can suppress it with "-ae pem")
	* Suspicious file extension found : etc/ssl/certs/ca-cert-GeoTrust_Universal_CA.pem (You can suppress it with "-ae pem")
	* Suspicious file extension found : etc/ssl/certs/ca-cert-E-Tugra_Certification_Authority.pem (You can suppress it with "-ae pem")
	* Suspicious file extension found : usr/local/go/src/crypto/tls/testdata/example-cert.pem (You can suppress it with "-ae pem")
	* Suspicious file extension found : etc/ssl/certs/ca-cert-TrustCor_RootCert_CA-2.pem (You can suppress it with "-ae pem")
	* Suspicious file extension found : etc/ssl/certs/ca-cert-DigiCert_High_Assurance_EV_Root_CA.pem (You can suppress it with "-ae pem")
	* Suspicious file extension found : etc/ssl/certs/ca-cert-emSign_ECC_Root_CA_-_G3.pem (You can suppress it with "-ae pem")
	* Suspicious file extension found : etc/ssl/certs/ca-cert-Security_Communication_RootCA2.pem (You can suppress it with "-ae pem")
	* Suspicious file extension found : etc/ssl/certs/ca-cert-EC-ACC.pem (You can suppress it with "-ae pem")
	* Suspicious file extension found : etc/ssl/certs/ca-cert-NetLock_Arany_=Class_Gold=_Főtanúsítvány.pem (You can suppress it with "-ae pem")
	* Suspicious file extension found : etc/ssl/certs/ca-cert-TUBITAK_Kamu_SM_SSL_Kok_Sertifikasi_-_Surum_1.pem (You can suppress it with "-ae pem")
	* Suspicious file extension found : etc/ssl/certs/ca-cert-Go_Daddy_Root_Certificate_Authority_-_G2.pem (You can suppress it with "-ae pem")
	* Suspicious file extension found : etc/ssl/cert.pem (You can suppress it with "-ae pem")
	* Suspicious file extension found : etc/ssl/certs/ca-cert-AC_RAIZ_FNMT-RCM.pem (You can suppress it with "-ae pem")
	* Suspicious file extension found : etc/ssl/certs/ca-cert-QuoVadis_Root_CA_1_G3.pem (You can suppress it with "-ae pem")
	* Suspicious file extension found : etc/ssl/certs/ca-cert-GeoTrust_Primary_Certification_Authority_-_G3.pem (You can suppress it with "-ae pem")
	* Suspicious file extension found : etc/ssl/certs/ca-cert-Amazon_Root_CA_2.pem (You can suppress it with "-ae pem")
	* Suspicious file extension found : etc/ssl/certs/ca-cert-SSL.com_Root_Certification_Authority_RSA.pem (You can suppress it with "-ae pem")
	* Suspicious file extension found : etc/ssl/certs/ca-cert-ISRG_Root_X1.pem (You can suppress it with "-ae pem")
	* Suspicious file extension found : etc/ssl/certs/ca-cert-Buypass_Class_3_Root_CA.pem (You can suppress it with "-ae pem")
	* Suspicious file extension found : etc/ssl/certs/ca-cert-Global_Chambersign_Root_-_2008.pem (You can suppress it with "-ae pem")
	* Suspicious file extension found : etc/ssl/certs/ca-cert-TrustCor_RootCert_CA-1.pem (You can suppress it with "-ae pem")
	* Suspicious file extension found : etc/ssl/certs/ca-cert-Network_Solutions_Certificate_Authority.pem (You can suppress it with "-ae pem")
	* Suspicious file extension found : etc/ssl/certs/ca-cert-Chambers_of_Commerce_Root_-_2008.pem (You can suppress it with "-ae pem")
	* Suspicious file extension found : etc/ssl/certs/ca-cert-Hongkong_Post_Root_CA_1.pem (You can suppress it with "-ae pem")
	* Suspicious file extension found : etc/ssl/certs/ca-cert-Security_Communication_Root_CA.pem (You can suppress it with "-ae pem")
	* Suspicious file extension found : etc/ssl/certs/ca-cert-GTS_Root_R4.pem (You can suppress it with "-ae pem")
	* Suspicious file extension found : etc/ssl/certs/ca-cert-GeoTrust_Universal_CA_2.pem (You can suppress it with "-ae pem")
	* Suspicious file extension found : etc/ssl/certs/ca-cert-Staat_der_Nederlanden_Root_CA_-_G2.pem (You can suppress it with "-ae pem")
	* Suspicious file extension found : etc/ssl/certs/ca-cert-GeoTrust_Primary_Certification_Authority_-_G2.pem (You can suppress it with "-ae pem")
	* Suspicious file extension found : etc/ssl/certs/ca-cert-Baltimore_CyberTrust_Root.pem (You can suppress it with "-ae pem")
	* Suspicious file extension found : etc/ssl/certs/ca-cert-CFCA_EV_ROOT.pem (You can suppress it with "-ae pem")
	* Suspicious file extension found : etc/ssl/certs/ca-cert-thawte_Primary_Root_CA_-_G3.pem (You can suppress it with "-ae pem")
	* Suspicious file extension found : etc/ssl/certs/ca-cert-UCA_Extended_Validation_Root.pem (You can suppress it with "-ae pem")
	* Suspicious file extension found : etc/ssl/certs/ca-cert-Secure_Global_CA.pem (You can suppress it with "-ae pem")
	* Suspicious file extension found : etc/ssl/certs/ca-cert-GTS_Root_R3.pem (You can suppress it with "-ae pem")
	* Suspicious file extension found : etc/ssl/certs/ca-cert-Hongkong_Post_Root_CA_3.pem (You can suppress it with "-ae pem")
	* Suspicious file extension found : etc/ssl/certs/ca-cert-TWCA_Root_Certification_Authority.pem (You can suppress it with "-ae pem")
	* Suspicious file extension found : etc/ssl/certs/ca-cert-Hellenic_Academic_and_Research_Institutions_RootCA_2015.pem (You can suppress it with "-ae pem")
	* Suspicious file extension found : etc/ssl/certs/ca-cert-COMODO_Certification_Authority.pem (You can suppress it with "-ae pem")
	* Suspicious file extension found : etc/ssl/certs/ca-cert-DigiCert_Assured_ID_Root_G2.pem (You can suppress it with "-ae pem")
	* Suspicious file extension found : etc/ssl/certs/ca-cert-LuxTrust_Global_Root_2.pem (You can suppress it with "-ae pem")
	* Suspicious file extension found : etc/ssl/certs/ca-cert-Certigna.pem (You can suppress it with "-ae pem")
	* Suspicious file extension found : etc/ssl/certs/ca-cert-DigiCert_Trusted_Root_G4.pem (You can suppress it with "-ae pem")
	* Suspicious file extension found : etc/ssl/certs/ca-cert-Taiwan_GRCA.pem (You can suppress it with "-ae pem")
	* Suspicious file extension found : etc/ssl/certs/ca-cert-Sonera_Class_2_Root_CA.pem (You can suppress it with "-ae pem")
	* Suspicious file extension found : etc/ssl/certs/ca-cert-TWCA_Global_Root_CA.pem (You can suppress it with "-ae pem")
	* Suspicious file extension found : etc/ssl/certs/ca-cert-Starfield_Root_Certificate_Authority_-_G2.pem (You can suppress it with "-ae pem")
	* Suspicious file extension found : etc/ssl/certs/ca-cert-emSign_Root_CA_-_C1.pem (You can suppress it with "-ae pem")
	* Suspicious file extension found : etc/ssl/certs/ca-cert-Entrust_Root_Certification_Authority_-_EC1.pem (You can suppress it with "-ae pem")
	* Suspicious file extension found : etc/ssl/certs/ca-cert-Certum_Trusted_Network_CA.pem (You can suppress it with "-ae pem")
	* Suspicious file extension found : etc/ssl/certs/ca-cert-emSign_ECC_Root_CA_-_C3.pem (You can suppress it with "-ae pem")
	* Suspicious file extension found : etc/ssl/certs/ca-cert-Staat_der_Nederlanden_Root_CA_-_G3.pem (You can suppress it with "-ae pem")
	* Suspicious file extension found : etc/ssl/certs/ca-cert-OISTE_WISeKey_Global_Root_GB_CA.pem (You can suppress it with "-ae pem")
	* Suspicious file extension found : etc/ssl/certs/ca-cert-IdenTrust_Commercial_Root_CA_1.pem (You can suppress it with "-ae pem")
	* Suspicious file extension found : etc/ssl/certs/ca-cert-GlobalSign_Root_CA.pem (You can suppress it with "-ae pem")
	* Suspicious file extension found : usr/local/go/src/crypto/tls/testdata/example-key.pem (You can suppress it with "-ae pem")
	* Suspicious file extension found : etc/ssl/certs/ca-cert-Starfield_Class_2_CA.pem (You can suppress it with "-ae pem")
	* Suspicious file extension found : etc/ssl/certs/ca-cert-Hellenic_Academic_and_Research_Institutions_RootCA_2011.pem (You can suppress it with "-ae pem")
	* Suspicious file extension found : etc/ssl/certs/ca-cert-Certigna_Root_CA.pem (You can suppress it with "-ae pem")
	* Suspicious file extension found : etc/ssl/certs/ca-cert-USERTrust_ECC_Certification_Authority.pem (You can suppress it with "-ae pem")
	* Suspicious file extension found : etc/ssl/certs/ca-cert-T-TeleSec_GlobalRoot_Class_3.pem (You can suppress it with "-ae pem")
	* Suspicious file extension found : etc/ssl/certs/ca-cert-COMODO_ECC_Certification_Authority.pem (You can suppress it with "-ae pem")
	* Suspicious file extension found : etc/ssl/certs/ca-cert-QuoVadis_Root_CA_2_G3.pem (You can suppress it with "-ae pem")
	* Suspicious file extension found : etc/ssl/certs/ca-cert-GlobalSign_Root_CA_-_R6.pem (You can suppress it with "-ae pem")
	* Suspicious file extension found : etc/ssl/certs/ca-cert-XRamp_Global_CA_Root.pem (You can suppress it with "-ae pem")
	* Suspicious file extension found : etc/ssl/certs/ca-cert-AffirmTrust_Networking.pem (You can suppress it with "-ae pem")
	* Suspicious file extension found : etc/ssl/certs/ca-cert-Entrust_Root_Certification_Authority.pem (You can suppress it with "-ae pem")
	* Suspicious file extension found : etc/ssl/certs/ca-cert-QuoVadis_Root_CA_3_G3.pem (You can suppress it with "-ae pem")
	* Suspicious file extension found : etc/ssl/certs/ca-cert-SSL.com_Root_Certification_Authority_ECC.pem (You can suppress it with "-ae pem")
	* Suspicious file extension found : etc/ssl/certs/ca-cert-GTS_Root_R1.pem (You can suppress it with "-ae pem")
	* Suspicious file extension found : etc/ssl/certs/ca-cert-DigiCert_Global_Root_CA.pem (You can suppress it with "-ae pem")
	* Suspicious file extension found : etc/ssl/certs/ca-cert-TrustCor_ECA-1.pem (You can suppress it with "-ae pem")
	* Suspicious file extension found : etc/ssl/certs/ca-cert-GTS_Root_R2.pem (You can suppress it with "-ae pem")
	* Suspicious file extension found : etc/ssl/certs/ca-cert-T-TeleSec_GlobalRoot_Class_2.pem (You can suppress it with "-ae pem")
	* Suspicious file extension found : etc/ssl/certs/ca-cert-AffirmTrust_Premium_ECC.pem (You can suppress it with "-ae pem")
	* Suspicious file extension found : etc/ssl/certs/ca-cert-AffirmTrust_Commercial.pem (You can suppress it with "-ae pem")
	* Suspicious file extension found : etc/ssl/certs/ca-cert-SwissSign_Silver_CA_-_G2.pem (You can suppress it with "-ae pem")
	* Suspicious file extension found : etc/ssl/certs/ca-cert-ACCVRAIZ1.pem (You can suppress it with "-ae pem")
	* Suspicious file extension found : etc/ssl/certs/ca-cert-Trustis_FPS_Root_CA.pem (You can suppress it with "-ae pem")
	* Suspicious file extension found : etc/ssl/certs/ca-cert-SecureTrust_CA.pem (You can suppress it with "-ae pem")
	* Suspicious file extension found : etc/ssl/certs/ca-cert-GlobalSign_ECC_Root_CA_-_R5.pem (You can suppress it with "-ae pem")
	* Suspicious file extension found : etc/ssl/certs/ca-cert-Verisign_Class_3_Public_Primary_Certification_Authority_-_G3.pem (You can suppress it with "-ae pem")
	* Suspicious file extension found : etc/ssl/certs/ca-cert-GlobalSign_Root_CA_-_R2.pem (You can suppress it with "-ae pem")
	* Suspicious file extension found : etc/ssl/certs/ca-cert-DigiCert_Global_Root_G3.pem (You can suppress it with "-ae pem")
	* Suspicious file extension found : etc/ssl/certs/ca-cert-VeriSign_Class_3_Public_Primary_Certification_Authority_-_G4.pem (You can suppress it with "-ae pem")
	* Suspicious file extension found : etc/ssl/certs/ca-cert-VeriSign_Universal_Root_Certification_Authority.pem (You can suppress it with "-ae pem")
	* Suspicious file extension found : etc/ssl/certs/ca-cert-QuoVadis_Root_CA_2.pem (You can suppress it with "-ae pem")
	* Suspicious file extension found : etc/ssl/certs/ca-cert-Amazon_Root_CA_3.pem (You can suppress it with "-ae pem")
	* Suspicious file extension found : etc/ssl/certs/ca-cert-Microsec_e-Szigno_Root_CA_2009.pem (You can suppress it with "-ae pem")
	* Suspicious file extension found : etc/ssl/certs/ca-cert-Entrust.net_Premium_2048_Secure_Server_CA.pem (You can suppress it with "-ae pem")
	* Suspicious file extension found : etc/ssl/certs/ca-cert-Starfield_Services_Root_Certificate_Authority_-_G2.pem (You can suppress it with "-ae pem")
	* Suspicious file extension found : etc/ssl/certs/ca-cert-D-TRUST_Root_Class_3_CA_2_EV_2009.pem (You can suppress it with "-ae pem")
	* Suspicious file extension found : etc/ssl/certs/ca-cert-Entrust_Root_Certification_Authority_-_G4.pem (You can suppress it with "-ae pem")
	* Suspicious file extension found : etc/ssl/certs/ca-cert-Entrust_Root_Certification_Authority_-_G2.pem (You can suppress it with "-ae pem")
	* Suspicious file extension found : etc/ssl/certs/ca-cert-UCA_Global_G2_Root.pem (You can suppress it with "-ae pem")
	* Suspicious file extension found : etc/ssl/certs/ca-cert-emSign_Root_CA_-_G1.pem (You can suppress it with "-ae pem")
	* Suspicious file extension found : etc/ssl/certs/ca-cert-SZAFIR_ROOT_CA2.pem (You can suppress it with "-ae pem")
	* Suspicious file extension found : etc/ssl/certs/ca-cert-Go_Daddy_Class_2_CA.pem (You can suppress it with "-ae pem")
	* Suspicious file extension found : etc/ssl/certs/ca-cert-AffirmTrust_Premium.pem (You can suppress it with "-ae pem")
	* Suspicious file extension found : etc/ssl/certs/ca-cert-D-TRUST_Root_Class_3_CA_2_2009.pem (You can suppress it with "-ae pem")
	* Suspicious file extension found : etc/ssl/certs/ca-cert-GlobalSign_Root_CA_-_R3.pem (You can suppress it with "-ae pem")
	* Suspicious file extension found : etc/ssl/certs/ca-cert-CA_Disig_Root_R2.pem (You can suppress it with "-ae pem")
	* Suspicious file extension found : etc/ssl/certs/ca-cert-SSL.com_EV_Root_Certification_Authority_ECC.pem (You can suppress it with "-ae pem")
	* Suspicious file extension found : etc/ssl/certs/ca-cert-Atos_TrustedRoot_2011.pem (You can suppress it with "-ae pem")
	* Suspicious file extension found : etc/ssl/certs/ca-cert-thawte_Primary_Root_CA_-_G2.pem (You can suppress it with "-ae pem")
	* Suspicious file extension found : etc/ssl/certs/ca-cert-GlobalSign_ECC_Root_CA_-_R4.pem (You can suppress it with "-ae pem")
	* Suspicious file extension found : etc/ssl/certs/ca-cert-VeriSign_Class_3_Public_Primary_Certification_Authority_-_G5.pem (You can suppress it with "-ae pem")
	* Suspicious file extension found : etc/ssl/certs/ca-cert-EE_Certification_Centre_Root_CA.pem (You can suppress it with "-ae pem")
	* Suspicious file extension found : etc/ssl/certs/ca-cert-Hellenic_Academic_and_Research_Institutions_ECC_RootCA_2015.pem (You can suppress it with "-ae pem")
	* Suspicious file extension found : etc/ssl/certs/ca-cert-Staat_der_Nederlanden_EV_Root_CA.pem (You can suppress it with "-ae pem")
	* Suspicious file extension found : etc/ssl/certs/ca-cert-Amazon_Root_CA_1.pem (You can suppress it with "-ae pem")
	* Suspicious file extension found : etc/ssl/certs/ca-cert-DigiCert_Global_Root_G2.pem (You can suppress it with "-ae pem")
	* Suspicious file extension found : etc/ssl/certs/ca-cert-Autoridad_de_Certificacion_Firmaprofesional_CIF_A62634068.pem (You can suppress it with "-ae pem")
	* Suspicious file extension found : etc/ssl/certs/ca-cert-OISTE_WISeKey_Global_Root_GA_CA.pem (You can suppress it with "-ae pem")
	* Suspicious file extension found : etc/ssl/certs/ca-cert-Buypass_Class_2_Root_CA.pem (You can suppress it with "-ae pem")
	* Suspicious file extension found : etc/ssl/certs/ca-cert-TeliaSonera_Root_CA_v1.pem (You can suppress it with "-ae pem")
	* Suspicious file extension found : etc/ssl/certs/ca-cert-Certum_Trusted_Network_CA_2.pem (You can suppress it with "-ae pem")
	* Suspicious file extension found : etc/ssl/certs/ca-cert-SecureSign_RootCA11.pem (You can suppress it with "-ae pem")
	* Suspicious file extension found : etc/ssl/certs/ca-cert-QuoVadis_Root_CA.pem (You can suppress it with "-ae pem")
	* Suspicious file extension found : etc/ssl/certs/ca-cert-SSL.com_EV_Root_Certification_Authority_RSA_R2.pem (You can suppress it with "-ae pem")
	* Suspicious file extension found : etc/ssl/certs/ca-cert-Actalis_Authentication_Root_CA.pem (You can suppress it with "-ae pem")
	* Suspicious file extension found : etc/ssl/certs/ca-cert-DigiCert_Assured_ID_Root_G3.pem (You can suppress it with "-ae pem")
	* Suspicious file extension found : etc/ssl/certs/ca-cert-GDCA_TrustAUTH_R5_ROOT.pem (You can suppress it with "-ae pem")
	* Suspicious file extension found : etc/ssl/certs/ca-cert-ePKI_Root_Certification_Authority.pem (You can suppress it with "-ae pem")
FATAL	- DKL-DI-0005: Clear apt-get caches
	* Use 'rm -rf /var/lib/apt/lists' after 'apt-get install|update' : /bin/sh -c set -eux; 	apk add --no-cache --virtual .fetch-deps gnupg; 	arch="$(apk --print-arch)"; 	url=; 	case "$arch" in 		'x86_64') 			export GOARCH='amd64' GOOS='linux'; 			;; 		'armhf') 			export GOARCH='arm' GOARM='6' GOOS='linux'; 			;; 		'armv7') 			export GOARCH='arm' GOARM='7' GOOS='linux'; 			;; 	'aarch64') 			export GOARCH='arm64' GOOS='linux'; 			;; 		'x86') 			export GO386='softfloat' GOARCH='386' GOOS='linux'; 	;; 		'ppc64le') 			export GOARCH='ppc64le' GOOS='linux'; 			;; 		's390x') 			export GOARCH='s390x' GOOS='linux'; 			;; 		*) echo >&2 "error: unsupported architecture '$arch' (likely packaging update needed)"; exit 1 ;; 	esac; 	build=; 	if [ -z "$url" ]; then 		build=1; 		url='https://dl.google.com/go/go1.17.1.src.tar.gz'; 		sha256='49dc08339770acd5613312db8c141eaf61779995577b89d93b541ef83067e5b1'; 	fi; 		wget -O go.tgz.asc "$url.asc"; 	wget -O go.tgz "$url"; 	echo "$sha256 *go.tgz" | sha256sum -c -; 		GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; 	gpg --batch --keyserver keyserver.ubuntu.com --recv-keys 'EB4C 1BFD 4F04 2F6D DDCC EC91 7721 F63B D38B 4796'; 	gpg --batch --verify go.tgz.asc go.tgz; 	gpgconf --kill all; 	rm -rf "$GNUPGHOME" go.tgz.asc; 		tar -C /usr/local -xzf go.tgz; 	rm go.tgz; 		if [ -n "$build" ]; then 		apk add --no-cache --virtual .build-deps 	bash 			gcc 			go 			musl-dev 		; 				( 			cd /usr/local/go/src; 		export GOROOT_BOOTSTRAP="$(go env GOROOT)" GOHOSTOS="$GOOS" GOHOSTARCH="$GOARCH"; 			./make.bash; 		); 				apk del --no-network .build-deps; 				go install std; 				rm -rf 			/usr/local/go/pkg/*/cmd 			/usr/local/go/pkg/bootstrap 			/usr/local/go/pkg/obj 			/usr/local/go/pkg/tool/*/api 			/usr/local/go/pkg/tool/*/go_bootstrap 			/usr/local/go/src/cmd/dist/dist 		; 	fi; 		apk del --no-network .fetch-deps; 		go version
WARN	- CIS-DI-0001: Create a user for the container
	* Last user should not be root
INFO	- CIS-DI-0006: Add HEALTHCHECK instruction to the container image
	* not found HEALTHCHECK statement
INFO	- DKL-LI-0003: Only put necessary files
	* unnecessary file : usr/local/go/src/crypto/elliptic/internal/fiat/Dockerfile 
IGNORE	- CIS-DI-0005: Enable Content trust for Docker

Output of dockle -v:

$ dockle -v
dockle version 0.4.0

Additional details (base image name, container registry info...):

Base image: golang:1.17.1-alpine (Official, Dockerfile)

I inserted the line break to be readable as below. Doesn't go install line seems to cause the mal-detection of apt-get install? somehow, maybe?

$ dockle golang:1.17.1-alpine
FATAL	- CIS-DI-0010: Do not store credential in ENVIRONMENT vars/files
**(snip)**
**(snip)**
**(snip)**
FATAL	- DKL-DI-0005: Clear apt-get caches
	* Use 'rm -rf /var/lib/apt/lists' after 'apt-get install|update' :
 	/bin/sh -c set -eux; \
	apk add --no-cache --virtual .fetch-deps gnupg; \
	arch="$(apk --print-arch)"; \
	url=; \
	case "$arch" in \
		'x86_64') \
			export GOARCH='amd64' GOOS='linux'; \
			;; \
		'armhf') \
			export GOARCH='arm' GOARM='6' GOOS='linux'; \
			;; \
		'armv7') \
			export GOARCH='arm' GOARM='7' GOOS='linux'; \
			;; \
		'aarch64') \
			export GOARCH='arm64' GOOS='linux'; \
			;; \
		'x86') \
			export GO386='softfloat' GOARCH='386' GOOS='linux'; \
			;; \
		'ppc64le') \
			export GOARCH='ppc64le' GOOS='linux'; \
			;; \
		's390x') \
			export GOARCH='s390x' GOOS='linux'; \
			;; \
		*) echo >&2 "error: unsupported architecture '$arch' (likely packaging update needed)"; exit 1 ;; \
	esac; \
	build=; \
	if [ -z "$url" ]; then \
		build=1; \
		url='https://dl.google.com/go/go1.17.1.src.tar.gz'; \
		sha256='49dc08339770acd5613312db8c141eaf61779995577b89d93b541ef83067e5b1'; \
	fi; \
	\
	wget -O go.tgz.asc "$url.asc"; \
	wget -O go.tgz "$url"; \
	echo "$sha256 *go.tgz" | sha256sum -c -; \
	\
	GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \
	gpg --batch --keyserver keyserver.ubuntu.com --recv-keys 'EB4C 1BFD 4F04 2F6D DDCC EC91 7721 F63B D38B 4796'; \
	gpg --batch --verify go.tgz.asc go.tgz; \
	gpgconf --kill all; \
	rm -rf "$GNUPGHOME" go.tgz.asc; \
	\
	tar -C /usr/local -xzf go.tgz; \
	rm go.tgz; \
	\
	if [ -n "$build" ]; then \
		apk add --no-cache --virtual .build-deps \
			bash \
			gcc \
			go \
			musl-dev \
		; \
		\
		( \
			cd /usr/local/go/src; \
			export GOROOT_BOOTSTRAP="$(go env GOROOT)" GOHOSTOS="$GOOS" GOHOSTARCH="$GOARCH"; \
			./make.bash; \
		); \
		\
		apk del --no-network .build-deps; \
		\
		go install std; \
		\
		rm -rf \
			/usr/local/go/pkg/*/cmd \
			/usr/local/go/pkg/bootstrap \
			/usr/local/go/pkg/obj \
			/usr/local/go/pkg/tool/*/api \
			/usr/local/go/pkg/tool/*/go_bootstrap \
			/usr/local/go/src/cmd/dist/dist \
		; \
	fi; \
	\
	apk del --no-network .fetch-deps; \
	\
	go version
WARN	- CIS-DI-0001: Create a user for the container
	* Last user should not be root
INFO	- CIS-DI-0006: Add HEALTHCHECK instruction to the container image
	* not found HEALTHCHECK statement
INFO	- DKL-LI-0003: Only put necessary files
	* unnecessary file : usr/local/go/src/crypto/elliptic/internal/fiat/Dockerfile

Answer 1 · 2021-09-11T13:50:27.000Z

@KEINOS
This bug has been fixed in v0.4.1.
Thank you for the report!

Answer 2 · 2021-09-12T00:08:03.000Z

@tomoyamachi

That was quick !! Amazing!! Thank you!