Multiple CMD instructions

ID

multiple_cmd

Severity

info

Family

Container Security

Tags

dockerfile, flaw, non-reachable

Description

There can only be one CMD instruction in a Dockerfile. If you list more than one CMD then only the last CMD will take effect.

The CMD instruction sets the command to be executed when running a container from an image.

The purpose of a CMD is to provide defaults for an executing container. These defaults can include an executable, or they can omit the executable, in which case you must specify an ENTRYPOINT instruction as well.

Reference: CMD command.

Security

N/A

Examples

FROM golang:1.7.3

CMD ./app
CMD ./apps

Mitigation / Fix

Dockerfile should only have one CMD instruction. Remove all the other CMD instructions.