'zypper clean' missing

ID

purge_zypper_package_cache

Severity

low

Family

Container Security

Tags

dockerfile, non-reachable, smaller-size

Description

Cached package data should be cleaned after installation to reduce image size.

Security

N/A

Examples

FROM registry.suse.com/suse/sles12sp4:latest

# issue, package cache not cleaned up
RUN zypper install bash

ENTRYPOINT ["/etc/bin/application"]
CMD ["-i"]

Mitigation / Fix

Add zypper clean (or the cc shortcut) to Dockerfile:

FROM registry.suse.com/suse/sles12sp4:latest

# fixed
RUN zypper install bash && zypper clean

ENTRYPOINT ["/etc/bin/application"]
CMD ["-i"]