apk add is missing --no-cache

ID

purge_apk_package_cache

Severity

low

Family

Container Security

Tags

dockerfile, non-reachable, smaller-size

Description

Cached package data should be cleaned after installation to reduce image size.

Reference: Disabling Cache, in the Alpine Linux documentation for apk.

Security

N/A

Examples

FROM gliderlabs/alpine:3.3

# issue
RUN apk add python3

RUN pip install --no-cache-dir -r /usr/src/app/requirements.txt
CMD [ "python", "/usr/src/app/app.py" ]

Mitigation / Fix

Add --no-cache to apk add in Dockerfile:

FROM gliderlabs/alpine:3.3

# fixed
RUN apk --no-cache add python3

RUN pip install --no-cache-dir -r /usr/src/app/requirements.txt
CMD [ "python", "/usr/src/app/app.py" ]