iac/dockerfile/dockerfile-curl-pipe-sh

RUN pipes remote script to shell

highDockerfileiac-dockerfile

What it detects

curl|bash during image build downloads unverified code and executes it. Common malware-insertion vector.

Download, verify checksum, then execute: `curl -fsSLO <url> && echo '<sha>' file | sha256sum -c - && sh file`.

Run against Dockerfiles detected by path or basename. Line-based checks with remediation guidance.

Found a false positive or want this rule tuned? File an issue. You can also suppress per-repo via a .repoguardignore line.