Docker Insecure Builder Sandbox Flag
Description
Detects the use of insecure sandbox flags in Docker build commands that disable security protections. Using --security=insecure in Docker RUN instructions removes critical security isolation mechanisms, potentially allowing container breakouts and privilege escalation.
Detection Strategy
• Scans Dockerfile content line by line looking for RUN instructions
• Identifies lines containing the --security=insecure flag
• Reports a vulnerability when a RUN instruction contains the exact string '--security=insecure'
Vulnerable code example
FROM ubuntu:20.04
# Dangerous: --security=insecure disables container security features
RUN --security=insecure ./example.sh
CMD ["./app"]✅ Secure code example
FROM ubuntu:20.04
# Run script with default security settings enabled
RUN ./example.sh
CMD ["./app"]Search for vulnerabilities in your apps for free with Fluid Attacks' automated security testing! Start your 21-day free trial and discover the benefits of the Continuous Hacking Essential plan. If you prefer the Advanced plan, which includes the expertise of Fluid Attacks' hacking team, fill out this contact form.