A
100/100 First Seen
Feb 18, 2026
Last Scanned
Feb 20, 2026
Findings
1
Score
100/100
LOW 1
Findings (1)
LOW
Docker environment credentials
L58 Detects Docker or docker-compose commands passing credentials via environment variables
docker run -e GITHUB_TOKEN= FIX
Remove credential values from Docker environment flags (-e) and docker-compose environment sections. Use Docker secrets, .env files (in .dockerignore), or a secrets manager.
FP?
Likely FP if the Docker environment variable has an empty or placeholder value (e.g., -e API_KEY= or -e PASSWORD=changeme) in setup documentation.