Update "COPY '--from' Without FROM Alias Defined Previously" query for Docker, allow external images

### Platform
Docker

### Query
`68a51e22-ae5a-4d48-8e87-b01a323605c9`

### Description
Currently, this query detects an issue when a `COPY` instruction references another docker image using `--from` and this image is not defined in the same Dockerfile as part of a multi-step build. The `--from` flag of the `COPY` instruction can also be used to reference external Docker images (https://docs.docker.com/develop/develop-images/multistage-build/#use-an-external-image-as-a-stage). This query should not raise an issue in this case.

### Source
Some Dockerfiles for the official [nats](https://hub.docker.com/_/nats/) image uses this to copy files between the different versions of their docker images and kics reports that this query fails: https://github.com/nats-io/nats-docker/blob/9095670eefc7c5af2ba6400a42ff88097b018c70/2.7.4/scratch/Dockerfile

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Update "COPY '--from' Without FROM Alias Defined Previously" query for Docker, allow external images #5115

Platform

Query

Description

Source

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Update "COPY '--from' Without FROM Alias Defined Previously" query for Docker, allow external images #5115

Description

Platform

Query

Description

Source

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions