Docker Compose Exposure

A docker compose config file revealing project structure and other sensitive information was discovered.

  • docker
  • compose
  • config
  • exposure

Docker compose is a tool for defining and running multi-container Docker applications. With Compose, developers use a single config (docker-compose.yml) file to define and run several application’s services.

Impact

Docker compose files may reveal all sensitive components that make up an application. It can also disclose sensitive strings.

Solution

Ensure that all development artefacts such as docker-compose.yml are removed before publishing your solution.

Was this page helpful?