Docker Compose Exposure
A docker compose config file revealing project structure and other sensitive information was discovered.
- docker
- compose
- config
- exposure
Docker compose is a tool for defining and running multi-container Docker applications. With Compose, developers use a single config (docker-compose.yml) file to define and run several application’s services.
Impact
Docker compose files may reveal all sensitive components that make up an application. It can also disclose sensitive strings.
Solution
Ensure that all development artefacts such as docker-compose.yml are removed before publishing your solution.
Was this page helpful?