I quite often get a FATAL error for CIS-DI-0010 because of settings.py used in my projects.
FATAL - CIS-DI-0010: Do not store credential in environment variables/files
* Suspicious filename found : app/.pixi/envs/prod/lib/python3.12/site-packages/h2/settings.py (You can suppress it with "-af settings.py")
FATAL - CIS-DI-0010: Do not store credential in environment variables/files
* Suspicious filename found : app/.pixi/envs/prod/lib/python3.12/site-packages/jedi/settings.py (You can suppress it with "-af settings.py")
* Suspicious filename found : app/.pixi/envs/prod/lib/python3.12/site-packages/pydeck/settings.py (You can suppress it with "-af settings.py")
* Suspicious filename found : app/.pixi/envs/prod/lib/python3.12/site-packages/h2/settings.py (You can suppress it with "-af settings.py")
This is IMO a bad default as there is nothing wrong with calling a file "settings.py".
While i was using dockle, i noticed a couple of libraries using "settings.py" as a filename, among others:
In almost every third container, i need to exclude this file because settings.py is a widely used filename and i'm vendoring other packages.
Please consider removing this file name for CIS-DI-0010
I quite often get a
FATALerror forCIS-DI-0010because ofsettings.pyused in my projects.This is IMO a bad default as there is nothing wrong with calling a file "settings.py".
While i was using dockle, i noticed a couple of libraries using "settings.py" as a filename, among others:
In almost every third container, i need to exclude this file because
settings.pyis a widely used filename and i'm vendoring other packages.Please consider removing this file name for
CIS-DI-0010