Will It Vibe logoWill It Vibe?
DOCKER-029Medium severity-8 points

World-writable permissions (chmod 777)

Part of Security, which counts for 30% of the overall score. When this check fires it deducts 8 points from that category, once per scan, no matter how many places it turns up.

What it detects

chmod 777 (or a+rwx) makes a path writable by every user in the container, so any process, including a compromised one, can overwrite those files or scripts.

Why it matters

chmod 777 (or a+rwx) makes a path readable, writable, and executable by every user in the container. Any process, including a compromised one running as a low-privilege user, can then overwrite those files or scripts, which can turn a minor foothold into persistence or escalation.

How to fix it

Grant the least permission that works. Set ownership to the runtime user with chown (or COPY --chown) and use restrictive modes like 755 for directories and executables, 644 for data files, 700 for private paths. Reserve write access for the specific directories the app must write to.

The paid report includes a ready-to-paste prompt for your AI coding agent for every check it finds, pointed at the exact findings from your scan. See pricing

Does your repo trip this check?

Paste a GitHub URL or drop a project folder. Scans run in your browser and take seconds.

Scan your repo

Related Security checks