diff --git a/agent_api/src/main/java/dev/aikido/agent_api/vulnerabilities/path_traversal/UnsafePathChecker.java b/agent_api/src/main/java/dev/aikido/agent_api/vulnerabilities/path_traversal/UnsafePathChecker.java
index bb39fdbb..2506712e 100644
--- a/agent_api/src/main/java/dev/aikido/agent_api/vulnerabilities/path_traversal/UnsafePathChecker.java
+++ b/agent_api/src/main/java/dev/aikido/agent_api/vulnerabilities/path_traversal/UnsafePathChecker.java
@@ -29,7 +29,9 @@ private UnsafePathChecker() {}
             "/sys/",
             "/tmp/",
             "/usr/",
-            "/var/"
+            "/var/",
+            "/app/",
+            "/code/"
     );
     private static final List<String> DANGEROUS_PATH_STARTS = Arrays.asList(
             "c:/",
diff --git a/agent_api/src/test/java/vulnerabilities/path_traversal/UnsafePathCheckerTest.java b/agent_api/src/test/java/vulnerabilities/path_traversal/UnsafePathCheckerTest.java
index d1942202..0adaeb65 100644
--- a/agent_api/src/test/java/vulnerabilities/path_traversal/UnsafePathCheckerTest.java
+++ b/agent_api/src/test/java/vulnerabilities/path_traversal/UnsafePathCheckerTest.java
@@ -15,6 +15,12 @@ public void testLinuxRootPaths() {
         assertTrue(UnsafePathChecker.startsWithUnsafePath("/usr/local/bin", "/usr"));
         assertTrue(UnsafePathChecker.startsWithUnsafePath("/var/log/syslog", "/var"));
 
+        // Docker container common directories :
+        assertTrue(UnsafePathChecker.startsWithUnsafePath("/app/config.yml", "/app"));
+        assertTrue(UnsafePathChecker.startsWithUnsafePath("/code/src/main.py", "/code"));
+        assertTrue(UnsafePathChecker.startsWithUnsafePath("/app/config.yml"));
+        assertTrue(UnsafePathChecker.startsWithUnsafePath("/code/src/main.py"));
+
         // Capitalization checks :
         assertTrue(UnsafePathChecker.startsWithUnsafePath("/var/log/syslog", "/VaR"));
         assertTrue(UnsafePathChecker.startsWithUnsafePath("/home/user/file.txt", "/HoMe"));