❌ **Codacy** found a **critical Security** issue: [By not specifying a USER, a program in the container may run as 'root'. This is a security hazard.](https://app.codacy.com/gh/hldsdocker/hlds/pullRequest?prid=13986173)

[wopox1337]

          :x: **Codacy** found a **critical Security** issue: [By not specifying a USER, a program in the container may run as 'root'. This is a security hazard.](https://app.codacy.com/gh/hldsdocker/hlds/pullRequest?prid=13986173)

The issue identified by the Semgrep linter is that the Docker container is configured to run its processes as the root user by default. This can be a significant security risk, as any exploit that gains access to the container could potentially have root privileges, allowing it to perform unrestricted operations on the container and potentially affect the host system or other containers.

To mitigate this risk, it's best practice to create a non-root user within the Dockerfile and switch to that user before running the application. This can be done with the USER directive after all necessary file permissions and dependencies are set up for the non-root user.

Here's the code suggestion to add a non-root user and switch to it before setting the ENTRYPOINT:

RUN adduser --disabled-password --gecos '' myuser && chown -R myuser:myuser /path/to/required/directories
USER myuser

Please replace /path/to/required/directories with the actual directories that the non-root user needs to have ownership of to run the application. This line should be added right before the ENTRYPOINT directive.

---

This comment was generated by an experimental AI tool.

Originally posted by @codacy-production[bot] in #7 (comment)