You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
❌ **Codacy** found a **critical Security** issue: [By not specifying a USER, a program in the container may run as 'root'. This is a security hazard.](https://app.codacy.com/gh/hldsdocker/hlds/pullRequest?prid=13986173)
#8
Closed
wopox1337 opened this issue
Apr 4, 2024
· 0 comments
· Fixed by #9
:x: **Codacy** found a **critical Security** issue: [By not specifying a USER, a program in the container may run as 'root'. This is a security hazard.](https://app.codacy.com/gh/hldsdocker/hlds/pullRequest?prid=13986173)
The issue identified by the Semgrep linter is that the Docker container is configured to run its processes as the root user by default. This can be a significant security risk, as any exploit that gains access to the container could potentially have root privileges, allowing it to perform unrestricted operations on the container and potentially affect the host system or other containers.
To mitigate this risk, it's best practice to create a non-root user within the Dockerfile and switch to that user before running the application. This can be done with the USER directive after all necessary file permissions and dependencies are set up for the non-root user.
Here's the code suggestion to add a non-root user and switch to it before setting the ENTRYPOINT:
RUN adduser --disabled-password --gecos '' myuser && chown -R myuser:myuser /path/to/required/directories
USER myuser
Please replace /path/to/required/directories with the actual directories that the non-root user needs to have ownership of to run the application. This line should be added right before the ENTRYPOINT directive.
This comment was generated by an experimental AI tool.
Originally posted by @codacy-production[bot] in #7 (comment)
The text was updated successfully, but these errors were encountered:
The issue identified by the Semgrep linter is that the Docker container is configured to run its processes as the root user by default. This can be a significant security risk, as any exploit that gains access to the container could potentially have root privileges, allowing it to perform unrestricted operations on the container and potentially affect the host system or other containers.
To mitigate this risk, it's best practice to create a non-root user within the Dockerfile and switch to that user before running the application. This can be done with the
USER
directive after all necessary file permissions and dependencies are set up for the non-root user.Here's the code suggestion to add a non-root user and switch to it before setting the
ENTRYPOINT
:Please replace
/path/to/required/directories
with the actual directories that the non-root user needs to have ownership of to run the application. This line should be added right before theENTRYPOINT
directive.This comment was generated by an experimental AI tool.
Originally posted by @codacy-production[bot] in #7 (comment)
The text was updated successfully, but these errors were encountered: