use distroless base image

[matthyx]

this one requires a modification in the Helm chart:

securityContext:
  fsGroup: 65532
  runAsUser: 65532

and:

- name: grype-db-cache
  mountPath: /home/nonroot/anchore-resources/db
- name: grype-db
  mountPath: /home/nonroot/.cache/grype

[codiumai-pr-agent]

PR Analysis

• 🎯 Main theme: Changing the base image of the Dockerfile to use distroless
• 📌 Type of PR: Enhancement
• 🧪 Relevant tests added: No
• ✨ Focused PR: Yes, the PR is focused as it only changes the base image of the Dockerfile
• 🔒 Security concerns: No, the changes in this PR do not introduce any obvious security concerns.

PR Feedback

• General suggestions: The PR is generally well done, but it would be beneficial to add a comment explaining why the base image is being changed to distroless. This would help other developers understand the reasoning behind this change.

• 🤖 Code feedback:

  • relevant file: build/Dockerfile
    suggestion: Consider adding a comment explaining why you are changing the base image to distroless. This will help other developers understand the reasoning behind this change. [medium]
    relevant line: FROM gcr.io/distroless/static-debian11:nonroot

  • relevant file: build/Dockerfile
    suggestion: It's a good practice to pin the version of the base image to ensure the build's reproducibility. Consider specifying a version for the distroless image. [important]
    relevant line: FROM gcr.io/distroless/static-debian11:nonroot

  • relevant file: build/Dockerfile
    suggestion: It's recommended to use absolute paths for the WORKDIR instruction. This will ensure that the instruction works as expected regardless of the current working directory. [medium]
    relevant line: WORKDIR /home/nonroot/

How to use

To invoke the PR-Agent, add a comment using one of the following commands:
/review [-i]: Request a review of your Pull Request. For an incremental review, which only considers changes since the last review, include the '-i' option.
/describe: Modify the PR title and description based on the contents of the PR.
/improve: Suggest improvements to the code in the PR.
/ask <QUESTION>: Pose a question about the PR.

To edit any configuration parameter from 'configuration.toml', add --config_path=new_value
For example: /review --pr_reviewer.extra_instructions="focus on the file: ..."
To list the possible configuration parameters, use the /config command.

[github-actions]

Summary:

• License scan: failure
• Credentials scan: success
• Vulnerabilities scan: failure
• Unit test: success
• Go linting: success

[github-actions]

Summary:

• License scan: failure
• Credentials scan: success
• Vulnerabilities scan: failure
• Unit test: success
• Go linting: success