Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Move USER and remove redundant --chown from Dockerfile (#53441)
### What? In the Dockerfile example: * Moves the `USER` command above the `COPY`s * Removes the `--chown` on the `COPY`s > **Note** > I don't know for 100% sure this won't have unintended side effects. Part of my motivation for opening this PR is to sense check whether we will be causing a regression by making this change in our own projects. > > Please let me know if there's any concerns with this! ### Why? Sonar security scanner flags this Dockerfile as having "security hotspots" due to the use of `--chown` https://rules.sonarsource.com/docker/RSPEC-6504/ ### How? Make the `--chown`s redundant by setting the current user before doing the `COPY` commands.
- Loading branch information