14,982
edits
Troubleshooting of SonarQube issue: Difference between revisions
Jump to navigation
Jump to search
→How to resolve "This image might run with root as the default user. Make sure it is safe here."
Tags: Mobile edit Mobile web edit |
|||
| Line 208: | Line 208: | ||
CMD ["your-app-command"] | CMD ["your-app-command"] | ||
</pre> | </pre> | ||
Another example | |||
<pre> | |||
FROM dockerhub/library/php:8.3.4-cli-alpine3.19 | |||
# Update and upgrade all packages to the latest secure versions | |||
RUN apk update && apk upgrade | |||
# Create a non-root system group and user to run the application securely | |||
# -S flag creates a system account (no home directory, no login shell) | |||
RUN addgroup -S appgroup && adduser -S appuser -G appgroup | |||
# Copy application source code into the container | |||
COPY app /var/www/html | |||
# Transfer ownership of the app directory to the non-root user | |||
# so the app can read/write files without requiring root privileges | |||
RUN chown -R appuser:appgroup /var/www/html | |||
# Set the working directory for subsequent commands | |||
WORKDIR /var/www/html | |||
# Switch to the non-root user before running the application | |||
# This follows the Principle of Least Privilege | |||
USER appuser | |||
# Expose port 80 for incoming HTTP traffic | |||
EXPOSE 80 | |||
# Start the PHP built-in web server, listening on all interfaces | |||
CMD ["php", "-S", "0.0.0.0:80"] | |||
</pre> | |||
'''💡 Explanation''' | '''💡 Explanation''' | ||