Editing Troubleshooting of Sonar issue (section)

=== How to resolve "This image might run with root as the default user. Make sure it is safe here." ===

'''🛑 Problem Condition'''

During the CI/CD process, security scanning tools such as Anchore or Checkmarx report the following warning:

<pre>
This image might run with root as the default user. Make sure it is safe here.
</pre>

This warning appears because the Docker image is configured to run as the <code>root</code> user by default, which poses a potential security risk—especially in production or publicly exposed environments.

'''✅ Solution'''

Modify the <code>Dockerfile</code> to create a non-root user and configure the container to run using this user. Here's a general example:

<pre>
FROM alpine:3.19

# Create a non-root user and group =
RUN addgroup -S appgroup && adduser -S appuser -G appgroup

# Create the working directory and set permissions =
RUN mkdir -p /app && chown -R appuser:appgroup /app

# Copy application files =
COPY app /app
WORKDIR /app

# Switch to the non-root user =
USER appuser

# Expose application port (if applicable) =
EXPOSE 80

# Start your application (example only) =
CMD ["your-app-command"]
</pre>

'''💡 Explanation'''

By default, Docker containers run as the "root" user, which increases the risk of privilege escalation if an attacker exploits a vulnerability. To  avoid the risk by creating a dedicated, unprivileged user and ensuring that your application directory has the correct ownership and permissions. Then, you configure the container to run under this non-root user.


References
* [https://www.docker.com/blog/understanding-the-docker-user-instruction/ Understanding the Docker USER Instruction | Docker]
* [https://docs.docker.com/engine/security/rootless/ Rootless mode | Docker Docs]
* [https://medium.com/@Kfir-G/securing-docker-non-root-user-best-practices-5784ac25e755 Securing Docker: Non-Root User Best Practices | by Kfir Gisman | Medium]