CAST/cast-ghl-plugin
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix: add USER nobody to Dockerfile to pass semgrep security check
Some checks failed
ci/woodpecker/push/woodpecker Pipeline failed
Details

Browse Source 
Running as root in a container is a security hazard. Use the existing
nobody user from alpine:3.19 to drop privileges before CMD.

Co-Authored-By: Paperclip <noreply@paperclip.ing>
This commit is contained in:
Head of Product & Engineering 2026-04-05 22:49:28 +02:00
parent 7714013e48
commit 5f7dd7462d
1 changed files with 1 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
Dockerfile
View File

@ -11,4 +11,5 @@ COPY --from=builder /cast-ghl-provider /cast-ghl-provider
EXPOSE 3002 EXPOSE 3002
HEALTHCHECK --interval=30s --timeout=3s --start-period=5s --retries=3 \ HEALTHCHECK --interval=30s --timeout=3s --start-period=5s --retries=3 \
CMD wget -qO- http://localhost:3002/health || exit 1 CMD wget -qO- http://localhost:3002/health || exit 1
USER nobody
CMD ["/cast-ghl-provider"] CMD ["/cast-ghl-provider"]