Ensure minimal execution of 'chown'
Risk Level: informational
Platform: Docker
Spectral Rule ID: DOCKR011
REMEDIATION
Most of the time, you can just drop the chown option. The app user only needs execution permissions on the file, not ownership.
WORKDIR $APP_HOME
- COPY --chown=app:app app-src/ /app
+ COPY app-src/ /app
USER app
ENTRYPOINT /app/main.shRead more:
- TBD
Updated 7 months ago