Ensure not use 'root' in the last 'USER' call in dockerfile
Is your application run with root privileges? It can cause a severe security issue. Running an application with root privilege can allow attackers who take over the application to take control of the whole container easily.
Risk Level: medium
Platform: Docker
Spectral Rule ID: DOCKR022
REMEDIATION
Don't use USER root
if not required. Else set non-root user after finishing all tasks that need root privileges.
FROM alpine:2.6
USER root
RUN npm install
+ USER non-root-user
RUN sh start_app.sh
Read more:
Updated over 1 year ago