Ensure not use 'root' in the last 'USER' call in dockerfile

Is your application run with root privileges? It can cause a severe security issue. Running an application with root privilege can allow attackers who take over the application to take control of the whole container easily.

Risk Level: medium
Platform: Docker
Spectral Rule ID: DOCKR022


Don't use USER root if not required. Else set non-root user after finishing all tasks that need root privileges.

FROM alpine:2.6
USER root
RUN npm install
+ USER non-root-user
RUN sh start_app.sh

Read more: