Ensure not use 'root' in the last 'USER' call in dockerfile

Is your application run with root privileges? It can cause a severe security issue. Running an application with root privilege can allow attackers who take over the application to take control of the whole container easily.

Suggest Edits

Risk Level: medium
Platform: Docker
Spectral Rule ID: DOCKR022

REMEDIATION

Don't use USER root if not required. Else set non-root user after finishing all tasks that need root privileges.

FROM alpine:2.6
USER root
RUN npm install
+ USER non-root-user
RUN sh start_app.sh

https://docs.docker.com/engine/reference/builder/#user

Updated about 1 year ago

REMEDIATION

Read more: