Ensure use 'USER' before 'CMD' or 'ENTRYPOINT' your application
Is your application run with root privileges? It can cause a severe security issue. Running an application with root privilege can allow attackers who take over the application to take control of the whole container easily.
Risk Level: high
Platform: Docker
Spectral Rule ID: DOCKR026
REMEDIATION
set non-root user after finishing all tasks that need root privileges
FROM python:2.7
RUN pip install Flask==0.11.1
RUN useradd -ms /bin/bash patrick
COPY --chown=patrick:patrick app /app
WORKDIR /app
+ USER non-root
CMD ["python", "app.py"]
Read more:
Updated about 1 year ago