Ensure use 'USER' before 'CMD' or 'ENTRYPOINT' your application

Is your application run with root privileges? It can cause a severe security issue. Running an application with root privilege can allow attackers who take over the application to take control of the whole container easily.

Risk Level: high
Platform: Docker
Spectral Rule ID: DOCKR026


set non-root user after finishing all tasks that need root privileges

FROM python:2.7
RUN pip install Flask==0.11.1
RUN useradd -ms /bin/bash patrick
COPY --chown=patrick:patrick app /app
+ USER non-root
CMD ["python", "app.py"]

Read more: