Skip to content

Run docker containers as non-root #28

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
petr-pokorny-absa merged 1 commit into from
Dec 18, 2025
Merged

Run docker containers as non-root #28

petr-pokorny-absa merged 1 commit into from
Dec 18, 2025

Conversation

@petr-pokorny-absa
Copy link
Collaborator

@petr-pokorny-absa petr-pokorny-absa commented Dec 16, 2025

This pull request introduces improvements to the Dockerfiles for both the backend and frontend services to enhance security and ensure proper file permissions. The main changes involve setting appropriate permissions for application files and directories, and running containers as non-root users.

Dockerfile changes for backend (Dockerfile):

  • Set permissions: Changed permissions for /opt/app (755), status-board-assembly.jar (644), and entrypoint.sh (755) to ensure correct access rights.
  • Non-root user: Configured the container to run as user 10001:10001 instead of root, improving security.

Dockerfile changes for frontend (UI.Dockerfile):

  • Set permissions: Recursively set permissions (777) for /var/cache/nginx and /var/run to allow the nginx process to write to these directories.
  • Non-root user: Configured the container to run as the nginx user, rather than root, for better security

Release notes:

  • Changes docker images to run application as non-root

Closes: #25

@github-actions
Copy link

github-actions bot commented Dec 16, 2025

JaCoCo Coverage Report

Metric (instruction) Coverage Threshold Status
Overall 80.51% 80.0%
Changed Files 0.0% 80.0%
Report Coverage (O/Ch) Threshold (O/Ch) Status (O/Ch)
Report: root - scala:2.13.12 80.51% / 0.0% 80.0% / 80.0% ✅/✅
File Path Coverage Threshold Status

No changed file in reports.

oto-macenauer-absa
oto-macenauer-absa approved these changes Dec 17, 2025
View reviewed changes
Copy link

@oto-macenauer-absa oto-macenauer-absa left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

lgtm

@petr-pokorny-absa petr-pokorny-absa merged commit f0b3e7d into master Dec 18, 2025
2 checks passed
@petr-pokorny-absa petr-pokorny-absa deleted the docker-user branch December 18, 2025 09:48
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@oto-macenauer-absa oto-macenauer-absa oto-macenauer-absa approved these changes

@lsulak lsulak Awaiting requested review from lsulak lsulak is a code owner

@Zejnilovic Zejnilovic Awaiting requested review from Zejnilovic

@salamonpavel salamonpavel Awaiting requested review from salamonpavel salamonpavel is a code owner

@tmikula-dev tmikula-dev Awaiting requested review from tmikula-dev tmikula-dev is a code owner

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Aquasec: docker images use root

3 participants

@petr-pokorny-absa @oto-macenauer-absa