From e052514ce612f7bac61e3b45ee4b8eaf81e3b516 Mon Sep 17 00:00:00 2001 From: Yuvraj Chhetri Date: Wed, 8 Feb 2023 00:42:09 +0530 Subject: [PATCH] dockerfile updated to secure Updated changes in readme file updated file again --- Dockerfile | 9 +++++++++ go.mod | 1 + go.sum | 2 +- 3 files changed, 11 insertions(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index 80d0da0..d23ab13 100644 --- a/Dockerfile +++ b/Dockerfile @@ -36,6 +36,15 @@ FROM cgr.dev/chainguard/wolfi-base:latest COPY --from=build /jx-cdevents-adapter /jx-cdevents-adapter EXPOSE 80 +# Add a new user +RUN adduser -D myuser + +# Change the ownership of the binary to the new user +RUN chown myuser:myuser /jx-cdevents-adapter + +# Run the binary as the new user +USER myuser + # required for external tools to detect this as a go binary ENV GOTRACEBACK=all diff --git a/go.mod b/go.mod index a19b55d..c4f17e6 100644 --- a/go.mod +++ b/go.mod @@ -7,3 +7,4 @@ require ( github.com/sirupsen/logrus v1.9.0 // indirect golang.org/x/sys v0.0.0-20220715151400-c0bba94af5f8 // indirect ) + diff --git a/go.sum b/go.sum index a460a23..bebfac9 100644 --- a/go.sum +++ b/go.sum @@ -10,4 +10,4 @@ github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/ golang.org/x/sys v0.0.0-20220715151400-c0bba94af5f8 h1:0A+M6Uqn+Eje4kHMK80dtF3JCXC4ykBgQG4Fe06QRhQ= golang.org/x/sys v0.0.0-20220715151400-c0bba94af5f8/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= -gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= +gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= \ No newline at end of file