Merge pull request #290 from swisstopo/fix/security-hotspots

Fix: Security Hotspots

apps/client-asset-sg/docker/Dockerfile

@@ -9,7 +9,7 @@ RUN apk add python3 make gcc g++
 WORKDIR /app
 COPY . .
 
-RUN npm install
+RUN npm install --no-scripts
 RUN sed -i ''s/0.0.0-local/${APP_VERSION}/g'' apps/client-asset-sg/src/assets/version.json
 RUN npx nx build client-asset-sg --configuration=production
 

apps/pipeline-asset-sg/docker/Dockerfile

@@ -8,7 +8,7 @@ ENV NODE_ENV=development
 WORKDIR /app
 COPY . .
 
-RUN npm install
+RUN npm install --no-scripts
 RUN npx nx build pipeline-asset-sg --configuration=production
 
 # final image build
@@ -21,4 +21,9 @@ WORKDIR /app
 COPY --from=pipeline-builder /app/dist/apps/pipeline-asset-sg .
 COPY --from=pipeline-builder /app/node_modules ./node_modules
 
+RUN addgroup -S app \
+ && adduser -S app -G app \
+ && chown -R app:app /app
+USER app
+
 CMD ["node", "main.js"]

apps/server-asset-sg/docker/Dockerfile

@@ -8,7 +8,7 @@ ENV NODE_ENV=development
 WORKDIR /app
 COPY . .
 
-RUN npm install
+RUN npm install --no-scripts
 RUN npx nx build server-asset-sg --configuration=production
 
 # final image build
@@ -23,5 +23,10 @@ COPY --from=api-builder /app/node_modules ./node_modules
 COPY apps/server-asset-sg/docker/start.sh start.sh
 RUN chmod +x start.sh
 
+RUN addgroup -S app \
+ && adduser -S app -G app \
+ && chown -R app:app /app
+USER app
+
 ENTRYPOINT ["sh"]
 CMD ["start.sh"]