You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
So apparently I am using this package and when I generate a final docker image of my project and use a Trivy to scan my container image I am getting the following issue/vulnerability - Specify at least 1 USER command in Dockerfile with non-root user as argument
Detailed Description
The Trivy scan of my project's container is giving the following issue,
app/node_modules/swagger2openapi/Dockerfile (dockerfile)
========================================================
Tests: 21 (SUCCESSES: 20, FAILURES: 1, EXCEPTIONS: 0)
Failures: 1 (MEDIUM: 0, HIGH: 1, CRITICAL: 0)
HIGH: Specify at least 1 USER command in Dockerfile with non-root user as argument
════════════════════════════════════════
Running containers with 'root' user can lead to a container escape situation. It is a best practice to run containers as non-root users, which can be done by adding a 'USER' statement to the Dockerfile.
See https://avd.aquasec.com/misconfig/ds002
────────────────────────────────────────
This issue is coming from the path app/node_modules/swagger2openapi/Dockerfile (dockerfile)
Ideally we should add the USER command and also do we really need to ship dockerfile as part of the final npm package?
Other stuff
The package version (swagger2openapi)- v7.0.8
The text was updated successfully, but these errors were encountered:
So apparently I am using this package and when I generate a final docker image of my project and use a Trivy to scan my container image I am getting the following issue/vulnerability -
Specify at least 1 USER command in Dockerfile with non-root user as argument
Detailed Description
The Trivy scan of my project's container is giving the following issue,
This issue is coming from the path
app/node_modules/swagger2openapi/Dockerfile (dockerfile)
Ideally we should add the
USER
command and also do we really need to ship dockerfile as part of the final npm package?Other stuff
The package version (swagger2openapi)- v7.0.8
The text was updated successfully, but these errors were encountered: