You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Running as a non-root user helps to avoid security risks; Using Security Headers is a good best practice.
Actual behavior
DOCKERFILE
The Dockerfile is structured in a multi-stage build format which is good for optimizing the
final image size. I'll walk you through each part of the Dockerfile and point out any concerns or
recommendations:
Builder Stage (Node.js Build Phase):
FROM node:18.12.1-alpine as builder: You're using a specific version of Node.js
with Alpine, which is a lightweight distro. This is a good practice as it minimizes
the image size and reduces potential attack surfaces.
COPY package.json yarn.lock ./: Good! You're copying only the necessary files
for the yarn install command. This takes advantage of Docker's caching
mechanism and ensures faster builds if no dependencies change.
Recommendations: Consider using a non-root user even in the builder stage. Running as a non-root
user is a security best practice.
Production Environment (Nginx Server):
It would be beneficial to use a non-root user to run the Nginx process. By default,
Nginx will run as root, which is not recommended in a container environment.
Consider adding security headers in your Nginx configuration for added security.
Examples include: Strict-Transport-Security, Content-Security-Policy,
X-Content-Type-Options, X-Frame-Options, etc
The text was updated successfully, but these errors were encountered:
Issue Report
DOCKERFILE Improvements
Expected behavior
Running as a non-root user helps to avoid security risks; Using Security Headers is a good best practice.
Actual behavior
DOCKERFILEThe Dockerfile is structured in a multi-stage build format which is good for optimizing the
final image size. I'll walk you through each part of the Dockerfile and point out any concerns or
recommendations:
FROM node:18.12.1-alpine as builder: You're using a specific version of Node.js
with Alpine, which is a lightweight distro. This is a good practice as it minimizes
the image size and reduces potential attack surfaces.
COPY package.json yarn.lock ./: Good! You're copying only the necessary files
for the yarn install command. This takes advantage of Docker's caching
mechanism and ensures faster builds if no dependencies change.
Recommendations: Consider using a non-root user even in the builder stage. Running as a non-root
user is a security best practice.
Nginx will run as root, which is not recommended in a container environment.
Examples include: Strict-Transport-Security, Content-Security-Policy,
X-Content-Type-Options, X-Frame-Options, etc
The text was updated successfully, but these errors were encountered: