security: apply Agents Council recommendations
- Add USER node directive to Dockerfile for non-root container execution - Update SECURITY.md with Node.js version requirements (CVE-2025-59466, CVE-2026-21636) - Add Docker security best practices documentation - Document detect-secrets usage for local security scanning Reviewed-by: Agents Council (5/5 approval) Security-Score: 8.8/10 Watchdog-Verdict: SAFE WITH CONDITIONS Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
This commit is contained in:
rhuanssauro
committed by
Peter Steinberger
Peter Steinberger
parent
112f4e3d01
commit
592930f10f
@@ -32,4 +32,9 @@ RUN pnpm ui:build
|
||||
|
||||
ENV NODE_ENV=production
|
||||
|
||||
# Security hardening: Run as non-root user
|
||||
# The node:22-bookworm image includes a 'node' user (uid 1000)
|
||||
# This reduces the attack surface by preventing container escape via root privileges
|
||||
USER node
|
||||
|
||||
CMD ["node", "dist/index.js"]
|
||||
|
||||
Reference in New Issue
Block a user