Hi, I'm running the https://github.com/docker/docker-bench-security script. Which says that your Docker container is running with the user 'root', which is NOT advised!
I notice you already create a dedicated user in your Dockerfile. But (almost) at the end of the the Dockerfile (after you did all the COPY stuff..) it might be wise to change the default user, like in your Dockerfile: USER reviewboard WORKDIR /site Output logging of docker-bench-security.sh: --- [INFO] 4 - Container Images and Build File [WARN] 4.1 - Ensure that a user for the container has been created (Automated) [WARN] * Running as root: docker-reviewboard-1 --- Anyway, you can run docker-bench-security for yourself as well. Regards, Melroy van den Berg -- Supercharge your Review Board with Power Pack: https://www.reviewboard.org/powerpack/ Want us to host Review Board for you? Check out RBCommons: https://rbcommons.com/ Happy user? Let us know! https://www.reviewboard.org/users/ --- You received this message because you are subscribed to the Google Groups "Review Board Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/reviewboard/8e44d0dd-88fb-46c7-861d-6319a743f825n%40googlegroups.com.
