Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Quality check for docker image is failing because of root user #353

Open
ds-psosnowski opened this issue Nov 14, 2023 · 6 comments
Open

Quality check for docker image is failing because of root user #353

ds-psosnowski opened this issue Nov 14, 2023 · 6 comments

Comments

@ds-psosnowski
Copy link

Is your support request related to a problem? Please describe.
One of our quality check is failing - Failed! Guideline description: Container images shall not run as root for security reasons.
We are not sure if this is not caused by defining user from env variables: USER ${UID}:${GID}
Or maybe because we didn't specify user for build image.

Describe the solution you'd like
If this is caused by using env variables then check shouldn't fail.

Additional context
Dockerfile for verification: https://github.com/catenax-ng/tx-item-relationship-service/blob/main/Dockerfile
@FaGru3n FaGru3n self-assigned this Nov 14, 2023
@FaGru3n
Copy link
Contributor

FaGru3n commented Nov 15, 2023

Hi @ds-psosnowski

i guess you mean this workflow https://github.com/catenax-ng/tx-item-relationship-service/actions/workflows/quality-checks.yaml

  1. Testing Quality Guideline: TRG 4.03 - Non-root container
    Start finding Dockerfiles at ./
    Found Dockerfiles:
    Dockerfile
    Failed! Guideline description: Container images shall not run as root for security reasons.
    Invalid user specified in Dockerfile: Dockerfile
    More infos: https://eclipse-tractusx.github.io/docs/release/trg-4/trg-4-03

will check with our team.

@ds-psosnowski
Copy link
Author

Hey,
yes exactly this. Thanks for information.

@FaGru3n
Copy link
Contributor

FaGru3n commented Nov 15, 2023

Hi @ds-psosnowski this is currently a problem we get aware also from https://github.com/catenax-ng/tx-traceability-foss/blob/main/Dockerfile

that was referenced in in #341 and we opened a issue against helm helm/helm#12385 itself.

but thinking also about rewriting our checks for that.

@ds-psosnowski
Copy link
Author

@FaGru3n
Allright, so we're waiting for fix. It is not blocking us but quality check is failing.
Thanks for sharing and have a nice day.

@tomaszbarwicki
Copy link
Contributor

@ds-psosnowski , @FaGru3n I think there is a little disconnect here, the issue reported isn't related to the helm one (helm/helm#12385) but to our implementation of the non root user check which is unable to resolve the variable references ${UID}:${GID} in USER, see the comment from @SebastianBezold #341 (comment) .

@hzierer hzierer added backlog and removed support labels Apr 12, 2024
@hzierer
Copy link

hzierer commented Apr 12, 2024

moved to our backlog, to plan it properly

@FaGru3n FaGru3n removed their assignment Apr 16, 2024
@FaGru3n FaGru3n changed the title Support: Quality check for docker image is failing because of root user Quality check for docker image is failing because of root user Aug 1, 2024
@FaGru3n FaGru3n removed the backlog label Aug 1, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@tomaszbarwicki @hzierer @FaGru3n @ds-psosnowski