Skip to content

Improve container security by ensuring that the executed code can't be modified by the container user#3035

Merged
Reet00 merged 1 commit intosecureCodeBox:mainfrom
J12934:fix/resolve-sonar-docker-warning
May 23, 2025
Merged

Improve container security by ensuring that the executed code can't be modified by the container user#3035
Reet00 merged 1 commit intosecureCodeBox:mainfrom
J12934:fix/resolve-sonar-docker-warning

Conversation

@J12934
Copy link
Member

@J12934 J12934 commented May 13, 2025

Description

Fixes Sonar docker:S6504 warning for all our image where it applies.

https://sonarcloud.io/organizations/iosecurecodebox/rules?open=docker%3AS6504&rule_key=docker%3AS6504

Not suuuuper relevant for most of our images as the are run with a read only filesystem, but doesn't hurt to follow best practices.

Excluded the doggo one as theres a PR open to remove it :)

Checklist

  • Test your changes as thoroughly as possible before you commit them. Preferably, automate your test by unit/integration tests.
  • Make sure that all your commits are signed-off and that you are added to the Contributors file.
  • Make sure that all CI finish successfully.
  • Optional (but appreciated): Make sure that all commits are Verified.

@J12934
Ensure that code in containers isn't writable by the container users
fad3370 
Fixes Sonar docker:S6504 warning

Signed-off-by: Jannik Hollenbach <jannik.hollenbach@iteratec.com>
@J12934 J12934 self-assigned this May 13, 2025
@netlify
Copy link

netlify bot commented May 13, 2025
edited
Loading

Deploy Preview for docs-securecodebox ready!

Name Link
🔨 Latest commit fad3370
🔍 Latest deploy log https://app.netlify.com/sites/docs-securecodebox/deploys/682360747b1b7f000812023b
😎 Deploy Preview https://deploy-preview-3035--docs-securecodebox.netlify.app
📱 Preview on mobile
Toggle QR Code...

QR Code

Use your smartphone camera to open QR code link.

To edit notification comments on pull requests, go to your Netlify site configuration.

@sonarqubecloud
Copy link

sonarqubecloud bot commented May 13, 2025

Quality Gate Passed Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

@J12934 J12934 moved this from Triage to To Review in secureCodeBox May 13, 2025
Reet00
Reet00 reviewed May 23, 2025
View reviewed changes
Copy link
Contributor

@Reet00 Reet00 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Would it make sense to add a comment in secureCodeBox/.templates/new-scanner/scanner/Dockerfile so we don't encounter this issue for a new scanner again?

@J12934
Copy link
Member Author

J12934 commented May 23, 2025

Would it make sense to add a comment in secureCodeBox/.templates/new-scanner/scanner/Dockerfile so we don't encounter this issue for a new scanner again?

The new scanner template is already changed so not sure why we would also need a comment in there? Would hope that if if it is used the generated code would already be be corrected. 😊

@github-project-automation github-project-automation bot moved this from To Review to Reviewer Approved in secureCodeBox May 23, 2025
@Reet00 Reet00 merged commit 865ad28 into secureCodeBox:main May 23, 2025
53 checks passed
@github-project-automation github-project-automation bot moved this from Reviewer Approved to Done in secureCodeBox May 23, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@Reet00 Reet00 Reet00 approved these changes

Assignees

@J12934 J12934

Labels

🔒 security

Projects

secureCodeBox
Archived in project

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@J12934 @Reet00