8000 Improve container security by ensuring that the executed code can't be modified by the container user by J12934 · Pull Request #3035 · secureCodeBox/secureCodeBox · GitHub
[go: up one dir, main page]
Skip to content

Improve container security by ensuring that the executed code can't be modified by the container user #3035

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
Reet00 merged 1 commit into from
May 23, 2025
Merged

Improve container security by ensuring that the executed code can't be modified by the container user #3035

Reet00 merged 1 commit into from
May 23, 2025

Conversation

@J12934
Copy link
Member
@J12934 J12934 commented May 13, 2025

Description

Fixes Sonar docker:S6504 warning for all our image where it applies.

https://sonarcloud.io/organizations/iosecurecodebox/rules?open=docker%3AS6504&rule_key=docker%3AS6504

Not suuuuper relevant for most of our images as the are run with a read only filesystem, but doesn't hurt to follow best practices.

Excluded the doggo one as theres a PR open to remove it :)

Checklist

  • Test your changes as thoroughly as possible before you commit them. Preferably, automate your test by unit/integration tests.
  • Make sure that all your commits are signed-off and that you are added to the Contributors file.
  • Make sure that all CI finish successfully.
  • Optional (but appreciated): Make sure that all commits are Verified.

@J12934
Ensure that code in containers isn't writable by the container users
fad3370 
Fixes Sonar docker:S6504 warning

Signed-off-by: Jannik Hollenbach <jannik.hollenbach@iteratec.com>
@J12934 J12934 self-assigned this May 13, 2025
@netlify
Copy link
netlify bot commented May 13, 2025
edited
Loading

Deploy Preview for docs-securecodebox ready!

Name Link
🔨 Latest commit fad3370
🔍 Latest deploy log https://app.netlify.com/sites/docs-securecodebox/deploys/682360747b1b7f000812023b
😎 Deploy Preview https://deploy-preview-3035--docs-securecodebox.netlify.app
📱 Preview on mobile
Toggle QR Code...

QR Code

Use your smartphone camera to open QR code link.

To edit notification comments on pull requests, go to your Netlify site configuration.

@sonarqubecloud
Copy link
sonarqubecloud bot commented May 13, 2025

Quality Gate Passed Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

@J12934 J12934 moved this from Triage to To Review in secureCodeBox May 13, 2025
Reet00
Reet00 reviewed May 23, 2025
View reviewed changes
Copy link
Contributor
@Reet00 Reet00 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Would it make sense to add a comment in secureCodeBox/.templates/new-scanner/scanner/Dockerfile so we don't encounter this issue for a new scanner again?

8000
@J12934
Copy link
Member Author
J12934 commented May 23, 2025

Would it make sense to add a comment in secureCodeBox/.templates/new-scanner/scanner/Dockerfile so we don't encounter this issue for a new scanner again?

The new scanner template is already changed so not sure why we would also need a comment in there? Would hope that if if it is used the generated code would already be be corrected. 😊

@github-project-automation github-project-automation bot moved this from To Review to Reviewer Approved in secureCodeBox May 23, 2025
@Reet00 Reet00 merged commit 865ad28 into secureCodeBox:main May 23, 2025
53 checks passed
@github-project-automation github-project-automation bot moved this from Reviewer Approved to Done in secureCodeBox May 23, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@Reet00 Reet00 Reet00 approved these changes

Assignees

@J12934 J12934

Labels

🔒 security

Projects

secureCodeBox
46C0
Archived in project

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@J12934 @Reet00
0