Skip to content

Fix: Container Running with Root Access Instead of Regular User in Dockerfile #1549

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

Fix: Container Running with Root Access Instead of Regular User in Dockerfile #1549

wants to merge 1 commit into from
+24 −0

Conversation

@orbisai-security
Copy link

@orbisai-security orbisai-security commented Nov 3, 2025

Context and Purpose:

This PR automatically remediates a security vulnerability:
- **Description:** By not specifying a USER, a program in the container may run as 'root'. This is a security hazard. If an attacker can control a process running as root, they may have control over the container. Ensure that the last USER in a Dockerfile is a USER other than 'root'.
- **Rule ID:** dockerfile.security.missing-user-entrypoint.missing-user-entrypoint
- **Severity:** MEDIUM
- **File:** Dockerfile
- **Lines Affected:** 118 - 118

This change is necessary to protect the application from potential security risks associated with this vulnerability.

**Security Impact Assessment:**
Aspect Rating Rationale
Impact Medium In this documentation repository, the container likely serves static content for a docs site, so exploitation could allow an attacker to modify or deface public documentation if they gain control via a root-running process, potentially leading to misinformation or denial of service for users accessing the site. However, as it's primarily static docs without sensitive data or critical services, the damage is limited to reputational harm rather than data breaches or system compromise.
Likelihood Low This repository appears to be a public documentation site for an educational or governmental project, deployed in a likely controlled environment with minimal attack surface, making it an unlikely target for motivated attackers who typically focus on high-value systems. Exploitation would require an initial compromise of the container, which is improbable given the low-value nature of static docs and lack of common attack vectors like user inputs or dynamic features.
Ease of Fix Easy Remediation involves adding a single USER directive in the Dockerfile to specify a non-root user, which can be done with a simple edit assuming a suitable user exists or can be created without affecting the container's functionality for serving docs. No dependencies need updating, and testing would be minimal since the change is isolated to container runtime permissions. 
**Solution Implemented:**

The automated remediation process has applied the necessary changes to the affected code in `Dockerfile` to resolve the identified issue.

Please review the changes to ensure they are correct and integrate as expected.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@orbisai-security