Skip to content

fix(security): Containerized Frontend application is running as root#1321

Open
mpawlow wants to merge 1 commit intomainfrom
mp/fix/GH-1320-frontend-app-running-as-root
Open

fix(security): Containerized Frontend application is running as root#1321
mpawlow wants to merge 1 commit intomainfrom
mp/fix/GH-1320-frontend-app-running-as-root

Conversation

@mpawlow
Copy link
Copy Markdown
Collaborator

@mpawlow mpawlow commented Apr 2, 2026
edited
Loading

Issue

Summary

  • Fixed the frontend Docker container running as root by switching to the built-in non-root node user for all build and runtime steps.

Security: Run frontend container as non-root user

  • Added chown node:node /app after WORKDIR so the working directory is owned by the non-root user before the user switch.
  • Added USER node directive to switch to the non-root node user for all subsequent Dockerfile instructions.
  • Updated COPY instructions to use --chown=node:node so copied files are owned by the node user rather than root.
  • Removed trailing whitespace from npm run build line.
  • Added missing newline at end of file.

@mpawlow mpawlow self-assigned this Apr 2, 2026
@github-actions github-actions bot added the docker label Apr 2, 2026
@mpawlow mpawlow changed the title bug: Security: Containerized Frontend application is running as root fix: Security: Containerized Frontend application is running as root Apr 2, 2026
@github-actions github-actions bot added the bug 🔴 Something isn't working. label Apr 2, 2026
@mpawlow mpawlow force-pushed the mp/fix/GH-1320-frontend-app-running-as-root branch from 26a3731 to 92bf3b1 Compare April 2, 2026 16:05
@github-actions github-actions bot added bug 🔴 Something isn't working. and removed bug 🔴 Something isn't working. labels Apr 2, 2026
@mpawlow mpawlow requested review from lucaseduoli and rodageve April 2, 2026 17:05
@mpawlow
fix: Security: Containerized Frontend application is running as root
7d8184f 
Issue

- #1320

Summary

- Fixed the frontend Docker container running as root by switching to the built-in non-root `node` user for all build and runtime steps.

Security: Run frontend container as non-root user

- Added `chown node:node /app` after `WORKDIR` so the working directory is owned by the non-root user before the user switch.
- Added `USER node` directive to switch to the non-root `node` user for all subsequent Dockerfile instructions.
- Updated `COPY` instructions to use `--chown=node:node` so copied files are owned by the `node` user rather than root.
- Removed trailing whitespace from `npm run build` line.
- Added missing newline at end of file.
@mpawlow mpawlow force-pushed the mp/fix/GH-1320-frontend-app-running-as-root branch from 92bf3b1 to 7d8184f Compare April 2, 2026 21:58
@github-actions github-actions bot added bug 🔴 Something isn't working. and removed bug 🔴 Something isn't working. labels Apr 2, 2026
@mpawlow mpawlow changed the title fix: Security: Containerized Frontend application is running as root fix(security): Containerized Frontend application is running as root Apr 2, 2026
@github-actions github-actions bot added bug 🔴 Something isn't working. ci ⬛ CI/CD, build, and infrastructure issues and removed bug 🔴 Something isn't working. labels Apr 2, 2026
@mpawlow mpawlow force-pushed the mp/fix/GH-1320-frontend-app-running-as-root branch from 882b1dd to 7d8184f Compare April 3, 2026 02:54
@github-actions github-actions bot added bug 🔴 Something isn't working. and removed bug 🔴 Something isn't working. labels Apr 3, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@rodageve rodageve Awaiting requested review from rodageve

@lucaseduoli lucaseduoli Awaiting requested review from lucaseduoli

At least 1 approving review is required to merge this pull request.

Assignees

@mpawlow mpawlow

Labels

bug 🔴 Something isn't working. ci ⬛ CI/CD, build, and infrastructure issues docker

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@mpawlow