From 75393cb13fd8ae4d42c91f4b3fbdbc45e36ec6f6 Mon Sep 17 00:00:00 2001 From: Slavco Date: Tue, 20 Jul 2021 15:02:04 -0400 Subject: [PATCH] Docker image creation with non-root account --- Dockerfile | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index f8b720ea1..c107d39b4 100644 --- a/Dockerfile +++ b/Dockerfile @@ -20,7 +20,7 @@ RUN apk --no-cache add procps # https://github.com/aquasecurity/kube-bench/issues/535 RUN apk --no-cache add openssl -# Add glibc for running oc command +# Add glibc for running oc command RUN wget -q -O /etc/apk/keys/sgerrand.rsa.pub https://alpine-pkgs.sgerrand.com/sgerrand.rsa.pub RUN wget https://github.com/sgerrand/alpine-pkg-glibc/releases/download/2.33-r0/glibc-2.33-r0.apk RUN apk add glibc-2.33-r0.apk @@ -28,6 +28,9 @@ RUN apk add jq ENV PATH=$PATH:/usr/local/mount-from-host/bin +RUN adduser -S -s /bin/sh -G root -u 1001 kube-bench +USER kube-bench + COPY --from=build /go/bin/kube-bench /usr/local/bin/kube-bench COPY entrypoint.sh . COPY cfg/ cfg/