From 74a55cb27d11a449dd7d96056645197a99696376 Mon Sep 17 00:00:00 2001 From: "G. Petrakis" <28791067+kek-Sec@users.noreply.github.com> Date: Mon, 13 Nov 2023 12:56:27 +0200 Subject: [PATCH 1/8] Update Dockerfile --- src/services/DevStore.Billing.API/Dockerfile | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/src/services/DevStore.Billing.API/Dockerfile b/src/services/DevStore.Billing.API/Dockerfile index bd46db6..18a98c8 100644 --- a/src/services/DevStore.Billing.API/Dockerfile +++ b/src/services/DevStore.Billing.API/Dockerfile @@ -23,4 +23,9 @@ RUN dotnet publish "DevStore.Billing.API.csproj" -c Release -o /app/publish FROM base AS final WORKDIR /app COPY --from=publish /app/publish . -ENTRYPOINT ["dotnet", "DevStore.Billing.API.dll"] \ No newline at end of file + +# Set a non-root user for running the application +RUN useradd -r -u 1001 appuser +USER appuser + +ENTRYPOINT ["dotnet", "DevStore.Billing.API.dll"] From 2e0b507e1c7f4e933b8f227acbdf171504f5730b Mon Sep 17 00:00:00 2001 From: "G. Petrakis" <28791067+kek-Sec@users.noreply.github.com> Date: Mon, 13 Nov 2023 12:57:19 +0200 Subject: [PATCH 2/8] Update Dockerfile --- src/api-gateways/DevStore.Bff.Checkout/Dockerfile | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/src/api-gateways/DevStore.Bff.Checkout/Dockerfile b/src/api-gateways/DevStore.Bff.Checkout/Dockerfile index ac2b71f..5beac37 100644 --- a/src/api-gateways/DevStore.Bff.Checkout/Dockerfile +++ b/src/api-gateways/DevStore.Bff.Checkout/Dockerfile @@ -22,4 +22,9 @@ RUN dotnet publish "DevStore.Bff.Checkout.csproj" -c Release -o /app/publish FROM base AS final WORKDIR /app COPY --from=publish /app/publish . -ENTRYPOINT ["dotnet", "DevStore.Bff.Checkout.dll"] \ No newline at end of file + +# Set a non-root user for running the application +RUN useradd -r -u 1001 appuser +USER appuser + +ENTRYPOINT ["dotnet", "DevStore.Bff.Checkout.dll"] From c58d2a42a4f3704006390d6e34e1d10106ec693f Mon Sep 17 00:00:00 2001 From: "G. Petrakis" <28791067+kek-Sec@users.noreply.github.com> Date: Mon, 13 Nov 2023 12:57:49 +0200 Subject: [PATCH 3/8] Update Dockerfile --- src/services/DevStore.Catalog.API/Dockerfile | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/src/services/DevStore.Catalog.API/Dockerfile b/src/services/DevStore.Catalog.API/Dockerfile index 689f9ae..7a5ca4a 100644 --- a/src/services/DevStore.Catalog.API/Dockerfile +++ b/src/services/DevStore.Catalog.API/Dockerfile @@ -22,4 +22,9 @@ RUN dotnet publish "DevStore.Catalog.API.csproj" -c Release -o /app/publish FROM base AS final WORKDIR /app COPY --from=publish /app/publish . -ENTRYPOINT ["dotnet", "DevStore.Catalog.API.dll"] \ No newline at end of file + +# Set a non-root user for running the application +RUN useradd -r -u 1001 appuser +USER appuser + +ENTRYPOINT ["dotnet", "DevStore.Catalog.API.dll"] From c4e98eb24eecc7c28a97147272d946c46ab34cd5 Mon Sep 17 00:00:00 2001 From: "G. Petrakis" <28791067+kek-Sec@users.noreply.github.com> Date: Mon, 13 Nov 2023 12:58:11 +0200 Subject: [PATCH 4/8] Update Dockerfile --- src/services/DevStore.Customers.API/Dockerfile | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/src/services/DevStore.Customers.API/Dockerfile b/src/services/DevStore.Customers.API/Dockerfile index d047944..ee0e1c9 100644 --- a/src/services/DevStore.Customers.API/Dockerfile +++ b/src/services/DevStore.Customers.API/Dockerfile @@ -22,4 +22,9 @@ RUN dotnet publish "DevStore.Customers.API.csproj" -c Release -o /app/publish FROM base AS final WORKDIR /app COPY --from=publish /app/publish . -ENTRYPOINT ["dotnet", "DevStore.Customers.API.dll"] \ No newline at end of file + +# Set a non-root user for running the application +RUN useradd -r -u 1001 appuser +USER appuser + +ENTRYPOINT ["dotnet", "DevStore.Customers.API.dll"] From ca7449809ca257175f017944c3d74fceedf215d2 Mon Sep 17 00:00:00 2001 From: "G. Petrakis" <28791067+kek-Sec@users.noreply.github.com> Date: Mon, 13 Nov 2023 12:58:23 +0200 Subject: [PATCH 5/8] Update Dockerfile --- src/services/DevStore.Orders.API/Dockerfile | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/src/services/DevStore.Orders.API/Dockerfile b/src/services/DevStore.Orders.API/Dockerfile index cde35e1..ee83bbd 100644 --- a/src/services/DevStore.Orders.API/Dockerfile +++ b/src/services/DevStore.Orders.API/Dockerfile @@ -24,4 +24,9 @@ RUN dotnet publish "DevStore.Orders.API.csproj" -c Release -o /app/publish FROM base AS final WORKDIR /app COPY --from=publish /app/publish . -ENTRYPOINT ["dotnet", "DevStore.Orders.API.dll"] \ No newline at end of file + +# Set a non-root user for running the application +RUN useradd -r -u 1001 appuser +USER appuser + +ENTRYPOINT ["dotnet", "DevStore.Orders.API.dll"] From 0cffa5c6c33ecf6ac70fa0c98d5665d87e90b210 Mon Sep 17 00:00:00 2001 From: "G. Petrakis" <28791067+kek-Sec@users.noreply.github.com> Date: Mon, 13 Nov 2023 12:58:37 +0200 Subject: [PATCH 6/8] Update Dockerfile --- src/services/DevStore.ShoppingCart.API/Dockerfile | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/src/services/DevStore.ShoppingCart.API/Dockerfile b/src/services/DevStore.ShoppingCart.API/Dockerfile index f4f6ec1..89431cf 100644 --- a/src/services/DevStore.ShoppingCart.API/Dockerfile +++ b/src/services/DevStore.ShoppingCart.API/Dockerfile @@ -22,4 +22,9 @@ RUN dotnet publish "DevStore.ShoppingCart.API.csproj" -c Release -o /app/publish FROM base AS final WORKDIR /app COPY --from=publish /app/publish . -ENTRYPOINT ["dotnet", "DevStore.ShoppingCart.API.dll"] \ No newline at end of file + +# Set a non-root user for running the application +RUN useradd -r -u 1001 appuser +USER appuser + +ENTRYPOINT ["dotnet", "DevStore.ShoppingCart.API.dll"] From d55f616c838fcad2829f20d18b965b49e7f47867 Mon Sep 17 00:00:00 2001 From: "G. Petrakis" <28791067+kek-Sec@users.noreply.github.com> Date: Mon, 13 Nov 2023 12:59:39 +0200 Subject: [PATCH 7/8] Update Dockerfile --- src/web/DevStore.WebApp.MVC/Dockerfile | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/src/web/DevStore.WebApp.MVC/Dockerfile b/src/web/DevStore.WebApp.MVC/Dockerfile index ac192f0..efa466f 100644 --- a/src/web/DevStore.WebApp.MVC/Dockerfile +++ b/src/web/DevStore.WebApp.MVC/Dockerfile @@ -21,4 +21,9 @@ RUN dotnet publish "DevStore.WebApp.MVC.csproj" -c Release -o /app/publish FROM base AS final WORKDIR /app COPY --from=publish /app/publish . -ENTRYPOINT ["dotnet", "DevStore.WebApp.MVC.dll"] \ No newline at end of file + +# Set a non-root user for running the application +RUN useradd -r -u 1001 appuser +USER appuser + +ENTRYPOINT ["dotnet", "DevStore.WebApp.MVC.dll"] From 390593cbaa4f3bfc386cca069262737c5586243b Mon Sep 17 00:00:00 2001 From: "G. Petrakis" <28791067+kek-Sec@users.noreply.github.com> Date: Mon, 13 Nov 2023 12:59:51 +0200 Subject: [PATCH 8/8] Update Dockerfile --- src/web/DevStore.WebApp.Status/Dockerfile | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/src/web/DevStore.WebApp.Status/Dockerfile b/src/web/DevStore.WebApp.Status/Dockerfile index 4289ac9..fbdde35 100644 --- a/src/web/DevStore.WebApp.Status/Dockerfile +++ b/src/web/DevStore.WebApp.Status/Dockerfile @@ -21,4 +21,9 @@ RUN dotnet publish "DevStore.WebApp.Status.csproj" -c Release -o /app/publish /p FROM base AS final WORKDIR /app COPY --from=publish /app/publish . -ENTRYPOINT ["dotnet", "DevStore.WebApp.Status.dll"] \ No newline at end of file + +# Set a non-root user for running the application +RUN useradd -r -u 1001 appuser +USER appuser + +ENTRYPOINT ["dotnet", "DevStore.WebApp.Status.dll"]