SentinelAI/Dockerfile at main · threatvec/SentinelAI · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
# ============================================================================
# SentinelAI - AI Security & Monitoring Platform
# Copyright (c) 2026 threatvec & talkdedsec. All rights reserved.
# Licensed under the SentinelAI Proprietary License - see LICENSE
# https://github.com/threatvec/SentinelAI
# ============================================================================

FROM python:3.13-slim AS base

LABEL maintainer="threatvec & talkdedsec"
LABEL description="SentinelAI - AI Security & Monitoring Platform"
LABEL version="1.0.0"
LABEL org.opencontainers.image.source="https://github.com/threatvec/SentinelAI"
LABEL org.opencontainers.image.authors="threatvec & talkdedsec"
LABEL org.opencontainers.image.licenses="SentinelAI Proprietary License"

ENV PYTHONUNBUFFERED=1 \
    PYTHONDONTWRITEBYTECODE=1 \
    PIP_NO_CACHE_DIR=1 \
    PIP_DISABLE_PIP_VERSION_CHECK=1

WORKDIR /app

# Install system dependencies
RUN apt-get update && \
    apt-get install -y --no-install-recommends git && \
    rm -rf /var/lib/apt/lists/*

# Copy project files
COPY pyproject.toml LICENSE README.md ./
COPY src/ src/
COPY rules/ rules/
COPY banner/ banner/

# Install package
RUN pip install --no-cache-dir .

# Create non-root user
RUN groupadd -r sentinel && \
    useradd -r -g sentinel -d /home/sentinel -s /bin/bash sentinel && \
    mkdir -p /home/sentinel && \
    chown -R sentinel:sentinel /home/sentinel /app

USER sentinel

# Scan target mount point
VOLUME ["/scan"]

# Dashboard port
EXPOSE 8000

# Health check
HEALTHCHECK --interval=30s --timeout=5s --start-period=5s --retries=3 \
    CMD python -c "from sentinelai import __version__; print(__version__)" || exit 1

# Default: run scan on /scan directory
ENTRYPOINT ["sentinelai"]
CMD ["scan", "/scan"]