Skip to content
Open
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion .nvmrc
Original file line number Diff line number Diff line change
@@ -1 +1 @@
lts/hydrogen
22.23.0
3 changes: 2 additions & 1 deletion apps/google-analytics-4/lambda/Dockerfile
Original file line number Diff line number Diff line change
@@ -1,5 +1,6 @@
# pull official base image
FROM node:20-buster-slim
ARG NODE_VERSION
FROM node:${NODE_VERSION}-buster-slim

Copy link
Copy Markdown
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

what is even going on?


# set working directory
WORKDIR /usr/src/app
Expand Down
3 changes: 3 additions & 0 deletions apps/google-analytics-4/lambda/docker-compose.yml
Original file line number Diff line number Diff line change
Expand Up @@ -40,6 +40,9 @@ services:
build:
context: .
dockerfile: Dockerfile
# NODE_VERSION is sourced from .nvmrc: NODE_VERSION=$(cat .nvmrc) docker compose build
args:
NODE_VERSION: ${NODE_VERSION}
volumes:
- '.:/usr/src/app'
ports:
Expand Down
3 changes: 2 additions & 1 deletion apps/slack/lambda/Dockerfile
Original file line number Diff line number Diff line change
@@ -1,4 +1,5 @@
FROM node:21-alpine AS base
ARG NODE_VERSION
FROM node:${NODE_VERSION}-alpine AS base

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

High IaC Finding

Missing User Instruction
on resource FROM node:${NODE_VERSION}-alpine AS base

More Details
This rule checks whether a `USER` instruction is specified in the Dockerfile. The rule fails when the `USER` instruction is missing, causing the container to run with root privileges (UID 0). If an attacker compromises an application running as root, they gain the privileges needed to potentially escape the container and attack the host node. It also increases the blast radius of a breach, allowing full control to modify files or install malware within the container. Enforcing a non-root user is a fundamental security measure that minimizes the attack surface and contains the impact of a potential compromise.

Expected

The Dockerfile stage should contain the 'USER' instruction

Found

The Dockerfile stage does not contain any 'USER' instruction

Rule ID: b92f539f-06cf-49ba-8beb-7be068868ecb


To ignore this finding as an exception, reply to this conversation with #wiz_ignore reason

If you'd like to ignore this finding in all future scans, add an exception in the .wiz file (learn more) or create an Ignore Rule (learn more).


To get more details on how to remediate this issue using AI, reply to this conversation with #wiz remediate


# set working directory
WORKDIR /usr/src/app
Expand Down
3 changes: 3 additions & 0 deletions apps/slack/lambda/docker-compose.yml
Original file line number Diff line number Diff line change
Expand Up @@ -42,6 +42,9 @@ services:
context: .
dockerfile: Dockerfile
target: base
# NODE_VERSION is sourced from .nvmrc: NODE_VERSION=$(cat .nvmrc) docker compose build
args:
NODE_VERSION: ${NODE_VERSION}
volumes:
- '.:/usr/src/app'
ports:
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -7,10 +7,10 @@ jobs:
if: contains(github.ref, 'main') || contains(github.ref, 'master')
steps:
- uses: actions/checkout@v3
- name: Use Node.js 16.x
- name: Use Node.js
uses: actions/setup-node@v3
with:
node-version: 16.x
node-version-file: .nvmrc
- run: npm ci
- run: npm run build
- uses: contentful/actions-app-deploy@v1
Expand Down
1 change: 0 additions & 1 deletion package.json
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,6 @@
"private": true,
"type": "module",
"engines": {
"node": ">=16.0.0",
"npm": ">=8.0.0"
},
"devDependencies": {
Expand Down
Loading