mem0 icon indicating copy to clipboard operation
mem0 copied to clipboard
verified publisher icon mem0ai

Enhance Docker Security: Run Container as a Non-Root User

Open shotgunner opened this issue 10 months ago • 3 comments

This update modifies the Dockerfile to address a Trivy security warning

Description

This PR updates the Dockerfile to improve security by running the container as a non-root user, preventing privilege escalation risks and addressing Trivy's HIGH severity warning (DS002). Changes Implemented:

✅ Added a new system user (appuser) and group (appgroup). ✅ Set ownership of /app to the non-root user. ✅ Moved pip install before switching users to prevent permission issues. ✅ Switched to USER appuser to follow best security practices.

Why This Change?

🔹 Mitigates security risks associated with running containers as root. 🔹 Complies with Docker security best practices. 🔹 Fixes Trivy HIGH severity warning (DS002). References:

📌 vulnerability database: aquasec Testing & Validation:

✅ Builds and runs successfully with uvicorn. ✅ Verified application runs correctly as appuser. ✅ Passed security scans without issues.

Please review and merge to enhance security. 🚀

shotgunner avatar Feb 19 '25 05:02 shotgunner

CLA assistant check
All committers have signed the CLA.

CLAassistant avatar Feb 19 '25 05:02 CLAassistant

Thanks for opening the PR. Changes look good.

deshraj avatar Feb 19 '25 07:02 deshraj

@deshraj could we merge it ? or I need to change something. I see some tests are failing. not sure maybe missed something 🤔

shotgunner avatar Feb 24 '25 03:02 shotgunner