codeql-container icon indicating copy to clipboard operation
codeql-container copied to clipboard

Published 20 hours ago verified publisher icon microsoft

CodeQL runs slower if the container runs as a user other than root

Open cmcdougall opened this issue 3 years ago • 1 comments

I've extended the Dockerfile to make some changes to the startup.py file required for my use case. I changed the Dockerfile to run as another user instead of root, but I noticed that the code scanning takes significantly longer - hours, instead of minutes - to complete.

Here is the Dockerfile I'm using:

FROM mcr.microsoft.com/cstsectools/codeql-container

ARG USERNAME=codeql

RUN adduser --system $USERNAME
RUN apt update && apt install -y git

EXPOSE 5000

WORKDIR /usr/local/startup_scripts/

COPY requirements.txt ./
RUN pip install -r ./requirements.txt

COPY CodeQL/main.py ./startup_server.py

USER ${USERNAME}

ENTRYPOINT ["python3", "-u", "/usr/local/startup_scripts/startup_server.py"]

Any help would be really appreciated! 😄

cmcdougall avatar Jul 26 '22 02:07 cmcdougall

Thanks for reporting the issue, Cameron! If you could send me a PR with the user being changed to a non privileged account, I'd be happy to accept it.

jacobmsft avatar Jul 27 '22 22:07 jacobmsft