From 491339f997841edf8452c72ff959737eae1f0c79 Mon Sep 17 00:00:00 2001
From: Solomon Ayalew <solxget@amazon.com>
Date: Tue, 8 Oct 2024 10:55:40 -0700
Subject: [PATCH] Run docker as non root user

---
 provider/pws-aws/build-aws/Dockerfile | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/provider/pws-aws/build-aws/Dockerfile b/provider/pws-aws/build-aws/Dockerfile
index 3966c7f2..36a698a0 100644
--- a/provider/pws-aws/build-aws/Dockerfile
+++ b/provider/pws-aws/build-aws/Dockerfile
@@ -21,4 +21,10 @@ COPY ${JAR_FILE} app.jar
 COPY /provider/pws-aws/build-aws/entrypoint.sh /entrypoint.sh
 EXPOSE 8080
 
+# Add a non-root user
+RUN groupadd -g 10001 -r nonroot \
+  && useradd -g 10001 -r -u 10001 nonroot
+# Run as non-root user
+USER 10001:10001
+
 ENTRYPOINT ["/bin/sh", "-c", ". /entrypoint.sh"]
-- 
GitLab