Skip to content

Dev ans #12

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
igor1234567 wants to merge 42 commits into
base: master
Choose a base branch
from
Open

Dev ans #12

igor1234567 wants to merge 42 commits into from

Conversation

@igor1234567
Copy link

@igor1234567 igor1234567 commented Jan 26, 2023

No description provided.

jit-ci[bot]
jit-ci bot reviewed Jan 27, 2023
View reviewed changes
Copy link

@jit-ci jit-ci bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

❌ Jit has detected 2 important findings in this PR that you should review.
The findings are detailed below as separate comments.
It’s highly recommended that you fix these security issues before merge.

Dockerfile
COPY --from=build /app/target/*.war /usr/local/tomcat/webapps/
ENTRYPOINT ["catalina.sh", "run"]

FROM tomcat:8-jre8
Copy link

@jit-ci jit-ci bot Jan 27, 2023

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Security control: Docker Scan

Type: Image User Should Not Be 'Root'

Description: Running containers with 'root' user can lead to a container escape situation. It is a best practice to run containers as non-root users, which can be done by adding a 'USER' statement to the Dockerfile.

Severity: HIGH

Learn more about this issue

Fix suggestion:

This fix suggestion was generated by Jit. Please note that the suggestion might not always fit every use case. It is highly recommended that you check and review it before merging.

Suggestion guidelines

  • First of all, check if your container is running as a root user. In most of the cases, you can do it by running a command like this: docker run <image> whoami. If it returns root, then you should consider using a non-root user, by following one of the next steps:
    • If a non-root user already exists in your container, consider using it.
    • If not, you can create a new user by adding a USER command to the Dockerfile, with a non-root user as argument, for example: USER <non-root-user-name>.
Suggested change
FROM tomcat:8-jre8
FROM tomcat:8-jre8
RUN addgroup --system <group>
RUN adduser --system <user> --ingroup <group>
USER <user>:<group>
Jit Bot commands and options (e.g., ignore issue)

You can trigger Jit actions by commenting on this PR review:

  • #jit_ignore_fp Ignore and mark this specific single instance of finding as “False Positive”
  • #jit_ignore_accept Ignore and mark this specific single instance of finding as “Accept Risk”
  • #jit_undo_ignore Undo ignore command

Dockerfile
COPY --from=build /app/target/*.war /usr/local/tomcat/webapps/
ENTRYPOINT ["catalina.sh", "run"]

FROM tomcat:8-jre8
Copy link

@jit-ci jit-ci bot Jan 27, 2023

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Security control: Iac Misconfig Detection

Type: Missing User Instruction

Description: A user should be specified in the dockerfile, otherwise the image will run as root

Severity: HIGH

Learn more about this issue

Fix suggestion:

This fix suggestion was generated by Jit. Please note that the suggestion might not always fit every use case. It is highly recommended that you check and review it before merging.

Suggestion guidelines

  • First of all, check if your container is running as a root user. In most of the cases, you can do it by running a command like this: docker run <image> whoami. If it returns root, then you should consider using a non-root user, by following one of the next steps:
    • If a non-root user already exists in your container, consider using it.
    • If not, you can create a new user by adding a USER command to the Dockerfile, with a non-root user as argument, for example: USER <non-root-user-name>.
Suggested change
FROM tomcat:8-jre8
FROM tomcat:8-jre8
RUN addgroup --system <group>
RUN adduser --system <user> --ingroup <group>
USER <user>:<group>
Jit Bot commands and options (e.g., ignore issue)

You can trigger Jit actions by commenting on this PR review:

  • #jit_ignore_fp Ignore and mark this specific single instance of finding as “False Positive”
  • #jit_ignore_accept Ignore and mark this specific single instance of finding as “Accept Risk”
  • #jit_undo_ignore Undo ignore command

jit-ci[bot]
jit-ci bot reviewed May 7, 2023
View reviewed changes
Copy link

@jit-ci jit-ci bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

❌ Jit has detected 1 important finding in this PR that you should review.
The finding is detailed as a comment.
It’s highly recommended that you fix this security issue before merge.

Until now, you ignored/fixed 1 finding.

jit-ci[bot]
jit-ci bot reviewed Jul 15, 2023
View reviewed changes
Copy link

@jit-ci jit-ci bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

❌ Jit has detected 1 important finding in this PR that you should review.
The finding is detailed as a comment.
It’s highly recommended that you fix this security issue before merge.

Until now, you ignored/fixed 2 findings.

Dockerfile Outdated
@@ -1,3 +1,7 @@
#FROM tomcat:8-jre8
Copy link

@jit-ci jit-ci bot Jul 15, 2023

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Security control: Docker Scan

Type: Image User Should Not Be 'Root'

Description: Running containers with 'root' user can lead to a container escape situation. It is a best practice to run containers as non-root users, which can be done by adding a 'USER' statement to the Dockerfile.

Severity: HIGH

Learn more about this issue

Fix suggestion:

This fix suggestion was generated by Jit. Please note that the suggestion might not always fit every use case. It is highly recommended that you check and review it before merging.

Suggestion guidelines

  • First of all, check if your container is running as a root user. In most of the cases, you can do it by running a command like this: docker run <image> whoami. If it returns root, then you should consider using a non-root user, by following one of the next steps:
    • If a non-root user already exists in your container, consider using it.
    • If not, you can create a new user by adding a USER command to the Dockerfile, with a non-root user as argument, for example: USER <non-root-user-name>.

The following code block should provide a representation of what should be done to remediate the issue:


RUN addgroup --system <group>
RUN adduser --system <user> --ingroup <group>
USER <user>:<group>
Jit Bot commands and options (e.g., ignore issue)

You can trigger Jit actions by commenting on this PR review:

  • #jit_ignore_fp Ignore and mark this specific single instance of finding as “False Positive”
  • #jit_ignore_accept Ignore and mark this specific single instance of finding as “Accept Risk”
  • #jit_undo_ignore Undo ignore command

jit-ci[bot]
jit-ci bot reviewed Jul 15, 2023
View reviewed changes
Copy link

@jit-ci jit-ci bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

❌ Jit has detected 1 important finding in this PR that you should review.
The finding is detailed as a comment.
It’s highly recommended that you fix this security issue before merge.

Until now, you ignored/fixed 3 findings.

Dockerfile
COPY --from=build /app/target/*.war /usr/local/tomcat/webapps/
ENTRYPOINT ["catalina.sh", "run"]

FROM tomcat:8-jre8
Copy link

@jit-ci jit-ci bot Jul 15, 2023

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Security control: Docker Scan

Type: Image User Should Not Be 'Root'

Description: Running containers with 'root' user can lead to a container escape situation. It is a best practice to run containers as non-root users, which can be done by adding a 'USER' statement to the Dockerfile.

Severity: HIGH

Learn more about this issue

Fix suggestion:

This fix suggestion was generated by Jit. Please note that the suggestion might not always fit every use case. It is highly recommended that you check and review it before merging.

Suggestion guidelines

  • First of all, check if your container is running as a root user. In most of the cases, you can do it by running a command like this: docker run <image> whoami. If it returns root, then you should consider using a non-root user, by following one of the next steps:
    • If a non-root user already exists in your container, consider using it.
    • If not, you can create a new user by adding a USER command to the Dockerfile, with a non-root user as argument, for example: USER <non-root-user-name>.
Suggested change
FROM tomcat:8-jre8
FROM tomcat:8-jre8
RUN addgroup --system <group>
RUN adduser --system <user> --ingroup <group>
USER <user>:<group>
Jit Bot commands and options (e.g., ignore issue)

You can trigger Jit actions by commenting on this PR review:

  • #jit_ignore_fp Ignore and mark this specific single instance of finding as “False Positive”
  • #jit_ignore_accept Ignore and mark this specific single instance of finding as “Accept Risk”
  • #jit_undo_ignore Undo ignore command

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

1 more reviewer

@jit-ci jit-ci[bot] jit-ci[bot] left review comments

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@igor1234567