Skip to content

update base image#207

Merged
HaneenT merged 1 commit intodevelopfrom
KPMP-6419_address-vulns
Mar 27, 2026
Merged

update base image#207
HaneenT merged 1 commit intodevelopfrom
KPMP-6419_address-vulns

Conversation

@Dert1129
Copy link
Copy Markdown
Contributor

@Dert1129 Dert1129 commented Mar 27, 2026

Summary by CodeRabbit

  • Chores
    • Updated Docker base image to a newer version, providing improved security patches and system-level enhancements for the application deployment environment.

@coderabbitai
Copy link
Copy Markdown

coderabbitai Bot commented Mar 27, 2026

Walkthrough

The Alpine Linux base image version was updated from 3.19.1 to 3.21.6 in the Dockerfile. The platform architecture constraint and all build steps remain unchanged.

Changes

Cohort / File(s) Summary
Dockerfile base image update
Dockerfile
Alpine Linux base image upgraded from alpine:3.19.1 to alpine:3.21.6; platform constraint and all build steps remain unchanged.
✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Commit unit tests in branch KPMP-6419_address-vulns

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands and usage tips.

Copy link
Copy Markdown

@coderabbitai coderabbitai Bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (1)
Dockerfile (1)

1-17: ⚠️ Potential issue | 🟠 Major

Run the container as a non-root user.

The image still runs as root (no USER directive), which is a security hardening gap and is flagged by Trivy DS-0002.

🔐 Proposed fix
 FROM --platform=linux/amd64 alpine:3.21.6

 RUN apk update
 RUN apk add openjdk21
+RUN addgroup -S app && adduser -S -G app app

 VOLUME /tmp
 ARG DEPENDENCY=target/dependency

 COPY ${DEPENDENCY}/BOOT-INF/lib /app/lib
 COPY ${DEPENDENCY}/META-INF /app/META-INF
 COPY ${DEPENDENCY}/BOOT-INF/classes /app

 RUN apk add --no-cache tzdata
 ENV TZ=America/Detroit
 RUN ln -snf /usr/share/zoneinfo/$TZ /etc/localtime && echo $TZ > /etc/timezone

+USER app
 ENTRYPOINT ["java","-cp","app:app/lib/*","org.kpmp.Application"]

ℹ️ Review info
⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: ebcb2519-c86f-4a90-895d-365bf8427281

📥 Commits

Reviewing files that changed from the base of the PR and between 2d4956f and c285376.

📒 Files selected for processing (1)
  • Dockerfile

@HaneenT HaneenT merged commit 37821a4 into develop Mar 27, 2026
1 check passed
@HaneenT HaneenT deleted the KPMP-6419_address-vulns branch March 27, 2026 18:08
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants