From 370e5e31225c49545627d6e5d7feb83120b85f15 Mon Sep 17 00:00:00 2001 From: Ubuntu Date: Sun, 2 Feb 2025 12:03:14 +0000 Subject: [PATCH] Enhanced Docker security: Upgraded base image and dependencies --- Dockerfile | 73 +++++++++++++++++++++++++++++++----------------------- 1 file changed, 42 insertions(+), 31 deletions(-) diff --git a/Dockerfile b/Dockerfile index 5806d09..bf4a3e7 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,31 +1,42 @@ -#---------------------------------- -# Stage 1 -#---------------------------------- - -# Import docker image with maven installed -FROM maven:3.8.3-openjdk-17 as builder - -# Set working directory -WORKDIR /app - -# Copy source code from local to container -COPY . /app - -# Build application and skip test cases -RUN mvn clean install -DskipTests=true - -#-------------------------------------- -# Stage 2 -#-------------------------------------- - -# Import small size java image -FROM openjdk:17-alpine as deployer - -# Copy build from stage 1 (builder) -COPY --from=builder /app/target/*.jar /app/target/bankapp.jar - -# Expose application port -EXPOSE 8080 - -# Start the application -ENTRYPOINT ["java", "-jar", "/app/target/bankapp.jar"] +#---------------------------------- +# Stage 1 - Build Application +#---------------------------------- + +# Upgrade Maven & JDK base image +FROM maven:3.9.6-eclipse-temurin-17 as builder + +# Set working directory +WORKDIR /app + +# Copy source code from local to container +COPY . /app + +# Upgrade dependencies & cache Maven repository +RUN mvn clean install -DskipTests=true -Dmaven.repo.local=/app/.m2/repository + + +#-------------------------------------- +# Stage 2 - Run Application Securely +#-------------------------------------- + +# Upgrade OpenJDK Alpine base image +FROM eclipse-temurin:17-jre-alpine as deployer + +# Update system packages to fix vulnerabilities +RUN apk update && apk upgrade --no-cache + +# Create non-root user for security +RUN addgroup -S appgroup && adduser -S appuser -G appgroup +USER appuser + +# Set working directory +WORKDIR /app + +# Copy only the built JAR file from the build stage +COPY --from=builder /app/target/*.jar /app/bankapp.jar + +# Expose application port +EXPOSE 8080 + +# Start the application securely +ENTRYPOINT ["java", "-Djava.security.egd=file:/dev/./urandom", "-jar", "/app/bankapp.jar"]