diff --git a/backend/Dockerfile b/backend/Dockerfile index fca2e6e..ce35091 100644 --- a/backend/Dockerfile +++ b/backend/Dockerfile @@ -3,6 +3,9 @@ FROM node:20-alpine AS builder WORKDIR /app +# Upgrade all packages to latest security patches +RUN apk update && apk upgrade --no-cache + # Install dependencies COPY package*.json ./ RUN if [ -f package-lock.json ]; then npm ci --only=production; else npm install --production; fi @@ -13,6 +16,9 @@ COPY . . # Production stage FROM node:20-alpine +# Upgrade all packages to latest security patches +RUN apk update && apk upgrade --no-cache + # Add security: Run as non-root user RUN addgroup -g 1001 -S nodejs && \ adduser -S nodejs -u 1001 diff --git a/backend/Dockerfile.minimal b/backend/Dockerfile.minimal index b7d3ffd..1e84852 100644 --- a/backend/Dockerfile.minimal +++ b/backend/Dockerfile.minimal @@ -2,6 +2,9 @@ # This ensures the pipeline can build even without full application code FROM node:20-alpine +# Upgrade all packages to latest security patches +RUN apk update && apk upgrade --no-cache + WORKDIR /app # Create minimal package.json if it doesn't exist diff --git a/frontend/Dockerfile b/frontend/Dockerfile index f5d5863..6a094fd 100644 --- a/frontend/Dockerfile +++ b/frontend/Dockerfile @@ -3,6 +3,9 @@ FROM node:20-alpine AS builder WORKDIR /app +# Upgrade all packages to latest security patches +RUN apk update && apk upgrade --no-cache + # Install dependencies RUN apk add --no-cache \ python3 \ @@ -21,6 +24,9 @@ RUN npm run build # Production stage - Nginx Alpine for serving static files FROM nginx:alpine +# Upgrade all packages to latest security patches +RUN apk update && apk upgrade --no-cache + # Add security: Remove default nginx user and add custom user RUN addgroup -g 1001 -S frontend && \ adduser -S frontend -u 1001 diff --git a/frontend/Dockerfile.minimal b/frontend/Dockerfile.minimal index d33814f..7341131 100644 --- a/frontend/Dockerfile.minimal +++ b/frontend/Dockerfile.minimal @@ -2,6 +2,9 @@ # This ensures the pipeline can build even without full application code FROM node:20-alpine AS builder +# Upgrade all packages to latest security patches +RUN apk update && apk upgrade --no-cache + WORKDIR /app # Create minimal package.json if it doesn't exist @@ -30,6 +33,9 @@ RUN npm run build || (mkdir -p dist && echo 'BBF Fron # Production stage FROM nginx:alpine +# Upgrade all packages to latest security patches +RUN apk update && apk upgrade --no-cache + # Security: Add non-root user RUN addgroup -g 1001 -S frontend && \ adduser -S frontend -u 1001 diff --git a/nginx/Dockerfile b/nginx/Dockerfile index 0111561..ba1795f 100644 --- a/nginx/Dockerfile +++ b/nginx/Dockerfile @@ -1,7 +1,10 @@ FROM owasp/modsecurity-crs:nginx-alpine -# Remove default templates to prevent entrypoint from overwriting our custom configs +# Upgrade all packages to latest security patches USER root +RUN apk update && apk upgrade --no-cache + +# Remove default templates to prevent entrypoint from overwriting our custom configs RUN rm -rf /etc/nginx/templates/*