[TT-16950] fix: set nonroot ownership on application files #8019
probelabs / Visor: quality
succeeded
Apr 15, 2026 in 1m 1s
✅ Check Passed (Warnings Found)
quality check passed. Found 1 warning, but fail_if condition was not met.
Details
📊 Summary
- Total Issues: 1
- Warning Issues: 1
🔍 Failure Condition Results
Passed Conditions
- global_fail_if: Condition passed
Issues by Category
Style (1)
⚠️ ci/Dockerfile.distroless:17 - The UID/GID65532is hardcoded. This same value is also used in theUSERinstruction. Using a hardcoded 'magic number' in multiple places makes the Dockerfile harder to maintain. If the non-root user ID needs to change in the future (e.g., due to a base image update), it will have to be found and replaced in all locations.
Powered by Visor from Probelabs
💡 TIP: You can chat with Visor using /visor ask <your question>
Annotations
Check warning on line 17 in ci/Dockerfile.distroless
probelabs / Visor: quality
style Issue
The UID/GID `65532` is hardcoded. This same value is also used in the `USER` instruction. Using a hardcoded 'magic number' in multiple places makes the Dockerfile harder to maintain. If the non-root user ID needs to change in the future (e.g., due to a base image update), it will have to be found and replaced in all locations.
Raw output
To improve maintainability and readability, define an `ARG` for the user/group ID at the top of the final stage and use this variable in both the `COPY` and `USER` instructions. For example:
```dockerfile
FROM ${BASE_IMAGE}
ARG TYK_UID=65532
COPY --chown=${TYK_UID}:${TYK_UID} --from=deb /opt/tyk-gateway /opt/tyk-gateway
...
USER ${TYK_UID}:${TYK_UID}
```
Loading