complytime · marcusburghardt · Apr 27, 2026 · Apr 23, 2026 · Apr 23, 2026
diff --git a/.devcontainer/Dockerfile b/.devcontainer/Dockerfile
@@ -3,12 +3,13 @@ FROM quay.io/fedora/fedora:37
 ARG POETRY_VERSION=1.7.1
 
 RUN dnf -y update && \
-    yum -y reinstall shadow-utils && \
-    yum install -y git \
+    dnf -y reinstall shadow-utils && \
+    dnf install -y git \
                    python3 \
                    python3-pip \
                    python3-devel \
                    gcc-c++ && \
+    dnf clean all && \
     rm -rf /var/cache /var/log/dnf* /var/log/yum.*
 
 RUN useradd -u 1000 complyscribe

diff --git a/Dockerfile b/Dockerfile
@@ -67,5 +67,7 @@ COPY ./actions/sync-upstreams/sync-upstreams-entrypoint.sh /
 
 RUN chmod +x /auto-sync-entrypoint.sh /rules-transform-entrypoint.sh /create-cd-entrypoint.sh /sync-upstreams-entrypoint.sh
 
+USER 1001
+
 ENTRYPOINT ["python3.9", "-m" , "complyscribe"]
 CMD ["--help"]
diff --git a/tests/e2e/play-kube.yml b/tests/e2e/play-kube.yml
@@ -6,15 +6,25 @@ metadata:
   labels:
     app: complyscribe-e2e
 spec:
+  securityContext:
+    runAsNonRoot: true
+    runAsUser: 1001
   containers:
     - name: mock-server-container
       image: localhost/mock-server:latest
       securityContext:
         allowPrivilegeEscalation: false
+        readOnlyRootFilesystem: true
         capabilities:
           drop:
             - ALL
           add:
             - NET_BIND_SERVICE
       ports:
         - containerPort: 8080
+      volumeMounts:
+        - name: tmp
+          mountPath: /home/wiremock
+  volumes:
+    - name: tmp
+      emptyDir: {}