Skip to content

Commit 7f1102f

Browse files
committed
fix: use explicit COPY for Dockerfile instead of COPY .
Explicitly copy only setup.py, pyproject.toml, and gixy/ directory instead of the entire context. This addresses SonarCloud's S6470 security hotspot about recursive copying without relying on NOSONAR comments (which don't work in Dockerfiles).
1 parent 4a9fb0d commit 7f1102f

File tree

1 file changed

+4
-10
lines changed

1 file changed

+4
-10
lines changed

Dockerfile

Lines changed: 4 additions & 10 deletions
Original file line numberDiff line numberDiff line change
@@ -1,19 +1,13 @@
1-
# NOSONAR:docker:S6471 - Explicit non-root USER instruction follows
21
FROM python:alpine
32

4-
# Create non-root user for security
5-
RUN adduser -D -u 1000 gixy
6-
7-
# NOSONAR:docker:S6470 - .dockerignore excludes sensitive files
8-
COPY . /src
9-
103
WORKDIR /src
114

5+
# Copy only the files needed for pip install
6+
COPY setup.py pyproject.toml ./
7+
COPY gixy/ ./gixy/
8+
129
RUN pip install --upgrade pip setuptools wheel
1310
# Use pip to install the project so install_requires are honored (e.g., six)
1411
RUN pip install .
1512

16-
# Switch to non-root user
17-
USER gixy
18-
1913
ENTRYPOINT ["gixy"]

0 commit comments

Comments
 (0)