From 92dbeb5ff44276d8523ba3d9f6ce12f7df30aaf0 Mon Sep 17 00:00:00 2001 From: Admin Space Date: Fri, 16 Jan 2026 22:55:35 +0000 Subject: [PATCH 1/3] docs(get-started): add security note and secure Dockerfile example --- content/get-started/workshop/_index.md | 34 ++++++++++++++++++++++++++ 1 file changed, 34 insertions(+) diff --git a/content/get-started/workshop/_index.md b/content/get-started/workshop/_index.md index cc6a0beff925..a199b8100a2a 100644 --- a/content/get-started/workshop/_index.md +++ b/content/get-started/workshop/_index.md @@ -47,3 +47,37 @@ In this section, you learned about containers and images. Next, you'll containerize a simple application and get hands-on with the concepts. {{< button text="Containerize an application" url="02_our_app.md" >}} +## ⚠️ Security note + +This example application and Dockerfile are intended for learning purposes only. +The resulting image may contain known vulnerabilities originating from the base image +or third-party dependencies. + +When building images for production environments, consider: +- using multi-stage builds, +- minimizing the runtime image, +- pinning dependency versions, +- and scanning images for vulnerabilities as part of CI/CD. +## Optional: A more security-aware Dockerfile + +If you’d like to explore a more production-oriented approach, the following Dockerfile +demonstrates common security best practices while keeping the application behavior the same. + +```dockerfile +# syntax=docker/dockerfile:1 + +FROM node:20-alpine AS build +WORKDIR /app + +COPY package.json yarn.lock ./ +RUN yarn install --production --frozen-lockfile + +COPY src ./src + +FROM gcr.io/distroless/nodejs20-debian12 +WORKDIR /app + +COPY --from=build /app /app + +EXPOSE 3000 +CMD ["src/index.js"] From 83e76c03e06071cfb580c9e39e92fa7ba060f69c Mon Sep 17 00:00:00 2001 From: Admin Space Date: Sat, 17 Jan 2026 07:17:17 +0000 Subject: [PATCH 2/3] docs(get-started): fix lint and vale style issues --- content/get-started/workshop/_index.md | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/content/get-started/workshop/_index.md b/content/get-started/workshop/_index.md index a199b8100a2a..d73bb198e37e 100644 --- a/content/get-started/workshop/_index.md +++ b/content/get-started/workshop/_index.md @@ -47,7 +47,8 @@ In this section, you learned about containers and images. Next, you'll containerize a simple application and get hands-on with the concepts. {{< button text="Containerize an application" url="02_our_app.md" >}} -## ⚠️ Security note + +## Security considerations This example application and Dockerfile are intended for learning purposes only. The resulting image may contain known vulnerabilities originating from the base image @@ -58,10 +59,11 @@ When building images for production environments, consider: - minimizing the runtime image, - pinning dependency versions, - and scanning images for vulnerabilities as part of CI/CD. + ## Optional: A more security-aware Dockerfile -If you’d like to explore a more production-oriented approach, the following Dockerfile -demonstrates common security best practices while keeping the application behavior the same. +If you'd like to explore a more production-oriented approach, the following Dockerfile +demonstrates an alternative build approach while keeping the application behavior the same. ```dockerfile # syntax=docker/dockerfile:1 @@ -80,4 +82,4 @@ WORKDIR /app COPY --from=build /app /app EXPOSE 3000 -CMD ["src/index.js"] +CMD ["src/index.js"] \ No newline at end of file From 2ed51e6fee1a5e4d89281c5119aa7a44d71517d6 Mon Sep 17 00:00:00 2001 From: Admin Space Date: Sat, 17 Jan 2026 07:32:17 +0000 Subject: [PATCH 3/3] docs(get-started): fix list punctuation for vale --- content/get-started/workshop/_index.md | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/content/get-started/workshop/_index.md b/content/get-started/workshop/_index.md index d73bb198e37e..86d6b132da79 100644 --- a/content/get-started/workshop/_index.md +++ b/content/get-started/workshop/_index.md @@ -55,10 +55,10 @@ The resulting image may contain known vulnerabilities originating from the base or third-party dependencies. When building images for production environments, consider: -- using multi-stage builds, -- minimizing the runtime image, -- pinning dependency versions, -- and scanning images for vulnerabilities as part of CI/CD. +- using multi-stage builds +- minimizing the runtime image +- pinning dependency versions +- and scanning images for vulnerabilities as part of CI/CD ## Optional: A more security-aware Dockerfile