fix: Security: Containerized Frontend application is running as root#1373
Merged
mpawlow merged 1 commit intorelease-saas-0.1from Apr 13, 2026
Merged
Conversation
Issue - #1320 Summary - Fixed the frontend Docker container running as root by switching to the built-in non-root `node` user for all build and runtime steps. Security: Run frontend container as non-root user - Added `chown node:node /app` after `WORKDIR` so the working directory is owned by the non-root user before the user switch. - Added `USER node` directive to switch to the non-root `node` user for all subsequent Dockerfile instructions. - Updated `COPY` instructions to use `--chown=node:node` so copied files are owned by the `node` user rather than root. - Removed trailing whitespace from `npm run build` line. - Added missing newline at end of file.
github-actions
bot
added
bug
github-actions
bot
deleted the
mp/fix/saas/GH-1320-frontend-app-running-as-root
branch
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Issue
Reference Pull Request
Summary
nodeuser for all build and runtime steps.Security: Run frontend container as non-root user
chown node:node /appafterWORKDIRso the working directory is owned by the non-root user before the user switch.USER nodedirective to switch to the non-rootnodeuser for all subsequent Dockerfile instructions.COPYinstructions to use--chown=node:nodeso copied files are owned by thenodeuser rather than root.npm run buildline.