Run container as non-root user

Add USER 65534:65534 to the scratch runtime image so the checker process does not run as root.
2026-04-26 01:10:32 +07:00 · 2026-04-26 01:10:32 +07:00 · 8b38c43b8a
commit 8b38c43b8a
parent c4bf833274
1 changed files with 1 additions and 0 deletions
--- a/1
+++ b/1
@ -11,5 +11,6 @@ RUN CGO_ENABLED=0 go build -tags standalone -ldflags "-X main.Version=${CHECKER_
 FROM scratch
 COPY --from=builder /checker-autoconfig /checker-autoconfig
 COPY --from=builder /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/ca-certificates.crt
+USER 65534:65534
 EXPOSE 8080
 ENTRYPOINT ["/checker-autoconfig"]