Update openjdk Docker tag to v21 #245
Conversation
![renovate[bot]](https://avatars.githubusercontent.com/in/2740?s=60&v=4){kind=small}
![bridgecrew[bot]](https://avatars.githubusercontent.com/in/52968?s=60&v=4){kind=small}
| @@ -1,4 +1,4 @@ | |||
| FROM openjdk:17.0.2-jdk-slim | |||
| FROM openjdk:21-jdk-slim | |||
There was a problem hiding this comment.
Ensure a user for the container has been created
Resource: /Dockerfile. | Bridgecrew ID: BC_DKR_3 | Checkov ID: CKV_DOCKER_3
Description
Containers should run as a non-root user. It is good practice to run the container as a non-root user, where possible. This can be done either via the ```USER``` directive in the ```Dockerfile``` or through ```gosu``` or similar where used as part of the ```CMD``` or ```ENTRYPOINT``` directives.Benchmarks
- CIS DOCKER V1.2 4.1
![jit-ci[bot]](https://avatars.githubusercontent.com/in/142441?s=60&v=4){kind=small}
| @@ -1,4 +1,4 @@ | |||
| FROM openjdk:17.0.2-jdk-slim | |||
| FROM openjdk:21-jdk-slim | |||
There was a problem hiding this comment.
Security control: Docker Scan
Type: Image User Should Not Be 'Root'
Description: Running containers with 'root' user can lead to a container escape situation. It is a best practice to run containers as non-root users, which can be done by adding a 'USER' statement to the Dockerfile.
Severity: HIGH
Fix suggestion:
This fix suggestion was generated by Jit. Please note that the suggestion might not always fit every use case. It is highly recommended that you check and review it before merging.
Suggestion guidelines
- First of all, check if your container is running as a root user. In most of the cases, you can do it by running a command like this:
docker run <image> whoami. If it returnsroot, then you should consider using a non-root user, by following one of the next steps:- If a non-root user already exists in your container, consider using it.
- If not, you can create a new user by adding a
USERcommand to the Dockerfile, with a non-root user as argument, for example:USER <non-root-user-name>.
| FROM openjdk:21-jdk-slim | |
| FROM openjdk:21-jdk-slim | |
| RUN addgroup --system <group> | |
| RUN adduser --system <user> --ingroup <group> | |
| USER <user>:<group> | |
Jit Bot commands and options (e.g., ignore issue)
You can trigger Jit actions by commenting on this PR review:
#jit_ignore_fpIgnore and mark this specific single instance of finding as “False Positive”#jit_ignore_acceptIgnore and mark this specific single instance of finding as “Accept Risk”#jit_undo_ignoreUndo ignore command
|
Kudos, SonarCloud Quality Gate passed!
|
This PR contains the following updates:
17.0.2-jdk-slim->21-jdk-slimConfiguration
📅 Schedule: Branch creation - "before 4am on the first day of the month" (UTC), Automerge - At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
This PR has been generated by Mend Renovate. View repository job log here.