trentuna/candle-annotator
8
0
Fork 0
Code Issues Pull requests Releases Packages Activity Actions
candle-annotator/openspec/changes/code-review-fix
History
Marko Djordjevic 1438e474e8 security: add non-root appuser to services/ml/Dockerfile 
Create system user appuser with useradd, set ownership of /app,
and switch to non-root user before CMD to reduce container attack surface.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-02-18 11:34:26 +01:00
..
specs bind: MLflow port to 127.0.0.1:5000:5000 in docker-compose.yml 2026-02-18 10:58:11 +01:00
.openspec.yaml bind: MLflow port to 127.0.0.1:5000:5000 in docker-compose.yml 2026-02-18 10:58:11 +01:00
design.md bind: MLflow port to 127.0.0.1:5000:5000 in docker-compose.yml 2026-02-18 10:58:11 +01:00
proposal.md bind: MLflow port to 127.0.0.1:5000:5000 in docker-compose.yml 2026-02-18 10:58:11 +01:00
tasks.md security: add non-root appuser to services/ml/Dockerfile 2026-02-18 11:34:26 +01:00