Skip to content

Container Image and Runtime Hardening #43

@charlieroth

Description

@charlieroth

Why

Ship a small, secure, and reproducible container.

Definition of Done

  • Dockerfile uses multi‑stage build and produces a minimal runtime image.
  • Binary is statically linked where feasible and uses a non‑root user.
  • Image has labels for version, revision, and source.
  • Container has a health check and a sensible entry point.
  • Image size target is documented and met.

Tasks

  • Create a multi‑stage Dockerfile with build and run stages.
  • Add a non‑root user and set file permissions.
  • Add labels and build arguments for versioning.
  • Define a container health check.
  • Measure and record image size.

Metadata

Metadata

Assignees

Labels

enhancementNew feature or request

Projects

No projects

Relationships

None yet

Development

No branches or pull requests

Issue actions