Skip to content

Container Image and Runtime Hardening #43

New issue
New issue
Open
Open
Container Image and Runtime Hardening#43
Assignees
charlieroth
Labels
enhancementNew feature or request
Milestone
Milestone 4
@charlieroth

Description

@charlieroth
charlieroth
opened on Aug 19, 2025

Why

Ship a small, secure, and reproducible container.

Definition of Done

  • Dockerfile uses multi‑stage build and produces a minimal runtime image.
  • Binary is statically linked where feasible and uses a non‑root user.
  • Image has labels for version, revision, and source.
  • Container has a health check and a sensible entry point.
  • Image size target is documented and met.

Tasks

  • Create a multi‑stage Dockerfile with build and run stages.
  • Add a non‑root user and set file permissions.
  • Add labels and build arguments for versioning.
  • Define a container health check.
  • Measure and record image size.

Metadata

Metadata

Assignees

Labels

enhancementNew feature or request

Projects

No projects

Milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions