Ensure USER is set to a value between 10000 and 20000

Question

I am trying to deploy an React application using Docker build in Choreo. I am using the example Docker file:

FROM node:18-alpine

# Build arguments for user/group configurations
ARG USER=asgusr
ARG USER_ID=10014
ARG USER_GROUP=asggrp
ARG USER_GROUP_ID=10014
ARG USER_HOME=/home/app

# Create a user group and a user
RUN addgroup -S -g ${USER_GROUP_ID} ${USER_GROUP} \
    && adduser -S -D -h ${USER_HOME} -G ${USER_GROUP} -u ${USER_ID} ${USER}

# Create app directory
WORKDIR ${USER_HOME}

# Set a non-root user
USER ${USER_ID}

# Copy the rest of the application code to the container
COPY --chown=${USER}:${USER_GROUP} . .

# Set environment variables
ENV HOST="0.0.0.0"
ENV DISABLE_DEV_SERVER_HOST_CHECK=true
ENV HTTPS=false

# Install dependencies
RUN npm install

# Expose port 3000
EXPOSE 3000

# Start the application
CMD ["npm", "start"]

But, I am getting this error during Build:

CKV_CHOREO_1
Ensure USER is set to a value between 10000 and 20000 (Eg. USER 10001)

Any idea, why?

Thanks

The appliation should be deployed on Choreo.

Answer 1

Try setting env variable in Dockerfile, e.g. "ENV USER=10014". I think your application complaining about this variable being missing. In your image there is no $USER variable set:

❯ docker build .
=> writing image sha256:15ce08

❯ docker run --rm -it --entrypoint /bin/ash --user 10014 sha256:15ce08
~ $ echo $USER

~ $ exit

❯ docker run --rm -it --entrypoint /bin/ash --env USER=10014 sha256:15ce085
~ $ echo $USER
10014
~ $ exit

Answer 2

The linter check used in Choreo can't resolve argument/env during the docker security scan.

Could you change USER ${USER_ID} to USER 10014 and try?