feat: remove user instructions from docker (#222)

As mentioned in the [Kics repo](https://github.com/Checkmarx/kics/blob/master/Dockerfile#L34) itself, "Ignore no User Cmd since 2ms container is stopped after scan"
Checkmarx · Mar 11, 2024 · 6c03103 · 6c03103
1 parent d6039a5
commit 6c03103
Show file tree

Hide file tree

Showing 2 changed files with 7 additions and 14 deletions.
diff --git a/.github/workflows/pr-validation.yml b/.github/workflows/pr-validation.yml
@@ -48,14 +48,9 @@ jobs:
         uses: docker/setup-buildx-action@v3
 
       - run: make build
-      - name: Run docker and check its output
-        run:
-          if docker run -v "$(pwd)":/repo -t checkmarx/2ms:latest git /repo | grep -A 5 "totalitemsscanned:"; then
-          echo "Docker ran as expected";
-          else
-          echo "Docker did not run as expected";
-          exit 1;
-          fi
+      - name: docker run
+        run: |
+          docker run -v "$(pwd)":/repo -t checkmarx/2ms:latest git /repo --report-path /output/results.json --ignore-on-exit results
 
   kics:
     runs-on: ubuntu-latest

diff --git a/Dockerfile b/Dockerfile
@@ -1,3 +1,7 @@
+# kics-scan disable=b03a748a-542d-44f4-bb86-9199ab4fd2d5,fd54f200-402c-4333-a5a4-36ef6709af2f
+# disable kics Healthcheck result
+# and "Missing User Instruction" since 2ms container is stopped after scan
+
 # Builder image
 FROM golang:1.20.5-alpine3.18 AS builder
 
@@ -10,17 +14,11 @@ COPY . .
 RUN go build -o /app/2ms .
 
 # Runtime image
-# kics-scan disable=b03a748a-542d-44f4-bb86-9199ab4fd2d5
-# ^^^^ disable kics Healthcheck result
 FROM alpine:3.18
 
 RUN apk add --no-cache git=2.40.1-r0
 
-RUN addgroup -S 2ms && adduser -S 2ms -G 2ms
-USER 2ms
-
 RUN git config --global --add safe.directory /repo
 
 COPY --from=builder /app/2ms /2ms
 ENTRYPOINT ["/2ms"]
-