diff options
| -rw-r--r-- | CHANGELOG.md | 4 | ||||
| -rw-r--r-- | pom.xml | 4 |
2 files changed, 8 insertions, 0 deletions
diff --git a/CHANGELOG.md b/CHANGELOG.md index 1c27804..52ac665 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -7,6 +7,10 @@ and this project adheres to [Semantic Versioning](http://semver.org/). The version in the brackets represents the version of DCAE inventory and not the ONAP DCAE version. +## [Dev] + +* Add non-root user in Docker image so that the inventory service can be run in non-privileged mode for security reasons + ## [3.0.1] * Explicitly use 5.3.6.Final for hibernate-validator and 9.4.6 for jetty-util to address security issues @@ -343,6 +343,10 @@ ECOMP is a trademark and service mark of AT&T Intellectual Property. <configuration> <imageName>${onap.nexus.dockerregistry.daily}/onap/${project.groupId}.${project.artifactId}</imageName> <baseImage>openjdk:8-jre</baseImage> + <user>inventory</user> + <runs> + <run>adduser --system --group inventory</run> + </runs> <entryPoint>["java", "-jar", "/opt/${project.build.finalName}.jar", "server"]</entryPoint> <resources> <resource> |