-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathDockerfile
More file actions
60 lines (47 loc) · 1.38 KB
/
Dockerfile
File metadata and controls
60 lines (47 loc) · 1.38 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
# Sentinel — Autonomous AI Security Team
# Multi-stage build: Node 20 Alpine with security scanning tools
# ---- Stage 1: Dependencies ----
FROM node:20-alpine AS deps
WORKDIR /app
COPY package.json package-lock.json* ./
RUN npm ci --omit=dev
# ---- Stage 2: Runtime ----
FROM node:20-alpine
# Install security scanning tools
RUN apk update && apk add --no-cache \
nmap \
nmap-scripts \
masscan \
arp-scan \
curl \
bash \
jq \
ca-certificates \
&& rm -rf /var/cache/apk/*
# Install Trivy
RUN curl -sfL https://raw.githubusercontent.com/aquasecurity/trivy/main/contrib/install.sh | sh -s -- -b /usr/local/bin
# Create non-root user
RUN addgroup -g 1001 sentinel && \
adduser -u 1001 -G sentinel -s /bin/bash -D sentinel
WORKDIR /app
# Copy dependencies from stage 1
COPY --from=deps /app/node_modules ./node_modules
# Copy application source
COPY package.json ./
COPY src/ ./src/
COPY dashboard/ ./dashboard/
COPY config/ ./config/
COPY schemas/ ./schemas/
COPY scripts/ ./scripts/
# Create data directories
RUN mkdir -p /app/data /app/logs && \
chown -R sentinel:sentinel /app
# Switch to non-root user
USER sentinel
# Expose dashboard port
EXPOSE 3000
# Health check
HEALTHCHECK --interval=30s --timeout=10s --start-period=15s --retries=3 \
CMD curl -f http://localhost:3000/api/health || exit 1
# Start the application
CMD ["node", "src/index.js"]