Dockerfile security and feed-back

[bjornmolin]

We have some comments on your Dockerfile.

For security

• You should not run as root in the container
• The base image contains an unnecessary amount, i.e. an unnecessarily large attack surface

Comments

• Why do git clone in the Dockerfile on the same repo that Dockerfile resides in?
• Many things happen in the CMD line that might as well be fixed before e.g. copy file, set environment variable
• I still think config can be solved better, tried to describe with #49 and it should do e.g. cp /root/secrets/config_secrets.py /root/eudi-srv-web-issuing-eudiw-py/app/app_config/ unnecessary

[janderssonse]

Plus one to the suggestions above. Have a look at chainguard or alike small images bases: https://images.chainguard.dev/directory/image/python/overview for minimized attack vectors etc.

[janderssonse]

I also think that https://github.com/eu-digital-identity-wallet/eudi-srv-web-issuing-eudiw-py/issues/49 should be reopened because it is not solved.