Security/quality scan and optimization

[kereis]

I think it's a good idea to take a look at the Docker image in general in aspects of security measurements.

Some good ideas to improve security and quality:

• [ ] Change container user to a less privileged user like traefik-cert-dumper or certdumper (Also see #3)
• [ ] Try out security scan software like Snyk
• [x] Try out Dockerfile linters
• [ ] Consider signing images?
• [x] COPY vs. ADD - Differences? Which one is better?
• [x] Shellcheck on run.sh
• [ ] Refactor README.md - consider using Wiki on GitHub?
• [ ] Refactor run.sh?
• [ ] Provide mock file for certificate dumping
• [x] CI/CD check if image can be built/run
• [x] Add file extensions for shellscripts - needed for shellcheck in Codacy analysis

[Jakes-Lab]

Ran the latest docker image through trivy, results are attached.

traefik-certs-dumper_vulnerabilities.txt

[kereis]

Hey, thanks for your input.

Meanwhile we may fix most of the vulnerabilities via updating packages through package manager, I think we cannot primarily fix the vulnerabilities listed under usr/bin/traefik-certs-dumper (gobinary) excepting updating the binary itself.

[kereis]

I see they also provide a GitHub Action: https://github.com/marketplace/actions/aqua-security-trivy

Maybe we can implement that?