fix(docker): support non-root base image#56

Open

sagic-orca wants to merge 1 commit into

mainfrom

fix/non-root-apk-install

sagic-orca commented May 11, 2026

Collaborator

Summary

The ghcr.io/orcasecurity/orca-cli:1 base image now sets USER orca (non-root) at the end of its build.
Any RUN apk add after the FROM line was failing with permission denied.
Added USER root immediately after FROM to allow package installation during build.
Dropped back to USER orca before ENTRYPOINT to preserve runtime security (least-privilege principle).

Test plan

Verify the Docker image builds successfully without permission errors on apk add
Verify the container runs as the orca non-root user at runtime
Confirm the action works end-to-end with the updated image


          fix(docker): add USER root before apk install and drop back to USER o…

6fa6b0b

…rca before entrypoint

sonarqubecloud Bot commented May 11, 2026

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

orca-security-eu Bot reviewed

View reviewed changes

orca-security-eu Bot left a comment

Orca Security Scan Summary

Status	Check	Issues by priority
Passed	OSS Licenses	0 0 0 0	View in Orca
Passed	SAST	0 0 0 0	View in Orca
Passed	Secrets	0 0 0 0	View in Orca
Passed	Vulnerabilities	0 0 0 0	View in Orca

liorj-orca approved these changes

View reviewed changes

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet