Skip to content

Security: Zairakai/Docker_node

Security

SECURITY.md

Security Policy

πŸ”’ Reporting Vulnerabilities

Preferred channels (in order):

  1. GitLab Issues (for non-sensitive issues): Open Issue
  2. GitLab Service Desk: contact-project+zairakai-dockers-node-79965561-issue-@incoming.gitlab.com
  3. Email: security@the-white-rabbits.fr

Include in your report:

  • Vulnerability description
  • Reproduction steps
  • Potential impact
  • Affected versions
  • Suggested fix (if available)

πŸ›‘οΈ Security Features

Runtime Security

  • βœ… Non-root execution - Runs as non-privileged user
  • βœ… Alpine Linux - Minimal attack surface
  • βœ… No unnecessary packages - Production image is minimal
  • βœ… Healthchecks - Validates environment on startup
  • βœ… Read-only compatible - Works with read-only root filesystem

Build Security

  • βœ… Multi-stage builds - Optimized layers, minimal final image
  • βœ… Official base images - Trusted sources only
  • βœ… No hardcoded secrets - All credentials via environment variables
  • βœ… Vulnerability scanning - Automated on every build

πŸ” CI/CD Security Scanning

Every commit is automatically scanned for:

  • SAST - Static Application Security Testing
  • Dependency Scanning - Package vulnerabilities
  • Secret Detection - Exposed credentials, API keys
  • ShellCheck - Shell script security (100% compliance)

Security Gates

Severity Action
CRITICAL ❌ Pipeline fails
HIGH ⚠️ Manual review required
MEDIUM/LOW ℹ️ Warning only

⏱️ Response Timeline

Severity Acknowledgment Fix Target
CRITICAL 24h 24-48h
HIGH 48h 7 days
MEDIUM 7 days 30 days
LOW 14 days 90 days

πŸ”§ Security Best Practices

Using Securely

# Pin to specific version (reproducible builds)
docker pull zairakai/node:x.y.z

# Run with read-only filesystem
docker run --read-only zairakai/node:x.y.z

# Drop all capabilities
docker run --cap-drop=ALL zairakai/node:x.y.z

Docker Compose Security

services:
  app:
    image: zairakai/node:x.y.z  # Pinned version
    read_only: true  # Read-only filesystem
    cap_drop:
      - ALL  # Drop all capabilities
    security_opt:
      - no-new-privileges:true  # Prevent privilege escalation

πŸ“‹ Compliance Standards

  • OWASP Top 10 - Vulnerability prevention
  • CIS Docker Benchmark - Container security
  • GitLab Security Best Practices - CI/CD security
  • NIST Cybersecurity Framework - Security principles

πŸ”„ Security Updates

  • Vulnerability Database: Auto-updated by GitLab scanners
  • Security Policies: Reviewed quarterly
  • Base Images: Updated with new LTS releases
  • Dependencies: Reviewed and updated monthly

πŸ“š Links

Getting Help

License Security Policy Issues Discord

Made with ❀️ by Zairakai

There aren't any published security advisories