dave/storkit
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 7 Wiki Activity

storkit: create 359_story_harden_docker_setup_for_security

Browse Source
This commit is contained in:
Timmy
2026-03-21 19:48:44 +00:00
parent 9c339c118f
commit 02b481ee4c
1 changed files with 1 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
.storkit/work/1_backlog/359_story_harden_docker_setup_for_security.md
View File

@@ -19,7 +19,7 @@ As a storkit operator, I want the Docker container to run with hardened security
- [ ] ANTHROPIC_API_KEY is passed via Docker secrets or .env file, not hardcoded in compose
- [ ] Image passes a CVE scan with no critical vulnerabilities
- [ ] Port binding uses 127.0.0.1 instead of 0.0.0.0 (e.g. "127.0.0.1:3001:3001") so the web UI is not exposed on all interfaces
- [ ] Git identity (user.name and user.email) is configured for the container user, either via env vars or a mounted .gitconfig, so the filesystem watcher can commit without error
- [ ] Git identity is configured via explicit GIT_USER_NAME and GIT_USER_EMAIL env vars; container fails loudly on startup if either is missing (note: multi-user/distributed case where different users need different identities is out of scope and will require a different solution)
## Out of Scope