storkit: create 359_story_harden_docker_setup_for_security
This commit is contained in:
Timmy
@@ -19,6 +19,7 @@ As a storkit operator, I want the Docker container to run with hardened security
|
||||
- [ ] ANTHROPIC_API_KEY is passed via Docker secrets or .env file, not hardcoded in compose
|
||||
- [ ] Image passes a CVE scan with no critical vulnerabilities
|
||||
- [ ] Port binding uses 127.0.0.1 instead of 0.0.0.0 (e.g. "127.0.0.1:3001:3001") so the web UI is not exposed on all interfaces
|
||||
- [ ] Git identity (user.name and user.email) is configured for the container user, either via env vars or a mounted .gitconfig, so the filesystem watcher can commit without error
|
||||
|
||||
## Out of Scope
|
||||
|
||||
|
||||
Reference in New Issue
Block a user