From 9c339c118f6ad614f991421a9087f5611376fa10 Mon Sep 17 00:00:00 2001 From: Timmy Date: Sat, 21 Mar 2026 19:45:26 +0000 Subject: [PATCH] storkit: create 359_story_harden_docker_setup_for_security --- .../work/1_backlog/359_story_harden_docker_setup_for_security.md | 1 + 1 file changed, 1 insertion(+) diff --git a/.storkit/work/1_backlog/359_story_harden_docker_setup_for_security.md b/.storkit/work/1_backlog/359_story_harden_docker_setup_for_security.md index 4dc2774..2d765d5 100644 --- a/.storkit/work/1_backlog/359_story_harden_docker_setup_for_security.md +++ b/.storkit/work/1_backlog/359_story_harden_docker_setup_for_security.md @@ -19,6 +19,7 @@ As a storkit operator, I want the Docker container to run with hardened security - [ ] ANTHROPIC_API_KEY is passed via Docker secrets or .env file, not hardcoded in compose - [ ] Image passes a CVE scan with no critical vulnerabilities - [ ] Port binding uses 127.0.0.1 instead of 0.0.0.0 (e.g. "127.0.0.1:3001:3001") so the web UI is not exposed on all interfaces +- [ ] Git identity (user.name and user.email) is configured for the container user, either via env vars or a mounted .gitconfig, so the filesystem watcher can commit without error ## Out of Scope