dave/storkit
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 7 Wiki Activity

storkit: create 359_story_harden_docker_setup_for_security

Browse Source
This commit is contained in:
Timmy
2026-03-21 19:45:26 +00:00
parent 4790aac286
commit 9c339c118f
1 changed files with 1 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
.storkit/work/1_backlog/359_story_harden_docker_setup_for_security.md
View File

@@ -19,6 +19,7 @@ As a storkit operator, I want the Docker container to run with hardened security
- [ ] ANTHROPIC_API_KEY is passed via Docker secrets or .env file, not hardcoded in compose - [ ] ANTHROPIC_API_KEY is passed via Docker secrets or .env file, not hardcoded in compose
- [ ] Image passes a CVE scan with no critical vulnerabilities - [ ] Image passes a CVE scan with no critical vulnerabilities
- [ ] Port binding uses 127.0.0.1 instead of 0.0.0.0 (e.g. "127.0.0.1:3001:3001") so the web UI is not exposed on all interfaces - [ ] Port binding uses 127.0.0.1 instead of 0.0.0.0 (e.g. "127.0.0.1:3001:3001") so the web UI is not exposed on all interfaces
- [ ] Git identity (user.name and user.email) is configured for the container user, either via env vars or a mounted .gitconfig, so the filesystem watcher can commit without error
## Out of Scope ## Out of Scope