chore: fleet audit — security, governance, and quality fixes (#1)

* fix: Dockerfile CMD path and chown for Docker proxy support * chore: remove legacy codeql.yml (ADR-011 GHAS migration) * chore: remove legacy gitleaks.yml (ADR-011 GHAS migration) * docs: add TOOLS.md with tool documentation
2026-03-02 15:24:15 +01:00
parent a15fe54367
commit 000e6bf796
4 changed files with 112 additions and 74 deletions
--- a/5
+++ b/5
@@ -19,8 +19,9 @@ COPY --from=builder /app/dist ./dist
 COPY data/database.db ./data/database.db

 # Security: non-root user
-RUN addgroup -S nodejs && adduser -S nodejs -G nodejs
+RUN addgroup -S nodejs && adduser -S nodejs -G nodejs \
+ && chown -R nodejs:nodejs /app/data
 USER nodejs

 ENV NODE_ENV=production
-CMD ["node", "dist/src/http-server.js"]
+CMD ["node", "dist/http-server.js"]