Skip to content

fix: provide separate nonroot image#3998

Merged
kzantow merged 1 commit intoanchore:mainfrom
kzantow-anchore:fix/separate-nonroot-image
Jun 11, 2025
Merged

fix: provide separate nonroot image#3998
kzantow merged 1 commit intoanchore:mainfrom
kzantow-anchore:fix/separate-nonroot-image

Conversation

@kzantow
Copy link
Contributor

@kzantow kzantow commented Jun 11, 2025

Description

This PR reverts a change to use nonroot images by default, and provides an alternate nonroot set of tagged images. Using nonroot causes a number of issues causing users friction such as accessing and modifying the docker.sock and mount volumes.

Type of change

  • Bug fix (non-breaking change which fixes an issue)

Checklist:

  • I have added unit tests that cover changed behavior
  • I have tested my code in common scenarios and confirmed there are no regressions
  • I have added comments to my code, particularly in hard-to-understand sections

Signed-off-by: Keith Zantow <kzantow@gmail.com>
- "--build-arg=VCS_URL={{.GitURL}}"

docker_manifests:
# anchore/syft manifests...
Copy link
Contributor Author

@kzantow kzantow Jun 11, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I reorganized this by tag first similar to the organization of the top section.

@kzantow kzantow merged commit 10f0631 into anchore:main Jun 11, 2025
12 checks passed
@kzantow kzantow deleted the fix/separate-nonroot-image branch June 11, 2025 21:01
spiffcs added a commit that referenced this pull request Jun 30, 2025
* main:
  chore(deps): update CPE dictionary index (#4021)
  chore(deps): update tools to latest versions (#4016)
  chore(deps): update tools to latest versions (#4012)
  chore(deps): bump github.com/go-viper/mapstructure/v2 (#4014)
  chore(deps): bump sigstore/cosign-installer from 3.8.2 to 3.9.0 (#4015)
  chore(deps): update CPE dictionary index (#4007)
  chore(deps): bump anchore/sbom-action from 0.20.0 to 0.20.1 (#4008)
  chore(deps): bump github.com/google/go-containerregistry (#4009)
  chore(deps): update tools to latest versions (#3992)
  chore(deps): bump github/codeql-action from 3.28.19 to 3.29.0 (#4000)
  fix: provide separate nonroot image (#3998)
  account for non-import shapes (#3997)
  Allow decoding of anchorectl json files (#3973)
  chore(deps): bump github.com/anchore/stereoscope (#3991)

Signed-off-by: Christopher Phillips <32073428+spiffcs@users.noreply.github.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants