Skip to content

fix: provide separate nonroot image#3998

Merged
kzantow merged 1 commit intoanchore:mainfrom
kzantow-anchore:fix/separate-nonroot-image
Jun 11, 2025
Merged

fix: provide separate nonroot image#3998
kzantow merged 1 commit intoanchore:mainfrom
kzantow-anchore:fix/separate-nonroot-image

Conversation

@kzantow
Copy link
Contributor

@kzantow kzantow commented Jun 11, 2025

Description

This PR reverts a change to use nonroot images by default, and provides an alternate nonroot set of tagged images. Using nonroot causes a number of issues causing users friction such as accessing and modifying the docker.sock and mount volumes.

Type of change

  • Bug fix (non-breaking change which fixes an issue)

Checklist:

  • I have added unit tests that cover changed behavior
  • I have tested my code in common scenarios and confirmed there are no regressions
  • I have added comments to my code, particularly in hard-to-understand sections

@kzantow
fix: provide separate nonroot image
7f85cdf 
Signed-off-by: Keith Zantow <kzantow@gmail.com>
kzantow
kzantow commented Jun 11, 2025
View reviewed changes
.goreleaser.yaml
- "--build-arg=VCS_URL={{.GitURL}}"

docker_manifests:
# anchore/syft manifests...
Copy link
Contributor Author

@kzantow kzantow Jun 11, 2025
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I reorganized this by tag first similar to the organization of the top section.

@kzantow kzantow mentioned this pull request Jun 11, 2025
Merged
@kzantow kzantow merged commit 10f0631 into anchore:main Jun 11, 2025
12 checks passed
@kzantow kzantow deleted the fix/separate-nonroot-image branch June 11, 2025 21:01
@BrewTestBot BrewTestBot mentioned this pull request Jun 12, 2025
Merged
spiffcs added a commit that referenced this pull request Jun 30, 2025
@spiffcs
Merge branch 'main' into go-source
c8b6e66 
* main:
  chore(deps): update CPE dictionary index (#4021)
  chore(deps): update tools to latest versions (#4016)
  chore(deps): update tools to latest versions (#4012)
  chore(deps): bump github.com/go-viper/mapstructure/v2 (#4014)
  chore(deps): bump sigstore/cosign-installer from 3.8.2 to 3.9.0 (#4015)
  chore(deps): update CPE dictionary index (#4007)
  chore(deps): bump anchore/sbom-action from 0.20.0 to 0.20.1 (#4008)
  chore(deps): bump github.com/google/go-containerregistry (#4009)
  chore(deps): update tools to latest versions (#3992)
  chore(deps): bump github/codeql-action from 3.28.19 to 3.29.0 (#4000)
  fix: provide separate nonroot image (#3998)
  account for non-import shapes (#3997)
  Allow decoding of anchorectl json files (#3973)
  chore(deps): bump github.com/anchore/stereoscope (#3991)

Signed-off-by: Christopher Phillips <32073428+spiffcs@users.noreply.github.com>
@keliansb keliansb mentioned this pull request Aug 4, 2025
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@wagoodman wagoodman wagoodman approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@kzantow @wagoodman