Merge pull request #37 from safeinsights/bugfix/sk/shrimp/115

SHRIMP-115

Author: sparksam

.github/workflows/checks.yml

@@ -17,6 +17,12 @@ jobs:
               run: npm i
             - name: Lint
               run: npm run lint
+            - name: Run Trivy vulnerability scanner in fs mode
+              uses: aquasecurity/[email protected]
+              with:
+                  scan-type: 'fs'
+                  scan-ref: '.'
+                  trivy-config: trivy.yaml
             - name: Typecheck
               run: npm run typecheck
             - name: Unit Test

Dockerfile

@@ -1,19 +1,24 @@
 FROM node:22-alpine AS base
 
+
+ARG USER=node
+ENV HOME /home/$USER 
+
 # Alpine doesn't have curl, so add it
 RUN apk --no-cache add curl
 
 # Set the working directory inside the container
-WORKDIR /app
+USER $USER
+WORKDIR $HOME/app
 
 # Copy the package.json and lock file to install dependencies
-COPY package.json package-lock.json panda.config.ts ./
+COPY --chown=$USER:$USER package.json package-lock.json panda.config.ts ./
 
 # Install dependencies
 RUN npm install
 
 # Copy the rest of the application files
-COPY . .
+COPY --chown=$USER:$USER . .
 
 # Build the Next.js app
 RUN npm run build

next-env.d.ts

@@ -1,5 +1,6 @@
 /// <reference types="next" />
 /// <reference types="next/image-types/global" />
+/// <reference types="next/navigation-types/compat/navigation" />
 
 // NOTE: This file should not be edited
 // see https://nextjs.org/docs/app/api-reference/config/typescript for more information.