FEA017 - Implement security contexts (e.g., run as non-root user) to enhance container security
| Feature ID | FEA017 |
| Subsystem the feature is part of | PrestaShop as a Service |
| Responsible person | Tugba Ilhan(0987) |
| Status | proposal |
Restrictions, requirements and use cases related to this feature
All relevant issues related to or contributing to the definition of the feature are gathered here
| [User Story 046] | As a security engineer, I want our system to be integrated with a vulnerability scanning tool,So that I can continuously ensure our system's security and identify any potential vulnerabilities that may be exploited |
| [User Story 047] | As a system administrator, I want the vulnerability scanning tool to send alerts directly to my dashboard,So that I can react promptly to any threats and mitigate any potential damage |
| [User Story 048] | As a DevOps engineer, I want the scanning tool to be integrated into our CI/CD pipeline,So that I can catch potential vulnerabilities early in the development process before they get deployed to production |
| [User Story 049] | As a team leader, I want the vulnerability scanning tool to be integrated in our workflow,So that I can assure our clients that our product is developed and maintained with best security practices in mind, and thus, improve customer trust and satisfaction |
User interface mock-up
No changes to user interface
Testing / possible acceptance criteria
-
All containers run with a non-root user by default, and security contexts are defined in deployment configurations (e.g., Kubernetes YAML or Docker Compose).
-
A vulnerability scanning tool is integrated into the CI/CD pipeline and automatically scans container images during build and deployment stages.
-
The scanning tool sends real-time alerts to the system administrator’s dashboard when vulnerabilities are detected, and logs are accessible for auditing.