DeepSource
Dashboard Resources Pricing Discover Directory Log in

Run your first analysis.

Find thousands of code security and quality issues in your codebase, before they end up in production.

Start now
Docker

Docker

Made by DeepSource
Use Analyzer

User should not be root when the Dockerfile completes DOK-DL3002

Security
Critical

Switching to the root USER opens up certain security risks if an attacker gets access to the container. In order to mitigate this, switch back to a non privileged user after running the commands you need as root.

Bad Practice

FROM debian:buster
USER root
RUN ...

Recommended

FROM debian:buster
USER root
RUN ...
USER guest