52fa3cbf77
- Bind all ports to 127.0.0.1 (local dev only) - Add cap_drop: ALL to drop unnecessary Linux capabilities Remaining KICS findings are acceptable for local dev: - Shared volumes: Expected for database persistence - Passwords in env: Local dev only, not real secrets - minio-init healthcheck: Init container exits after setup
3.6 KiB
3.6 KiB