orchard/docker-compose.local.yml at 680df6fb68fff06cf4e434eb7a30cbb45cdcbe9d

Files

Mondo Diaz 52fa3cbf77 Harden docker-compose security per KICS findings

- Bind all ports to 127.0.0.1 (local dev only)
- Add cap_drop: ALL to drop unnecessary Linux capabilities

Remaining KICS findings are acceptable for local dev:
- Shared volumes: Expected for database persistence
- Passwords in env: Local dev only, not real secrets
- minio-init healthcheck: Init container exits after setup

2026-01-14 18:15:25 +00:00

3.6 KiB

Raw Blame History

View Raw

3.6 KiB Raw Blame History

3.6 KiB

Raw Blame History