Category : security

I got the following setup: https://localhost:1234 -> React app using keycloak-js and @react-keycloak/web http://localhost:8080 -> Keycloak (docker) The React app is configured to use the keycloak instance. If I’m trying to access my webapp I get the following network error: GET http://localhost:8080/auth/realms/REALMNAME/protocol/openid-connect/3p-cookies/step1.html not-set cross-origin-resource-policy My browser blocks the request cause the cross-origin-resource-policy header is missing. ..

Read more

I have an application running inside a Docker container, which is continuously being pushed to an Azure Container Registry. As part of the pipeline I am using the step: docker login <Docker Server> -u <Username> -p <Password> When my pipeline is running this step, I get the following warnings: WARNING! Using –password via the CLI ..

Read more

Suppose I am developing an application consisting of several docker containers: web server, PostgresSQL database, Redis cache, etc. I use docker-compose to wire all the containers by the network. Containers are running on a single host, the only port published to the host is a 8080 HTTP port from a web server: # docker-compose.yml version: ..

Read more

We are generating a container image based on mcr.microsoft.com/dotnet/core/aspnet:3.1-alpine The docker file includes a trivy security scan. Here is a docker file excerpt: # Build runtime image (Alpine) FROM mcr.microsoft.com/dotnet/core/aspnet:3.1-alpine # Upgrade the Alpine Image RUN apk update RUN apk upgrade RUN apk search -a|grep containerd|sort RUN apk add –upgrade containerd RUN apk add icu-libs ..

Read more