Hi,

I know usage is mainly local, but for prevent lateral attacks or container escape, could you add at least an USER instruction in Docker files please ?
For example:

USER root
RUN apt-get update && apt-get install -y your-package
# ...
RUN groupadd -g 1234 customgroup && useradd -m -u 1234 -g customgroup customuser
USER customuser
WORKDIR /home/customuser
# ...

Hopefully this will help you.
Greetings, JL.

FYI security scans with semgrep (image capture and csv attached for code and supply chain findings)

Code findings

Supply chain findings (generally CVE)

Full CSV exports

Flowsint_Code_Findings_2025_12_11.csv
Flowsint_Supply_Chain_Findings_2025_12_11.csv