gitea-mirror/Pulse
1
0
Fork 0
mirror of https://github.com/rcourtman/Pulse.git synced 2026-02-18 23:41:48 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
160adeb3b8fd39411d74112e8b0a4e1995a02da9
Pulse/scripts/docker-build.sh
rcourtman 524f42cc28 security: complete Phase 1 sensor proxy hardening 
Implements comprehensive security hardening for pulse-sensor-proxy:
- Privilege drop from root to unprivileged user (UID 995)
- Hash-chained tamper-evident audit logging with remote forwarding
- Per-UID rate limiting (0.2 QPS, burst 2) with concurrency caps
- Enhanced command validation with 10+ attack pattern tests
- Fuzz testing (7M+ executions, 0 crashes)
- SSH hardening, AppArmor/seccomp profiles, operational runbooks

All 27 Phase 1 tasks complete. Ready for production deployment.
2025-10-20 15:13:37 +00:00

10 lines
223 B
Bash
Executable File
Raw Blame History

#!/usr/bin/env bash
set -euo pipefail
# Simple wrapper that enables BuildKit and forwards all arguments.
# To skip building multi-arch agents set BUILD_AGENT=0 before invoking.
export DOCKER_BUILDKIT=1
docker build "$@"
Reference in New Issue View Git Blame Copy Permalink