FROM ghcr.io/cdxgen/cdxgen:master@sha256:add35fda40700c33278dec559acf8df82900910e25f7fec7ef807ab1552041da

LABEL maintainer="cyclonedx" \
      org.opencontainers.image.authors="Prabhu Subramanian <prabhu@appthreat.com>" \
      org.opencontainers.image.source="https://github.com/cdxgen/cdxgen" \
      org.opencontainers.image.url="https://github.com/cdxgen/cdxgen" \
      org.opencontainers.image.version="12.1.x" \
      org.opencontainers.image.vendor="cyclonedx" \
      org.opencontainers.image.licenses="Apache-2.0" \
      org.opencontainers.image.title="cdxgen" \
      org.opencontainers.image.description="Container image for cdxgen SBOM generator packing latest build tools with secure defaults." \
      org.opencontainers.docker.cmd="docker run --rm -v /tmp:/tmp -p 9090:9090 -v $(pwd):/app:rw -t ghcr.io/cyclonedx/cdxgen-secure -r /app --server"

ENV NODE_OPTIONS='--permission --allow-fs-read="/app/*" --allow-fs-read="/opt/*" --allow-fs-read="/home/cyclonedx/*" --allow-fs-read="/tmp/cdxgen-temp/*" --allow-fs-write="/tmp/cdxgen-temp/*" --allow-fs-write="/app/*.json" --allow-child-process --trace-warnings' \
    NODE_NO_WARNINGS=1 \
    CDXGEN_SECURE_MODE=true \
    COMPOSER_ALLOW_SUPERUSER=0
USER cyclonedx
WORKDIR /app
ENTRYPOINT ["cdxgen"]
