iac/dockerfile/dockerfile-user-root-explicit

Container explicitly runs as root

mediumDockerfileiac-dockerfile

What it detects

USER is set to root (UID 0). Drop privileges with USER <non-root> after any root-only steps (apt install, etc.).

Replace with `USER 10001` (or `USER node` / `USER nobody`).

Run against Dockerfiles detected by path or basename. Line-based checks with remediation guidance.

Found a false positive or want this rule tuned? File an issue. You can also suppress per-repo via a .repoguardignore line.