I’m running SonarQube Enterprise 2025.6.1 deployed on Kubernetes.
A recent container security scan flagged that the SonarQube image is running with GID 0, which appears to be defined directly in the official Dockerfile - docker-sonarqube/commercial-editions/enterprise/Dockerfile at 2025.6.1 · SonarSource/docker-sonarqube · GitHub.
How are you handling SonarQube Enterprise image running with GID 0? Rebuild or workaround?
The GID 0 definition in the Dockerfile is intentional and follows OpenShift security guidelines to allow the container to run with an arbitrary User ID (UID) while maintaining access to necessary files.
In Linux, the root group (GID 0) does not have special kernel privileges. It does not grant the ability to install packages, modify system memory, or configure networks. It is just a group label. Using GID 0 without UID 0 is effectively harmless.
Anyways, you can handle this via configuration (Kubernetes securityContext) or by marking it as a false positive in your security tool.
This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.