fix: add .dockerignore to prevent sensitive data in Docker images

T-DevH · T-DevH · commit 8d854dc5a333 · 2025-11-24T13:03:06.000-08:00
- Create comprehensive .dockerignore to exclude sensitive files
- Exclude .env files, secrets, credentials, git files
- Exclude virtual envs, build artifacts, test files, docs
- Add security comment to Dockerfile line 70
- Prevents CWE-668 and CWE-497 vulnerabilities
- Addresses security concern with COPY . . directive
diff --git a/Dockerfile b/Dockerfile
@@ -67,6 +67,8 @@ COPY --from=backend-deps /usr/local/lib/python3.11/site-packages /usr/local/lib/
 COPY --from=backend-deps /usr/local/bin /usr/local/bin
 
 # Copy application code
+# Security: .dockerignore ensures sensitive files (.env, secrets, git, etc.) are excluded
+# Only files not in .dockerignore will be copied to the container
 COPY . .
 
 # Build arguments for version injection
