# Container runs as root

- ID: docker-missing-user
- Severity: HIGH
- CWE: CWE-250 (CWE-250)
- Languages: Dockerfile
- Frameworks: docker

## Description

Detects CMD or ENTRYPOINT without a preceding USER instruction.
The container will run as root, which is a security risk.

## Detection Message

No USER instruction before CMD/ENTRYPOINT - container runs as root

## Remediation

Add a USER instruction before CMD/ENTRYPOINT to run as a non-root user.

```dockerfile
USER appuser
CMD ["node", "server.js"]
```

Learn more: https://shoulder.dev/learn/docker/cwe-250/missing-user

## Documentation

[object Object]

## Related Rules

- **Docker User and File Permissions** [HIGH]: 
- **Privilege Escalation Allowed** [HIGH]: 
- **Dangerous Linux Capabilities Added** [CRITICAL]: 
- **Host Namespace Access Enabled** [CRITICAL]: 
- **Missing Capability Restrictions** [MEDIUM]: