SonarQube security warning by:
## Summary of Changes
### 1. **Selective File Copying in Dockerfile**
Instead of using `COPY . .` which copies everything recursively, I've updated the Dockerfile to explicitly copy only the necessary files and directories:
- **Maven configuration**: `pom.xml`, `build.sbt`
- **Source code directories**: `obp-api/`, `obp-commons/`, `project/`
- **Required build files**: `jitpack.yml`, `web-app_2_3.dtd`
### 2. **Enhanced .dockerignore**
I've significantly expanded the `.dockerignore` file to exclude:
- **IDE files**: `.idea/`, `.vscode/`, `.metals/`, etc.
- **Build artifacts**: `target/`, `cache/`, Maven local repository
- **Sensitive files**: Environment files, keys, certificates, passwords
- **OS files**: `.DS_Store`, thumbnails, etc.
- **Documentation**: Most markdown files (keeping license files)
- **Development files**: `ideas/`, `resourcedoc/`
## Security Benefits
1. **Reduced attack surface**: Only necessary files are included in the Docker image
2. **No accidental secrets**: Explicit exclusion of common sensitive file patterns
3. **Smaller image size**: Excluding unnecessary files reduces image size
4. **Better maintainability**: Clear understanding of what goes into the container
## Build Compatibility
The changes maintain full Maven build compatibility by ensuring all necessary files for the build process are still copied:
- Maven POM files for dependency management
- Source code directories
- Build configuration files
- The entrypoint script (specifically allowed in .dockerignore)
This approach follows Docker security best practices and addresses the SonarQube warning while maintaining the functionality of your build process.
