Ensure to pin version specification in 'dnf install'
Version pinning forces the build to retrieve a particular version regardless of what's in the cache. This technique can also reduce failures due to unanticipated changes in required packages.
Risk Level: medium
Platform: Docker
Spectral Rule ID: DOCKR027
REMEDIATION
Append each dnf
package with version specification (i.e package-x.x.x
)
FROM fedora:latest
- RUN dnf -y update && dnf -y install httpd && dnf clean all
+ RUN dnf -y update && dnf -y install httpd-2.24.2 && dnf clean all
# OR
- RUN ["dnf", "install", "httpd"]
+ RUN ["dnf", "install", "httpd-2.24.2"]
COPY index.html /var/www/html/index.html
EXPOSE 80
ENTRYPOINT /usr/sbin/httpd -DFOREGROUND
Read more:
Updated over 1 year ago