Ensure to pin version specification in 'dnf install'

Version pinning forces the build to retrieve a particular version regardless of what's in the cache. This technique can also reduce failures due to unanticipated changes in required packages.

Suggest Edits

Risk Level: medium
Platform: Docker
Spectral Rule ID: DOCKR027

REMEDIATION

Append each dnf package with version specification (i.e package-x.x.x)

FROM fedora:latest
- RUN dnf -y update && dnf -y install httpd && dnf clean all
+ RUN dnf -y update && dnf -y install httpd-2.24.2 && dnf clean all
 #  OR 
- RUN ["dnf", "install", "httpd"]
+ RUN ["dnf", "install", "httpd-2.24.2"]
COPY index.html /var/www/html/index.html
EXPOSE 80
ENTRYPOINT /usr/sbin/httpd -DFOREGROUND

https://docs.docker.com/develop/develop-images/dockerfile_best-practices/

Updated 7 months ago

REMEDIATION

Read more: