Ensure 'apk' add has pinned version for package
When using apk add
without pinned version, you get the default latest version without knowing which is it, this can lead to incompatibility, but worse than that, a risk due to unknown vulnerabilities exist in the unknown version which included in the image.
Risk Level: medium
Platform: Docker
Spectral Rule ID: DOCKR054
REMEDIATION
Add pinned version to apk add
.
FROM alpine:3.16
- RUN apk add curl
+ RUN apk add curl=7.84.0-r0
Read more:
Updated about 1 year ago