Ensure pip install has pinned version for package
When using pip install
without pinned version, you get the default latest version without knowing which is it, this can lead to incompatibility, but worse than that, a risk due to unknown vulnerabilities exist in the unknown version which included in the image.
Risk Level: medium
Platform: Docker
Spectral Rule ID: DOCKR056
REMEDIATION
Add pinned version to pip install
.
FROM ubuntu:22.10
- RUN pip install requests
+ RUN pip install requests=2.7.0
Read more:
Updated over 1 year ago