Ensure zypper install has pinned version

Version pinning forces the build to retrieve a particular version regardless of what's in the cache. This technique can also reduce failures due to unanticipated changes in required packages.

Suggest Edits

Risk Level: medium
Platform: Docker
Spectral Rule ID: DOCKR068

REMEDIATION

Add pinned version for zypper install.

FROM opensuse/leap:15.4
- RUN zypper install -y httpd && zypper clean
+ RUN zypper install -y httpd=2.4.54 && zypper clean
...

https://docs.docker.com/develop/develop-images/dockerfile_best-practices/#run

Updated about 1 year ago

REMEDIATION

Read more: