Ensure not to use the 'latest' tag for any GitLab pipelines images
Using a continuously changed tag version can result in unexpected software behavior, supply chain attack vector, and unrecoverable state.
Risk Level: medium
Platform: GitLab
Spectral Rule ID: GLPL001
REMEDIATION
Always use an exact version lock.
Examples:
- image: ubuntu:20.04
- image: npm:14.0
Bad examples:
- image: ubuntu:latest
- image: npm:master
- image: alpine
Read more:
- TBD
Updated over 1 year ago