Image Version Not Explicit
- Query id: 9efb0b2d-89c9-41a3-91ca-dcc0aec911fd
- Query name: Image Version Not Explicit
- Platform: Dockerfile
- Severity: Medium
- Category: Supply-Chain
- URL: Github
Description¶
Always tag the version of an image explicitly
Documentation
Code samples¶
Code samples with security vulnerabilities¶
Postitive test num. 1 - dockerfile file
FROM alpine
RUN apk add --update py2-pip
RUN pip install --upgrade pip
COPY requirements.txt /usr/src/app/
RUN pip install --no-cache-dir -r /usr/src/app/requirements.txt
COPY app.py /usr/src/app/
COPY templates/index.html /usr/src/app/templates/
EXPOSE 5000
CMD ["python", "/usr/src/app/app.py"]
Code samples without security vulnerabilities¶
Negative test num. 1 - dockerfile file
FROM alpine:3.5
RUN apk add --update py2-pip
RUN pip install --upgrade pip
COPY requirements.txt /usr/src/app/
RUN pip install --no-cache-dir -r /usr/src/app/requirements.txt
COPY app.py /usr/src/app/
COPY templates/index.html /usr/src/app/templates/
EXPOSE 5000
ARG IMAGE=alpine:3.12
FROM $IMAGE
CMD ["python", "/usr/src/app/app.py"]