Zypper Install Without Version
- Query id: 562952e4-0348-4dea-9826-44f3a2c6117b
- Query name: Zypper Install Without Version
- Platform: Dockerfile
- Severity: Medium
- Category: Supply-Chain
- URL: Github
Description¶
Not specifying the package version can cause failures due to unanticipated changes in required packages
Documentation
Code samples¶
Code samples with security vulnerabilities¶
Positive test num. 1 - dockerfile file
FROM opensuse/leap:15.2
RUN zypper install -y httpd && zypper clean
RUN ["zypper", "install", "http"]
HEALTHCHECK CMD curl --fail http://localhost:3000 || exit 1