search

atomist-skills / npm-vulnerability-scanner-skill

Atomist Skill to find and fix security vulnerabilities in npm dependencies
Apache License 2.0
0 stars 0 forks source link

Re-pin Docker base images in Dockerfile #176

Closed atomist[bot] closed 3 years ago

atomist[bot] commented 3 years ago

This pull request re-pins the following Docker base images in Dockerfile to their current digests.

 2: FROM node:lts@sha256:8eb45f4677c813ad08cef8522254640aa6a1800e75a9c213a0a651f6f3564189
Changelog for node

Changelog is currently being compiled. Check back in a few seconds! --- 

12: FROM atomist/skill:node14@sha256:3599e7152377d14de4685c8ce19c468f7f9227ae3200fd8e1409fbea9e1adf5a
Changelog for atomist/skill

Changelog is currently being compiled. Check back in a few seconds! ---

Pinning FROM lines to digests makes your builds repeatable. Atomist will raise new pull requests whenever the tag moves, so that you know when the base image has been updated. You can follow a new tag at any time. Just replace the digest with the new tag you want to follow. Atomist, will switch to following this new tag.

File changed:

atomist/docker-base-image-policy · Configure

atomist[bot] commented 3 years ago

badge

This pull request removes 17 vulnerabilities compared to main branch 4dbb30e.

Detected a total of 3 (-17) medium vulnerabilities in Docker image gcr.io/atomist-container-skills/npm-vulnerability-scanner-skill@sha256:2a8cacbd6cd38f97c7a57c61c82c1a9c7629b0fa2dd52b3bc5fe95e79c208ba3.

More details are available in the report.