search

atomist-skills / skill-base

Apache License 2.0
0 stars 0 forks source link

Pin Docker base image in Dockerfile #65

Closed atomist[bot] closed 2 years ago

atomist[bot] commented 2 years ago

This pull request pins the Docker base image alpine:3.15 in Dockerfile to the current digest.

https://github.com/atomist-skills/skill-base/blob/35430fc1bf88f945a624a4941d7cd828fa0ea44b/Dockerfile#L1-L1

Digest sha256:21a3deaa0d32a8057914f36584b5288d2e5ecc984380bc0118285c70fa8c9300 references a multi-CPU architecture image manifest. This image supports the following architectures:

Pinning FROM lines to digests makes your builds repeatable. Atomist will raise new pull requests whenever the tag moves, so that you know when the base image has been updated. You can follow a new tag at any time. Just replace the digest with the new tag you want to follow. Atomist, will switch to following this new tag.

File changed:

atomist[bot] commented 2 years ago
Vulnerabilities no vulnerabilities found
Comparison

👏 No new critical or high vulnerabilities compared with target branch main

More details are available in the vulnerability report