Closed gurkanindibay closed 2 years ago
Removed it It was unnecessary
{"runs":[{"results":[{"ruleId":"DL3008","message":{"text":"Pin versions in apt get install. Instead of `apt-get install <package>` use `apt-get install <package>=<version>`"},"level":"warning","locations":[{"physicalLocation":{"region":{"sourceLanguage":"dockerfile","startColumn":1,"endColumn":1,"startLine":17,"endLine":17},"artifactLocation":{"uri":"./Dockerfile"}}}]},{"ruleId":"DL3015","message":{"text":"Avoid additional packages by specifying `--no-install-recommends`"},"level":"note","locations":[{"physicalLocation":{"region":{"sourceLanguage":"dockerfile","startColumn":1,"endColumn":1,"startLine":17,"endLine":17},"artifactLocation":{"uri":"./Dockerfile"}}}]},{"ruleId":"SC2086","message":{"text":"Double quote to prevent globbing and word splitting."},"level":"note","locations":[{"physicalLocation":{"region":{"sourceLanguage":"sh","startColumn":1,"endColumn":1,"startLine":17,"endLine":17},"artifactLocation":{"uri":"./Dockerfile"}}}]},{"ruleId":"DL4006","message":{"text":"Set the SHELL option -o pipefail before RUN with a pipe in it. If you are using /bin/sh in an alpine image or if your shell is symlinked to busybox then consider explicitly setting your SHELL to /bin/ash, or disable this check"},"level":"warning","locations":[{"physicalLocation":{"region":{"sourceLanguage":"dockerfile","startColumn":1,"endColumn":1,"startLine":17,"endLine":17},"artifactLocation":{"uri":"./Dockerfile"}}}]},{"ruleId":"DL3059","message":{"text":"Multiple consecutive `RUN` instructions. Consider consolidation."},"level":"note","locations":[{"physicalLocation":{"region":{"sourceLanguage":"dockerfile","startColumn":1,"endColumn":1,"startLine":40,"endLine":40},"artifactLocation":{"uri":"./Dockerfile"}}}]}],"tool":{"driver":{"fullName":"Haskell Dockerfile Linter","shortDescription":{"text":"Dockerfile linter, validate inline bash, written in Haskell"},"name":"Hadolint","version":"v2.9.3-0-g346e419-dirty","downloadUri":"https://github.com/hadolint/hadolint"}},"defaultSourceLanguage":"dockerfile"}],"version":"2.1.0","$schema":"http://json.schemastore.org/sarif-2.1.0"}
Hadolint: ``
{"runs":[{"results":[{"ruleId":"DL3008","message":{"text":"Pin versions in apt get install. Instead of `apt-get install <package>` use `apt-get install <package>=<version>`"},"level":"warning","locations":[{"physicalLocation":{"region":{"sourceLanguage":"dockerfile","startColumn":1,"endColumn":1,"startLine":17,"endLine":17},"artifactLocation":{"uri":"./Dockerfile"}}}]},{"ruleId":"DL3015","message":{"text":"Avoid additional packages by specifying `--no-install-recommends`"},"level":"note","locations":[{"physicalLocation":{"region":{"sourceLanguage":"dockerfile","startColumn":1,"endColumn":1,"startLine":17,"endLine":17},"artifactLocation":{"uri":"./Dockerfile"}}}]},{"ruleId":"SC2086","message":{"text":"Double quote to prevent globbing and word splitting."},"level":"note","locations":[{"physicalLocation":{"region":{"sourceLanguage":"sh","startColumn":1,"endColumn":1,"startLine":17,"endLine":17},"artifactLocation":{"uri":"./Dockerfile"}}}]},{"ruleId":"DL4006","message":{"text":"Set the SHELL option -o pipefail before RUN with a pipe in it. If you are using /bin/sh in an alpine image or if your shell is symlinked to busybox then consider explicitly setting your SHELL to /bin/ash, or disable this check"},"level":"warning","locations":[{"physicalLocation":{"region":{"sourceLanguage":"dockerfile","startColumn":1,"endColumn":1,"startLine":17,"endLine":17},"artifactLocation":{"uri":"./Dockerfile"}}}]},{"ruleId":"DL3059","message":{"text":"Multiple consecutive `RUN` instructions. Consider consolidation."},"level":"note","locations":[{"physicalLocation":{"region":{"sourceLanguage":"dockerfile","startColumn":1,"endColumn":1,"startLine":40,"endLine":40},"artifactLocation":{"uri":"./Dockerfile"}}}]}],"tool":{"driver":{"fullName":"Haskell Dockerfile Linter","shortDescription":{"text":"Dockerfile linter, validate inline bash, written in Haskell"},"name":"Hadolint","version":"v2.9.3-0-g346e419-dirty","downloadUri":"https://github.com/hadolint/hadolint"}},"defaultSourceLanguage":"dockerfile"}],"version":"2.1.0","$schema":"http://json.schemastore.org/sarif-2.1.0"}
I'm not sure if this is useful but wanted to bring this up if this is something easy to fix.
Hadolint: ``
{"runs":[{"results":[{"ruleId":"DL3008","message":{"text":"Pin versions in apt get install. Instead of `apt-get install <package>` use `apt-get install <package>=<version>`"},"level":"warning","locations":[{"physicalLocation":{"region":{"sourceLanguage":"dockerfile","startColumn":1,"endColumn":1,"startLine":17,"endLine":17},"artifactLocation":{"uri":"./Dockerfile"}}}]},{"ruleId":"DL3015","message":{"text":"Avoid additional packages by specifying `--no-install-recommends`"},"level":"note","locations":[{"physicalLocation":{"region":{"sourceLanguage":"dockerfile","startColumn":1,"endColumn":1,"startLine":17,"endLine":17},"artifactLocation":{"uri":"./Dockerfile"}}}]},{"ruleId":"SC2086","message":{"text":"Double quote to prevent globbing and word splitting."},"level":"note","locations":[{"physicalLocation":{"region":{"sourceLanguage":"sh","startColumn":1,"endColumn":1,"startLine":17,"endLine":17},"artifactLocation":{"uri":"./Dockerfile"}}}]},{"ruleId":"DL4006","message":{"text":"Set the SHELL option -o pipefail before RUN with a pipe in it. If you are using /bin/sh in an alpine image or if your shell is symlinked to busybox then consider explicitly setting your SHELL to /bin/ash, or disable this check"},"level":"warning","locations":[{"physicalLocation":{"region":{"sourceLanguage":"dockerfile","startColumn":1,"endColumn":1,"startLine":17,"endLine":17},"artifactLocation":{"uri":"./Dockerfile"}}}]},{"ruleId":"DL3059","message":{"text":"Multiple consecutive `RUN` instructions. Consider consolidation."},"level":"note","locations":[{"physicalLocation":{"region":{"sourceLanguage":"dockerfile","startColumn":1,"endColumn":1,"startLine":40,"endLine":40},"artifactLocation":{"uri":"./Dockerfile"}}}]}],"tool":{"driver":{"fullName":"Haskell Dockerfile Linter","shortDescription":{"text":"Dockerfile linter, validate inline bash, written in Haskell"},"name":"Hadolint","version":"v2.9.3-0-g346e419-dirty","downloadUri":"https://github.com/hadolint/hadolint"}},"defaultSourceLanguage":"dockerfile"}],"version":"2.1.0","$schema":"http://json.schemastore.org/sarif-2.1.0"}
I'm not sure if this is useful but wanted to bring this up if this is something easy to fix.
We've recently added. There is a taks to fix it.
What is that subproject commit is about ?