Closed irongut closed 1 year ago
Dependabot can manage Docker dependencies: https://docs.github.com/en/code-security/dependabot/dependabot-version-updates/configuration-options-for-the-dependabot.yml-file#package-ecosystem
# Enable version updates for Docker
- package-ecosystem: "docker"
# Look for a `Dockerfile` in the `root` directory
directory: "/"
# Check for updates once a week
schedule:
interval: "weekly"
This issue is stale because it has been open 90 days with no activity. Remove stale label or comment or this issue will be closed in 30 days.
This issue was closed because it has been stale for 30 days with no activity.
Feature Request
Docker dependencies should be pinned by hash instead of a mutable tag.
Unfortunately Microsoft don't publish the hash: https://hub.docker.com/_/microsoft-dotnet-sdk https://hub.docker.com/_/microsoft-dotnet-runtime
Additional Context
Tracking OpenSSF Scorecards Alerts:
Linked To