pdparchitect
commented
5 years ago An easy way to do this is to use the following command for each container image:
docker image inspect --format='{{index .RepoDigests 0}}' opendevsecops/amass:latest
This can be automated in a script and a tf file generated.
At present all container definitions point to :latest tag. For security and resilience we should be locking the definition to specific hash.