search

tanium / octobot

github bot with slack and jira integration
MIT License
25 stars 16 forks source link

Fix for Dockerfile smell DL3007 #339

Closed grosa1 closed 1 year ago

grosa1 commented 1 year ago

Hi! The Dockerfile placed at "Dockerfile" contains the best practice violation DL3007 detected by the hadolint tool.

The smell DL3007 occurs when the tag "latest" is used instead of a specific version tag for the base image. In this pull request, we propose a fix for that smell generated by our fixing tool. We have verified that the patch is correct before opening the pull request. To fix this smell, specifically, we use a heuristic approach that selects the most probable version tag for the base image in order to replace the "latest" tag. In detail, it selects the most recent image tag which corresponds to the same image digest that currently corresponds to the "latest" tag.

This change is only aimed at fixing that specific smell. If the fix is not valid or useful, please briefly indicate the reason and suggestions for possible improvements.

Thanks in advance

matthauck commented 1 year ago

(sorry for delay, was out for a few days last week)