dockerfile-source-not-pinned
To ensure reproducible builds, pin Dockerfile FROM
commands to a specific hash. You can find the hash by running docker pull $IMAGE
and then specify it with $IMAGE:$VERSION@sha256:<hash goes here>
dockerfile-source-not-pinned
To ensure reproducible builds, pin Dockerfile FROM
commands to a specific hash. You can find the hash by running docker pull $IMAGE
and then specify it with $IMAGE:$VERSION@sha256:<hash goes here>