dockerfile.best-practice.avoid-yum-update.avoid-yum-update

profile photo of semgrepsemgrep
Author
unknown
Download Count*

Packages in base images should be up-to-date, removing the need for 'yum update'. If packages are out-of-date, consider contacting the base image maintainer.

Run Locally

Run in CI

Defintion

rules:
  - id: avoid-yum-update
    severity: INFO
    languages:
      - dockerfile
    message: Packages in base images should be up-to-date, removing the need for
      'yum update'. If packages are out-of-date, consider contacting the base
      image maintainer.
    metadata:
      source-rule-url: https://github.com/hadolint/hadolint/wiki/DL3031
      references:
        - https://github.com/hadolint/hadolint/wiki/DL3031
      category: best-practice
      technology:
        - dockerfile
      license: Commons Clause License Condition v1.0[LGPL-2.1-only]
    pattern: yum update

Examples

avoid-yum-update.dockerfile

# cf. https://github.com/hadolint/hadolint/wiki/DL3031

FROM centos

# ruleid: avoid-yum-update
RUN yum update \
    && yum install foo-1.0 \
    && yum clean all

# ok: avoid-yum-update
RUN yum install foo=1.0: