generic.dockerfile.best-practice.missing-image-version.missing-image-version

profile photo of returntocorpreturntocorp
Author
225
Download Count*
LGPL Commons Clause
License

Images should be tagged with an explicit version to produce deterministic container images.

Run Locally

Run in CI

Semgrep CI docs

Defintion

Edit RuleView Source
Open in Playground 
rules:
  - id: missing-image-version
    patterns:
      - pattern: FROM $IMAGE
      - pattern-not-inside: FROM $IMAGE:$VERSION
    message: Images should be tagged with an explicit version to produce
      deterministic container images.
    severity: WARNING
    languages:
      - generic
    metadata:
      source-rule-url: https://github.com/hadolint/hadolint/wiki/DL3006
      references:
        - https://github.com/hadolint/hadolint/wiki/DL3006
      category: best-practice
      technology:
        - dockerfile
      license: Commons Clause License Condition v1.0[LGPL-2.1-only]
    paths:
      include:
        - "*dockerfile*"
        - "*Dockerfile*"

Examples

missing-image-version.dockerfile

# ruleid: missing-image-version
FROM debian

# ruleid: missing-image-version
FROM debian as blah

# ok: missing-image-version
FROM debian:jessie

# ok: missing-image-version
FORM debian:jessie as blah2

# ruleid: missing-image-version
FROM nixos/nix AS build