pin docker base image digests

Signed-off-by: nscuro <nscuro@protonmail.com>
CycloneDX · Oct 23, 2021 · 24bd083 · 24bd083
1 parent 99f0f89
commit 24bd083
Show file tree

Hide file tree

Showing 3 changed files with 4 additions and 4 deletions.
diff --git a/Dockerfile b/Dockerfile
@@ -1,11 +1,11 @@
-FROM golang:1.17-alpine as build
+FROM golang:1.17.2-alpine3.14@sha256:5519c8752f6b53fc8818dc46e9fda628c99c4e8fd2d2f1df71e1f184e71f47dc as build
 ARG VERSION=latest
 WORKDIR /tmp/cyclonedx-gomod
 RUN apk --no-cache add git make
 COPY . .
 RUN make install
 
-FROM golang:1.17-alpine
+FROM golang:1.17.2-alpine3.14@sha256:5519c8752f6b53fc8818dc46e9fda628c99c4e8fd2d2f1df71e1f184e71f47dc
 COPY --from=build /go/bin/cyclonedx-gomod /usr/local/bin/
 USER 1000
 ENTRYPOINT ["cyclonedx-gomod"]

diff --git a/Dockerfile.examples b/Dockerfile.examples
@@ -10,7 +10,7 @@
 # for linux/amd64. If you're on a different platform, you'll have to run
 #   GOOS=linux GOARCH=amd64 make examples-image
 # instead.
-FROM golang:1.17
+FROM golang:1.17.2-bullseye@sha256:ac20397fcb5b8bcc0df870c41d1f6b102c897f686ba85d982287494651a7e7b5
 
 VOLUME /examples
 

diff --git a/Dockerfile.goreleaser b/Dockerfile.goreleaser
@@ -1,6 +1,6 @@
 # This Dockerfile is meant for GoReleaser exclusively, see .goreleaser.yml.
 # For manual builds, please use the regular Dockerfile or simply run "make docker".
-FROM golang:1.17-alpine
+FROM golang:1.17.2-alpine3.14@sha256:5519c8752f6b53fc8818dc46e9fda628c99c4e8fd2d2f1df71e1f184e71f47dc
 COPY cyclonedx-gomod /usr/local/bin/
 USER 1000
 ENTRYPOINT ["cyclonedx-gomod"]