Skip to content

Commit

Permalink
Pinned the dockerfile to sha256 (#619)
Browse files Browse the repository at this point in the history 
The dockerfile was referring to the tag. It is recommended to use pinned
dependencies based on SHA
https://github.com/ossf/scorecard/blob/main/docs/checks.md#pinned-dependencies

Changed the go:1.17 to SHA256 digest. This still works with dependabot.

Signed-off-by: naveen <172697+naveensrinivasan@users.noreply.github.com>
  • Loading branch information
@naveensrinivasan
naveensrinivasan committed Sep 12, 2021
1 parent fefa881 commit f8f2e7a
Show file tree
Hide file tree
Showing 2 changed files with 2 additions and 2 deletions.
2 changes: 1 addition & 1 deletion Dockerfile
View file
Original file line number Diff line number Diff line change
Expand Up @@ -14,7 +14,7 @@

ARG RUNTIME_IMAGE=gcr.io/distroless/base:debug

FROM golang:1.17.0 as build
FROM golang@sha256:c994ea4c0e524ea97ea7b4b21c19b968170a0c804b2fa7eee3c70c779fe84211 as build

WORKDIR /go/src/cosign
ADD . /go/src/cosign
Expand Down
2 changes: 1 addition & 1 deletion Dockerfile.cosigned
View file
Original file line number Diff line number Diff line change
Expand Up @@ -14,7 +14,7 @@

ARG RUNTIME_IMAGE=gcr.io/distroless/base:debug

FROM golang:1.17.0 as build
FROM golang@sha256:c994ea4c0e524ea97ea7b4b21c19b968170a0c804b2fa7eee3c70c779fe84211 as build

WORKDIR /go/src/cosign
ADD . /go/src/cosign
Expand Down

0 comments on commit f8f2e7a

Please sign in to comment.