DL3013.md

Pattern: Missing version pinning for pip

Issue: -

Description

Version pinning forces the build to retrieve a particular version regardless of what’s in the cache. This technique can also reduce failures due to unanticipated changes in required packages.

Example of incorrect code:

RUN pip install django
RUN pip install https://github.com/Banno/carbon/tarball/0.9.x-fix-events-callback

Example of correct code:

RUN pip install django==1.9
RUN pip install git+https://github.com/Banno/carbon@0.9.15

Further Reading

• Hadolint - DL3013
• https://docs.docker.com/engine/articles/dockerfile_best-practices
• Best practices for writing Dockerfiles - RUN