Comments (4)
According to the Readme you can disable the rules via a config file, if you're bothered by the linter output.
There's a valid reason why it might not be desirable to use apt upgrade etc. By using those you won't know the exact version that gets installed, i.e. you have no version pinning. Therefore you can't get reproducible builds.
In the end, it will depend on what you're trying to achieve, I can think of use cases for both approaches.
from dockerfilelint.
Defaults shift behavior, especially for people who aren’t experts. I’d tend to think that it’d be better not to discourage installing security updates by default and letting the much smaller community of people trying for reproducible builds worry about that along with all of the other details they’re going to need to deal with.
from dockerfilelint.
The problem is also that you can't always upgrade some of the packages inside an unprivileged container.
The Docker documentation about best practices provides some insights, see here: https://docs.docker.com/develop/develop-images/dockerfile_best-practices/#run
Essentially, the recommendation is to use apt-get install -y foo
to update automatically. The maintainers of dockerfilelint seem to adhere to the linked best practices, which I don't think is unreasonable.
from dockerfilelint.
@svl7 the above mentioned part of the Docker documentation was recently removed: docker/docs#12571
from dockerfilelint.
Related Issues (20)
- I want to use "apt update"
- Escaped quotes cause TypeError
- Invalid Argument for HEALTHCHECK HOT 7
- Please create a release HOT 6
- Add Support for Custom Rulesets
- Ability to supply "Severity" levels for rules
- Repo still actively maintained? HOT 2
- "Label Is Invalid" when period in label key
- Add support for yum commands
- Dead link for no-install-recommends
- Multi-Stage builds incorrectly expect a version label
- [v1.8.0] Rules ignored HOT 1
- Configuration file path enhancement HOT 1
- Missing tag rule should not apply to local multistage Dockerfiles HOT 6
- Invalid Port Exposed error HOT 1
- Active status & maintainers ? HOT 1
- Feature Request: Add Rule for EOF return
- Complaints of Base Image Missing Tag when tag is specified for Python
- Wrong error when creating a docker file that is using a base image from an argument
- Does not recognize error in wrong EXPOSE statement with a list of ports with a comma, e.g. "EXPOSE 8080, 8443" HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from dockerfilelint.