mirror of
https://github.com/hadolint/hadolint.git
synced 2025-12-16 19:14:02 +00:00
Page:
DL3026
Pages
DL3000
DL3001
DL3002
DL3003
DL3004
DL3005
DL3006
DL3007
DL3008
DL3009
DL3010
DL3011
DL3012
DL3013
DL3014
DL3015
DL3016
DL3017
DL3018
DL3019
DL3020
DL3021
DL3022
DL3023
DL3024
DL3025
DL3026
DL3027
DL3028
DL3029
DL3030
DL3031
DL3032
DL3033
DL3034
DL3035
DL3036
DL3037
DL3038
DL3039
DL3040
DL3041
DL3042
DL3043
DL3044
DL3045
DL3046
DL3047
DL3048
DL3049
DL3050
DL3051
DL3052
DL3053
DL3054
DL3055
DL3056
DL3057
DL3058
DL3059
DL3060
DL3061
DL3062
DL4000
DL4001
DL4003
DL4004
DL4005
DL4006
Home
SC2046
SC2086
Template
No results
1
DL3026
José Lorenzo Rodríguez edited this page 2018-07-07 09:40:17 +02:00
Use only an allowed registry in the FROM image
Problematic code:
FROM randomguy/python:3.6
...
Correct code:
FROM my-registry.com/python:3.6
...
Rationale:
Using the FROM instruction is a huge exercise in trust, you have to trust that a particular version or an image is safe for you to use, and that it will never be retagged maliciously. In order to prevent that, some companies copy trusted images into their own repositories, and reference them directly.
For example, this would be an untrusted image:
FROM randomguy/fancy:10
...
But after an audit, the company decides to copy the image into their own repository, as it was deemed safe:
FROM my-registry.com/fancy:10
...
The idea is that hadolint can warn whenever an untrusted repo is used, you can use the --trusted-registry flag for that
hadolint --trusted-registry my-registry.com Dockerfile