Always pin versions in apt-get install

Cette page n'est pas encore disponible en français, sa traduction est en cours.
Si vous avez des questions ou des retours sur notre projet de traduction actuel, n'hésitez pas à nous contacter.

Metadata

ID: docker-best-practices/apt-pin-version

Language: Docker

Severity: Notice

Category: Best Practices

Description

When using apt-get install, pin the version to avoid unwanted upgrades and undefined behavior.

Non-Compliant Code Examples

FROM debian:12

RUN set -eux; \
    apt-get update; \
    apt-get install -y curl git gcc g++ make cmake; \
    rm -rf /var/cache/apt/archives /var/lib/apt/lists/*
FROM debian:12
RUN apt-get install python

RUN apt-get update && \
    apt-get install -y --no-install-recommends openjdk-19-jdk && \
    apt-get clean && \
    rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/ /var/cache/oracle*

Compliant Code Examples

FROM debian:12
RUN apt-get install python=3.11
https://static.datadoghq.com/static/images/logos/github_avatar.svg https://static.datadoghq.com/static/images/logos/vscode_avatar.svg jetbrains

Seamless integrations. Try Datadog Code Analysis

PREVIEWING: safchain/fix-custom-agent