-
Notifications
You must be signed in to change notification settings - Fork 134
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
ci: address OSSF Scorecard warnings #243
Changes from all commits
83aea5e
2139ac0
ecd47d0
9834f39
763ebea
File filter
Filter by extension
Conversations
Jump to
Diff view
Diff view
There are no files selected for viewing
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,3 +1,3 @@ | ||
FROM nginxinc/nginx-s3-gateway | ||
FROM nginxinc/nginx-s3-gateway@sha256:8aa48324479b3653b5936183cc97f2ca1aa9078d229042f1bca357834bd906f4 | ||
|
||
COPY etc/nginx/conf.d /etc/nginx/conf.d |
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,4 +1,4 @@ | ||
FROM nginxinc/nginx-s3-gateway | ||
FROM nginxinc/nginx-s3-gateway@sha256:8aa48324479b3653b5936183cc97f2ca1aa9078d229042f1bca357834bd906f4 | ||
|
||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Same comment. This is meant to be built on top of a local tag for the base build. Also pinning this example to some version would probably make the example not a great user experience since you could be wondering why you're stuck on an old version if you haven't clocked the SHA There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. See previous comment |
||
ENV MODSECURITY_VERSION "v1.0.1" | ||
ENV OWASP_RULESET_VERSION "v3.3.0" | ||
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Same comment. This is meant to be built on top of a local tag for the base build. Also pinning this example to some version would probably make the example not a great user experience since you could be wondering why you're stuck on an old version if you haven't clocked the SHA
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
See previous comment
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
So this just presents a bit of a maintenance issue since we'll have to periodically update these to make sure they don't reference a super old version. Let's leave the SHAs in for now since these have not been tested in a while anyway. I'll add a note in some of the organizational changes we make later to remind folks to update.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Dependabot should hopefully take care of Docker SHA updates! 😁