Always pin versions with pip

Metadata

ID: docker-best-practices/pip-pin-versions

Language: Docker

Severity: Notice

Category: Best Practices

Description

When installing Python packages with pip, always pin the version.

Non-Compliant Code Examples

FROM busybox
RUN pip install django

RUN python3 -m pip install django

RUN python3 -m pip install django && pip install otherpackage

Compliant Code Examples

FROM busybox
RUN pip install django==1.9

RUN pip install --no-cache-dir -r requirements.txt
RUN pip install --no-cache-dir shepherd/src -r requirements.txt 
RUN pip install --upgrade pip==22.1.2 && pip install --no-cache-dir -r requirements.txt
RUN python3 -m pip install --upgrade pip==22.1.2 && python3 -m pip install --no-cache-dir -r requirements.txt