Do not use the digest to pull an image

Metadata

ID: docker-best-practices/image-avoid-digest

Language: Docker

Severity: Warning

Category: Security

Do not use a digest to pull an image. A digest is immutable and if a vulnerability is found in this image, your container is likely to be impacted.

A tag is mutable and any security fixes are applied when you rebuild the image.

FROM image@sha256:239898ab989898

FROM image:tag