ID: docker-best-practices/image-avoid-digest

Language: Docker

Severity: Warning

Category: Security


Do not use a digest to pull an image. A digest is immutable and if a vulnerability is found in this image, your container is likely to be impacted.

A tag is mutable and any security fixes are applied when you rebuild the image.

Non-Compliant Code Examples

FROM image@sha256:239898ab989898

Compliant Code Examples

FROM image:tag