Do not use latest tag

This product is not supported for your selected Datadog site. ().

Metadata

ID: docker-best-practices/no-latest-tag

Language: Docker

Severity: Warning

Category: Security

CWE: 829

Description

Using the latest tag can lead to unpredictable builds because the base image may be updated without notice, potentially introducing breaking changes or vulnerabilities. This unpredictability makes it difficult to reproduce builds reliably or troubleshoot issues that arise due to unexpected image updates.

To comply with this rule, specify an explicit version or tag for the base image, such as debian:jessie or python:3.9-slim. Pinning the base image to a specific version ensures consistent and repeatable builds, improving stability and security by preventing unintended updates.

Non-Compliant Code Examples

FROM debian:latest

Compliant Code Examples

FROM debian:jessie
https://static.datadoghq.com/static/images/logos/github_avatar.svg https://static.datadoghq.com/static/images/logos/vscode_avatar.svg jetbrains

Seamless integrations. Try Datadog Code Security

Datadog Code Security