Skip to content

Commit db9067c

Browse files
wajawaja
committed
Adding --checksum to avoid CIS-DI-0009
Add hadolint inline ignore to prevent ignoring it globally
1 parent 477decd commit db9067c

File tree

1 file changed

+2
-1
lines changed

1 file changed

+2
-1
lines changed

Dockerfile

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -46,8 +46,9 @@ RUN \
4646
ARG FROM
4747
FROM ${FROM} AS main
4848

49+
ARG NGINX_KEYRING_SHA256_SUM=7d3d5a7adf37e17d6882e2f6f55324b9a8f978ef3c99c50fe801af67c9847c91
4950
COPY docker/unit.list /etc/apt/sources.list.d/unit.list
50-
ADD --chmod=444 --chown=0:0 https://unit.nginx.org/keys/nginx-keyring.gpg /usr/share/keyrings/nginx-keyring.gpg
51+
ADD https://unit.nginx.org/keys/nginx-keyring.gpg /usr/share/keyrings/nginx-keyring.gpg --chown=0:0 --chmod=444 --checksum=sha256:${NGINX_KEYRING_SHA256_SUM}
5152
RUN export DEBIAN_FRONTEND=noninteractive \
5253
&& apt-get update -qq \
5354
&& apt-get upgrade \

0 commit comments

Comments
 (0)