Gathering detailed insights and metrics for @pulumi/docker
Gathering detailed insights and metrics for @pulumi/docker
A Docker Pulumi resource package, providing multi-language access to Docker resources and building images.
Installations
npm install @pulumi/dockerDeveloper
pulumi
Developer Guide
BETA
Module System
Unable to determine the module system for this package.
Min. Node Version
Typescript Support
Yes
Node Version
20.17.0
NPM Version
10.8.2
Statistics
85 Stars
751 Commits
14 Forks
17 Watching
301 Branches
107 Contributors
Updated on 28 Nov 2024
Languages
Go (82.89%)
Makefile (10.22%)
Shell (6.71%)
Dockerfile (0.18%)
Total Downloads
Cumulative downloads
Total Downloads
37,803,098
Last day
-8.6%
89,334
Compared to previous day
Last week
6%
603,090
Compared to previous week
Last month
0.8%
2,477,386
Compared to previous month
Last year
216.3%
24,104,542
Compared to previous year
Daily Downloads
Weekly Downloads
Monthly Downloads
Yearly Downloads
Dependencies
2
Dev Dependencies
3
Versions
Docker Resource Provider
The Docker resource provider for Pulumi lets you manage Docker resources in your cloud programs. To use this package, please install the Pulumi CLI first.
Installing
This package is available in many languages in the standard packaging formats.
Node.js (Java/TypeScript)
To use from JavaScript or TypeScript in Node.js, install using either npm:
$ npm install @pulumi/docker
or yarn:
$ yarn add @pulumi/docker
Python
To use from Python, install using pip:
$ pip install pulumi_docker
Go
To use from Go, use go get to grab the latest version of the library
$ go get github.com/pulumi/pulumi-docker/sdk/v4
.NET
To use from .NET, install using dotnet add package:
$ dotnet add package Pulumi.Docker
Reference
For further information, please visit the Docker provider docs or for detailed reference documentation, please visit the API docs.
No vulnerabilities found.
Reason
26 commit(s) and 3 issue activity found in the last 90 days -- score normalized to 10
Reason
no dangerous workflow patterns detected
Reason
no binaries found in the repo
Reason
security policy file detected
Details
- Info: security policy file detected: github.com/pulumi/.github/SECURITY.md:1
- Info: Found linked content: github.com/pulumi/.github/SECURITY.md:1
- Info: Found disclosure, vulnerability, and/or timelines in security policy: github.com/pulumi/.github/SECURITY.md:1
- Info: Found text in security policy: github.com/pulumi/.github/SECURITY.md:1
Reason
license file detected
Details
- Info: project has a license file: LICENSE:0
- Warn: project license file does not contain an FSF or OSI license.
Reason
2 existing vulnerabilities detected
Details
- Warn: Project is vulnerable to: GO-2024-3005 / GHSA-v23v-6jw2-98fq
- Warn: Project is vulnerable to: GO-2024-2659 / GHSA-mq39-4gv4-mvpx
Reason
Found 3/30 approved changesets -- score normalized to 1
Reason
no effort to earn an OpenSSF best practices badge detected
Reason
project is not fuzzed
Details
- Warn: no fuzzer integrations found
Reason
detected GitHub workflow tokens with excessive permissions
Details
- Warn: jobLevel 'contents' permission set to 'write': .github/workflows/master.yml:111
- Info: jobLevel 'contents' permission set to 'read': .github/workflows/master.yml:148
- Warn: jobLevel 'contents' permission set to 'write': .github/workflows/prerelease.yml:72
- Info: jobLevel 'contents' permission set to 'read': .github/workflows/prerelease.yml:90
- Info: jobLevel 'contents' permission set to 'read': .github/workflows/release.yml:96
- Warn: jobLevel 'contents' permission set to 'write': .github/workflows/release.yml:77
- Warn: jobLevel 'statuses' permission set to 'write': .github/workflows/run-acceptance-tests.yml:110
- Info: jobLevel 'contents' permission set to 'read': .github/workflows/run-acceptance-tests.yml:138
- Warn: no topLevel permission defined: .github/workflows/build_provider.yml:1
- Warn: no topLevel permission defined: .github/workflows/build_sdk.yml:1
- Warn: no topLevel permission defined: .github/workflows/command-dispatch.yml:1
- Warn: no topLevel permission defined: .github/workflows/community-moderation.yml:1
- Warn: no topLevel permission defined: .github/workflows/license.yml:1
- Warn: no topLevel permission defined: .github/workflows/lint.yml:1
- Warn: no topLevel permission defined: .github/workflows/master.yml:1
- Warn: no topLevel permission defined: .github/workflows/prerelease.yml:1
- Warn: no topLevel permission defined: .github/workflows/prerequisites.yml:1
- Warn: no topLevel permission defined: .github/workflows/publish.yml:1
- Warn: no topLevel permission defined: .github/workflows/pull-request.yml:1
- Warn: no topLevel permission defined: .github/workflows/release.yml:1
- Warn: no topLevel permission defined: .github/workflows/release_command.yml:1
- Warn: no topLevel permission defined: .github/workflows/resync-build.yml:1
- Warn: no topLevel permission defined: .github/workflows/run-acceptance-tests.yml:1
- Warn: no topLevel permission defined: .github/workflows/upgrade-bridge.yml:1
- Warn: no topLevel permission defined: .github/workflows/upgrade-provider.yml:1
- Warn: no topLevel permission defined: .github/workflows/verify-release.yml:1
Reason
Project has not signed or included provenance with any releases.
Details
- Warn: release artifact v4.5.7 not signed: https://api.github.com/repos/pulumi/pulumi-docker/releases/180297928
- Warn: release artifact v4.5.6 not signed: https://api.github.com/repos/pulumi/pulumi-docker/releases/176742696
- Warn: release artifact v4.5.5 not signed: https://api.github.com/repos/pulumi/pulumi-docker/releases/167251893
- Warn: release artifact v4.5.4 not signed: https://api.github.com/repos/pulumi/pulumi-docker/releases/157386405
- Warn: release artifact v4.5.3 not signed: https://api.github.com/repos/pulumi/pulumi-docker/releases/148735157
- Warn: release artifact v4.5.7 does not have provenance: https://api.github.com/repos/pulumi/pulumi-docker/releases/180297928
- Warn: release artifact v4.5.6 does not have provenance: https://api.github.com/repos/pulumi/pulumi-docker/releases/176742696
- Warn: release artifact v4.5.5 does not have provenance: https://api.github.com/repos/pulumi/pulumi-docker/releases/167251893
- Warn: release artifact v4.5.4 does not have provenance: https://api.github.com/repos/pulumi/pulumi-docker/releases/157386405
- Warn: release artifact v4.5.3 does not have provenance: https://api.github.com/repos/pulumi/pulumi-docker/releases/148735157
Reason
SAST tool is not run on all commits -- score normalized to 0
Details
- Warn: 0 commits out of 30 are checked with a SAST tool
Reason
dependency not pinned by hash detected -- score normalized to 0
Details
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build_provider.yml:33: update your workflow using https://app.stepsecurity.io/secureworkflow/pulumi/pulumi-docker/build_provider.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build_provider.yml:41: update your workflow using https://app.stepsecurity.io/secureworkflow/pulumi/pulumi-docker/build_provider.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build_provider.yml:54: update your workflow using https://app.stepsecurity.io/secureworkflow/pulumi/pulumi-docker/build_provider.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build_sdk.yml:59: update your workflow using https://app.stepsecurity.io/secureworkflow/pulumi/pulumi-docker/build_sdk.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build_sdk.yml:63: update your workflow using https://app.stepsecurity.io/secureworkflow/pulumi/pulumi-docker/build_sdk.yml/master?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/build_sdk.yml:81: update your workflow using https://app.stepsecurity.io/secureworkflow/pulumi/pulumi-docker/build_sdk.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/command-dispatch.yml:41: update your workflow using https://app.stepsecurity.io/secureworkflow/pulumi/pulumi-docker/command-dispatch.yml/master?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/command-dispatch.yml:44: update your workflow using https://app.stepsecurity.io/secureworkflow/pulumi/pulumi-docker/command-dispatch.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/community-moderation.yml:11: update your workflow using https://app.stepsecurity.io/secureworkflow/pulumi/pulumi-docker/community-moderation.yml/master?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/community-moderation.yml:16: update your workflow using https://app.stepsecurity.io/secureworkflow/pulumi/pulumi-docker/community-moderation.yml/master?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/community-moderation.yml:22: update your workflow using https://app.stepsecurity.io/secureworkflow/pulumi/pulumi-docker/community-moderation.yml/master?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/community-moderation.yml:28: update your workflow using https://app.stepsecurity.io/secureworkflow/pulumi/pulumi-docker/community-moderation.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/license.yml:48: update your workflow using https://app.stepsecurity.io/secureworkflow/pulumi/pulumi-docker/license.yml/master?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/license.yml:56: update your workflow using https://app.stepsecurity.io/secureworkflow/pulumi/pulumi-docker/license.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/lint.yml:48: update your workflow using https://app.stepsecurity.io/secureworkflow/pulumi/pulumi-docker/lint.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/lint.yml:52: update your workflow using https://app.stepsecurity.io/secureworkflow/pulumi/pulumi-docker/lint.yml/master?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/lint.yml:66: update your workflow using https://app.stepsecurity.io/secureworkflow/pulumi/pulumi-docker/lint.yml/master?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/master.yml:131: update your workflow using https://app.stepsecurity.io/secureworkflow/pulumi/pulumi-docker/master.yml/master?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/master.yml:68: update your workflow using https://app.stepsecurity.io/secureworkflow/pulumi/pulumi-docker/master.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/master.yml:73: update your workflow using https://app.stepsecurity.io/secureworkflow/pulumi/pulumi-docker/master.yml/master?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/master.yml:77: update your workflow using https://app.stepsecurity.io/secureworkflow/pulumi/pulumi-docker/master.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/master.yml:155: update your workflow using https://app.stepsecurity.io/secureworkflow/pulumi/pulumi-docker/master.yml/master?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/master.yml:179: update your workflow using https://app.stepsecurity.io/secureworkflow/pulumi/pulumi-docker/master.yml/master?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/master.yml:188: update your workflow using https://app.stepsecurity.io/secureworkflow/pulumi/pulumi-docker/master.yml/master?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/master.yml:196: update your workflow using https://app.stepsecurity.io/secureworkflow/pulumi/pulumi-docker/master.yml/master?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/master.yml:204: update your workflow using https://app.stepsecurity.io/secureworkflow/pulumi/pulumi-docker/master.yml/master?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/master.yml:209: update your workflow using https://app.stepsecurity.io/secureworkflow/pulumi/pulumi-docker/master.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/prerelease.yml:97: update your workflow using https://app.stepsecurity.io/secureworkflow/pulumi/pulumi-docker/prerelease.yml/master?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/prerelease.yml:121: update your workflow using https://app.stepsecurity.io/secureworkflow/pulumi/pulumi-docker/prerelease.yml/master?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/prerelease.yml:130: update your workflow using https://app.stepsecurity.io/secureworkflow/pulumi/pulumi-docker/prerelease.yml/master?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/prerelease.yml:138: update your workflow using https://app.stepsecurity.io/secureworkflow/pulumi/pulumi-docker/prerelease.yml/master?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/prerelease.yml:146: update your workflow using https://app.stepsecurity.io/secureworkflow/pulumi/pulumi-docker/prerelease.yml/master?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/prerelease.yml:151: update your workflow using https://app.stepsecurity.io/secureworkflow/pulumi/pulumi-docker/prerelease.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/prerequisites.yml:61: update your workflow using https://app.stepsecurity.io/secureworkflow/pulumi/pulumi-docker/prerequisites.yml/master?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/prerequisites.yml:64: update your workflow using https://app.stepsecurity.io/secureworkflow/pulumi/pulumi-docker/prerequisites.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/prerequisites.yml:69: update your workflow using https://app.stepsecurity.io/secureworkflow/pulumi/pulumi-docker/prerequisites.yml/master?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/prerequisites.yml:101: update your workflow using https://app.stepsecurity.io/secureworkflow/pulumi/pulumi-docker/prerequisites.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/prerequisites.yml:115: update your workflow using https://app.stepsecurity.io/secureworkflow/pulumi/pulumi-docker/prerequisites.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/publish.yml:64: update your workflow using https://app.stepsecurity.io/secureworkflow/pulumi/pulumi-docker/publish.yml/master?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/publish.yml:72: update your workflow using https://app.stepsecurity.io/secureworkflow/pulumi/pulumi-docker/publish.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/publish.yml:84: update your workflow using https://app.stepsecurity.io/secureworkflow/pulumi/pulumi-docker/publish.yml/master?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/publish.yml:109: update your workflow using https://app.stepsecurity.io/secureworkflow/pulumi/pulumi-docker/publish.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/publish.yml:128: update your workflow using https://app.stepsecurity.io/secureworkflow/pulumi/pulumi-docker/publish.yml/master?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/publish.yml:137: update your workflow using https://app.stepsecurity.io/secureworkflow/pulumi/pulumi-docker/publish.yml/master?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/publish.yml:145: update your workflow using https://app.stepsecurity.io/secureworkflow/pulumi/pulumi-docker/publish.yml/master?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/publish.yml:167: update your workflow using https://app.stepsecurity.io/secureworkflow/pulumi/pulumi-docker/publish.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/publish.yml:188: update your workflow using https://app.stepsecurity.io/secureworkflow/pulumi/pulumi-docker/publish.yml/master?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/publish.yml:192: update your workflow using https://app.stepsecurity.io/secureworkflow/pulumi/pulumi-docker/publish.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/pull-request.yml:42: update your workflow using https://app.stepsecurity.io/secureworkflow/pulumi/pulumi-docker/pull-request.yml/master?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/pull-request.yml:46: update your workflow using https://app.stepsecurity.io/secureworkflow/pulumi/pulumi-docker/pull-request.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:103: update your workflow using https://app.stepsecurity.io/secureworkflow/pulumi/pulumi-docker/release.yml/master?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/release.yml:127: update your workflow using https://app.stepsecurity.io/secureworkflow/pulumi/pulumi-docker/release.yml/master?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/release.yml:136: update your workflow using https://app.stepsecurity.io/secureworkflow/pulumi/pulumi-docker/release.yml/master?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/release.yml:144: update your workflow using https://app.stepsecurity.io/secureworkflow/pulumi/pulumi-docker/release.yml/master?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/release.yml:152: update your workflow using https://app.stepsecurity.io/secureworkflow/pulumi/pulumi-docker/release.yml/master?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/release.yml:157: update your workflow using https://app.stepsecurity.io/secureworkflow/pulumi/pulumi-docker/release.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release_command.yml:14: update your workflow using https://app.stepsecurity.io/secureworkflow/pulumi/pulumi-docker/release_command.yml/master?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/release_command.yml:18: update your workflow using https://app.stepsecurity.io/secureworkflow/pulumi/pulumi-docker/release_command.yml/master?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/release_command.yml:31: update your workflow using https://app.stepsecurity.io/secureworkflow/pulumi/pulumi-docker/release_command.yml/master?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/release_command.yml:40: update your workflow using https://app.stepsecurity.io/secureworkflow/pulumi/pulumi-docker/release_command.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/resync-build.yml:43: update your workflow using https://app.stepsecurity.io/secureworkflow/pulumi/pulumi-docker/resync-build.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/resync-build.yml:48: update your workflow using https://app.stepsecurity.io/secureworkflow/pulumi/pulumi-docker/resync-build.yml/master?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/resync-build.yml:83: update your workflow using https://app.stepsecurity.io/secureworkflow/pulumi/pulumi-docker/resync-build.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/run-acceptance-tests.yml:145: update your workflow using https://app.stepsecurity.io/secureworkflow/pulumi/pulumi-docker/run-acceptance-tests.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/run-acceptance-tests.yml:151: update your workflow using https://app.stepsecurity.io/secureworkflow/pulumi/pulumi-docker/run-acceptance-tests.yml/master?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/run-acceptance-tests.yml:176: update your workflow using https://app.stepsecurity.io/secureworkflow/pulumi/pulumi-docker/run-acceptance-tests.yml/master?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/run-acceptance-tests.yml:185: update your workflow using https://app.stepsecurity.io/secureworkflow/pulumi/pulumi-docker/run-acceptance-tests.yml/master?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/run-acceptance-tests.yml:193: update your workflow using https://app.stepsecurity.io/secureworkflow/pulumi/pulumi-docker/run-acceptance-tests.yml/master?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/run-acceptance-tests.yml:201: update your workflow using https://app.stepsecurity.io/secureworkflow/pulumi/pulumi-docker/run-acceptance-tests.yml/master?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/run-acceptance-tests.yml:206: update your workflow using https://app.stepsecurity.io/secureworkflow/pulumi/pulumi-docker/run-acceptance-tests.yml/master?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/run-acceptance-tests.yml:93: update your workflow using https://app.stepsecurity.io/secureworkflow/pulumi/pulumi-docker/run-acceptance-tests.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/upgrade-bridge.yml:61: update your workflow using https://app.stepsecurity.io/secureworkflow/pulumi/pulumi-docker/upgrade-bridge.yml/master?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/upgrade-bridge.yml:70: update your workflow using https://app.stepsecurity.io/secureworkflow/pulumi/pulumi-docker/upgrade-bridge.yml/master?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/upgrade-bridge.yml:83: update your workflow using https://app.stepsecurity.io/secureworkflow/pulumi/pulumi-docker/upgrade-bridge.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/upgrade-provider.yml:34: update your workflow using https://app.stepsecurity.io/secureworkflow/pulumi/pulumi-docker/upgrade-provider.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/verify-release.yml:87: update your workflow using https://app.stepsecurity.io/secureworkflow/pulumi/pulumi-docker/verify-release.yml/master?enable=pin
- Warn: containerImage not pinned by hash: .devcontainer/Dockerfile:1: pin your Docker image by updating jetpackio/devbox:latest to jetpackio/devbox:latest@sha256:7e2e69b29d9e6292591e7b791160b9e02391044d5a2d71d5ce5a61774087f5a2
- Warn: containerImage not pinned by hash: examples/aws-container-registry/csharp/app/Dockerfile:1: pin your Docker image by updating nginx to nginx@sha256:bc5eac5eafc581aeda3008b4b1f07ebba230de2f27d47767129a6a905c84f470
- Warn: containerImage not pinned by hash: examples/aws-container-registry/go/app/Dockerfile:1: pin your Docker image by updating nginx to nginx@sha256:bc5eac5eafc581aeda3008b4b1f07ebba230de2f27d47767129a6a905c84f470
- Warn: containerImage not pinned by hash: examples/aws-container-registry/py/app/Dockerfile:1: pin your Docker image by updating nginx to nginx@sha256:bc5eac5eafc581aeda3008b4b1f07ebba230de2f27d47767129a6a905c84f470
- Warn: containerImage not pinned by hash: examples/aws-container-registry/ts/app/Dockerfile:1: pin your Docker image by updating nginx to nginx@sha256:bc5eac5eafc581aeda3008b4b1f07ebba230de2f27d47767129a6a905c84f470
- Warn: containerImage not pinned by hash: examples/azure-container-registry/csharp/app/Dockerfile:1: pin your Docker image by updating nginx to nginx@sha256:bc5eac5eafc581aeda3008b4b1f07ebba230de2f27d47767129a6a905c84f470
- Warn: containerImage not pinned by hash: examples/azure-container-registry/go/app/Dockerfile:1: pin your Docker image by updating nginx to nginx@sha256:bc5eac5eafc581aeda3008b4b1f07ebba230de2f27d47767129a6a905c84f470
- Warn: containerImage not pinned by hash: examples/azure-container-registry/py/app/Dockerfile:1: pin your Docker image by updating nginx to nginx@sha256:bc5eac5eafc581aeda3008b4b1f07ebba230de2f27d47767129a6a905c84f470
- Warn: containerImage not pinned by hash: examples/azure-container-registry/ts/app/Dockerfile:1: pin your Docker image by updating nginx to nginx@sha256:bc5eac5eafc581aeda3008b4b1f07ebba230de2f27d47767129a6a905c84f470
- Warn: containerImage not pinned by hash: examples/digitalocean-container-registry/csharp/app/Dockerfile:1: pin your Docker image by updating nginx to nginx@sha256:bc5eac5eafc581aeda3008b4b1f07ebba230de2f27d47767129a6a905c84f470
- Warn: containerImage not pinned by hash: examples/digitalocean-container-registry/go/app/Dockerfile:1: pin your Docker image by updating nginx to nginx@sha256:bc5eac5eafc581aeda3008b4b1f07ebba230de2f27d47767129a6a905c84f470
- Warn: containerImage not pinned by hash: examples/digitalocean-container-registry/py/app/Dockerfile:1: pin your Docker image by updating nginx to nginx@sha256:bc5eac5eafc581aeda3008b4b1f07ebba230de2f27d47767129a6a905c84f470
- Warn: containerImage not pinned by hash: examples/digitalocean-container-registry/ts/app/Dockerfile:1: pin your Docker image by updating nginx to nginx@sha256:bc5eac5eafc581aeda3008b4b1f07ebba230de2f27d47767129a6a905c84f470
- Warn: containerImage not pinned by hash: examples/docker-container-registry/csharp/app/Dockerfile:1: pin your Docker image by updating nginx to nginx@sha256:bc5eac5eafc581aeda3008b4b1f07ebba230de2f27d47767129a6a905c84f470
- Warn: containerImage not pinned by hash: examples/docker-container-registry/go/app/Dockerfile:1: pin your Docker image by updating nginx to nginx@sha256:bc5eac5eafc581aeda3008b4b1f07ebba230de2f27d47767129a6a905c84f470
- Warn: containerImage not pinned by hash: examples/docker-container-registry/py/app/Dockerfile:1: pin your Docker image by updating nginx to nginx@sha256:bc5eac5eafc581aeda3008b4b1f07ebba230de2f27d47767129a6a905c84f470
- Warn: containerImage not pinned by hash: examples/docker-container-registry/ts/app/Dockerfile:1: pin your Docker image by updating nginx to nginx@sha256:bc5eac5eafc581aeda3008b4b1f07ebba230de2f27d47767129a6a905c84f470
- Warn: containerImage not pinned by hash: examples/dockerfile-go/Dockerfile:1
- Warn: containerImage not pinned by hash: examples/dockerfile-go/Dockerfile:3
- Warn: containerImage not pinned by hash: examples/dockerfile-py/Dockerfile:1
- Warn: containerImage not pinned by hash: examples/dockerfile-py/Dockerfile:3
- Warn: containerImage not pinned by hash: examples/dockerfile-with-target/Dockerfile:1
- Warn: containerImage not pinned by hash: examples/dockerfile-with-target/Dockerfile:3
- Warn: containerImage not pinned by hash: examples/dotnet/Dockerfile:1
- Warn: containerImage not pinned by hash: examples/dotnet/Dockerfile:3
- Warn: containerImage not pinned by hash: examples/gcp-container-registry/csharp/app/Dockerfile:1: pin your Docker image by updating nginx to nginx@sha256:bc5eac5eafc581aeda3008b4b1f07ebba230de2f27d47767129a6a905c84f470
- Warn: containerImage not pinned by hash: examples/gcp-container-registry/go/app/Dockerfile:1: pin your Docker image by updating nginx to nginx@sha256:bc5eac5eafc581aeda3008b4b1f07ebba230de2f27d47767129a6a905c84f470
- Warn: containerImage not pinned by hash: examples/gcp-container-registry/py/app/Dockerfile:1: pin your Docker image by updating nginx to nginx@sha256:bc5eac5eafc581aeda3008b4b1f07ebba230de2f27d47767129a6a905c84f470
- Warn: containerImage not pinned by hash: examples/gcp-container-registry/ts/app/Dockerfile:1: pin your Docker image by updating nginx to nginx@sha256:bc5eac5eafc581aeda3008b4b1f07ebba230de2f27d47767129a6a905c84f470
- Warn: containerImage not pinned by hash: examples/multi-stage-build-go/app/Dockerfile:4
- Warn: containerImage not pinned by hash: examples/multi-stage-build-go/app/Dockerfile:16
- Warn: containerImage not pinned by hash: examples/test-build-on-preview/yaml/Dockerfile:1
- Warn: containerImage not pinned by hash: examples/test-build-on-preview/yaml/Dockerfile:3
- Warn: containerImage not pinned by hash: examples/test-builder-version/v1/Dockerfile:1
- Warn: containerImage not pinned by hash: examples/test-builder-version/v2/Dockerfile:1
- Warn: containerImage not pinned by hash: examples/test-dockerfile/dockerignore-default/Dockerfile:1: pin your Docker image by updating bash to bash@sha256:4bbfbe07eceeed5ab9136b37faf4f5cff3c28a339087ce068a76f2c1733054e8
- Warn: containerImage not pinned by hash: examples/test-dockerfile/dockerignore-with-external-dockerfile/Dockerfile:1: pin your Docker image by updating bash to bash@sha256:4bbfbe07eceeed5ab9136b37faf4f5cff3c28a339087ce068a76f2c1733054e8
- Warn: containerImage not pinned by hash: examples/test-local-repo-digest-ts/Dockerfile:1: pin your Docker image by updating ubuntu to ubuntu@sha256:278628f08d4979fb9af9ead44277dbc9c92c2465922310916ad0c46ec9999295
- Warn: containerImage not pinned by hash: examples/test-secrets/yaml/Dockerfile:1
- Warn: containerImage not pinned by hash: examples/test-secrets/yaml/Dockerfile:4
- Warn: containerImage not pinned by hash: examples/test-secrets/yaml/Dockerfile:7
- Warn: containerImage not pinned by hash: examples/test-unknowns/ts/Dockerfile:1
- Warn: containerImage not pinned by hash: examples/test-unknowns/ts/Dockerfile:4
- Warn: containerImage not pinned by hash: examples/test-unknowns/ts/Dockerfile:7
- Warn: containerImage not pinned by hash: examples/test-unknowns/yaml-build-on-preview/Dockerfile:1: pin your Docker image by updating ubuntu to ubuntu@sha256:278628f08d4979fb9af9ead44277dbc9c92c2465922310916ad0c46ec9999295
- Warn: containerImage not pinned by hash: examples/test-unknowns/yaml/Dockerfile:1: pin your Docker image by updating ubuntu to ubuntu@sha256:278628f08d4979fb9af9ead44277dbc9c92c2465922310916ad0c46ec9999295
- Warn: pipCommand not pinned by hash: examples/dockerfile-go/Dockerfile:4
- Warn: pipCommand not pinned by hash: examples/dockerfile-py/Dockerfile:4
- Warn: pipCommand not pinned by hash: examples/dockerfile-with-target/Dockerfile:4
- Warn: pipCommand not pinned by hash: examples/dotnet/Dockerfile:4
- Warn: pipCommand not pinned by hash: examples/test-build-on-preview/yaml/Dockerfile:4
- Warn: pipCommand not pinned by hash: .github/workflows/master.yml:176
- Warn: pipCommand not pinned by hash: .github/workflows/master.yml:177
- Warn: pipCommand not pinned by hash: .github/workflows/prerelease.yml:118
- Warn: pipCommand not pinned by hash: .github/workflows/prerelease.yml:119
- Warn: pipCommand not pinned by hash: .github/workflows/release.yml:124
- Warn: pipCommand not pinned by hash: .github/workflows/release.yml:125
- Warn: pipCommand not pinned by hash: .github/workflows/run-acceptance-tests.yml:173
- Warn: pipCommand not pinned by hash: .github/workflows/run-acceptance-tests.yml:174
- Info: 0 out of 30 GitHub-owned GitHubAction dependencies pinned
- Info: 1 out of 47 third-party GitHubAction dependencies pinned
- Info: 0 out of 46 containerImage dependencies pinned
- Info: 0 out of 13 pipCommand dependencies pinned
Score
4.9
/10
Last Scanned on 2024-11-18
The Open Source Security Foundation is a cross-industry collaboration to improve the security of open source software (OSS). The Scorecard provides security health metrics for open source projects.
Learn More