from Hacker News

Write a Good Dockerfile in 19 “Easy” Steps

by codefinger on 4/27/21, 7:26 PM with 1 comments

• by sneak on 4/28/21, 12:24 AM

  This misses the most important security step of all: when you specify an exact tag, instead find the hash of the specific image and use that instead, e.g.:

      FROM ubuntu@sha256:01234567...