Skip to content

Latest commit

 

History

History
29 lines (21 loc) · 434 Bytes

007.md

File metadata and controls

29 lines (21 loc) · 434 Bytes
Raw

deny_job_container_latest_image

Job's container image tag should not be latest.

Examples

jobs:
  container-test-job:
    runs-on: ubuntu-latest
    container:
      image: node:latest # latest tags should not be used

jobs:
  container-test-job:
    runs-on: ubuntu-latest
    container:
      image: node:10 # Ideally, hash is best

Why?

Image tags should be pinned with tag or hash.