DeepSource
Dashboard Resources Pricing Discover Directory Log in

Run your first analysis.

Find thousands of code security and quality issues in your codebase, before they end up in production.

Start now
Docker

Docker

Made by DeepSource
Use Analyzer

Use only an allowed registry in the FROM image DOK-DL3026

Security
Minor

Using the FROM instruction is a huge exercise in trust, you have to trust that a particular version or an image is safe for you to use, and that it will never be retagged maliciously. In order to prevent that, some companies copy trusted images into their own repositories, and reference them directly.

For example, this would be an untrusted image:

FROM randomguy/fancy:10

But after an audit, the company decides to copy the image into their own repository, as it was deemed safe:

FROM my-registry.com/fancy:10

To change the behaviour either add relevant configuration to .deepsource.toml or add a .hadolint.yaml to the root of the project.

Bad Practice

FROM randomguy/python:3.6

Recommended

FROM my-registry.com/python:3.6