Skip to content

Query "Unpinned Package Version in Apk Add" for Docker detects missing versions for virtual package names #5124

New issue
New issue
Closed
#5181
Closed
Query "Unpinned Package Version in Apk Add" for Docker detects missing versions for virtual package names#5124
#5181
Assignees
cx-miguel-dasilva
Labels
bugSomething isn't workingcommunityCommunity contribution
@malte-laukoetter

Description

@malte-laukoetter
malte-laukoetter
opened on Apr 4, 2022

Expected Behavior

KICS should not report version pinning issues when using virtual packages.

Actual Behavior

For the RUN instruction apk add --no-cache --virtual build-dependencies gnupg=1.0.0 unzip=1.0.0 curl=1.0.0; KICS detect that version pinning is missing for "build-dependencies". This is not a package that is installed but the name of the virtual package used to group the installed dependencies and therefore shouldn't have a version.

Specifications

  • Version: 1.5.5
  • Platform: Docker
  • Subsystem: Dockerfiles
  • Query: d3499f6d-1651-41bb-a9a7-de925fea487b

References

Metadata

Metadata

Assignees

Labels

bugSomething isn't workingcommunityCommunity contribution

Type

No type

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions