File tree Expand file tree Collapse file tree 1 file changed +5
-2
lines changed
Expand file tree Collapse file tree 1 file changed +5
-2
lines changed Original file line number Diff line number Diff line change 22
33# Build stage
44# Using node:22.1.0-alpine with OpenSSL 3.3.2+ to address CVE-2024-6119
5- FROM node:22.1.0-alpine AS builder
5+ # Pinned to AMD64-specific SHA256 digest for supply chain security and deterministic builds
6+ # To update: docker pull --platform linux/amd64 node:22.1.0-alpine && docker inspect --format='{{index .RepoDigests 0}}' node:22.1.0-alpine
7+ FROM node:22.1.0-alpine@sha256:487dc5d5122d578e13f2231aa4ac0f63068becd921099c4c677c850df93bede8 AS builder
68
79# Set build-time variables for reproducibility
810ARG NODE_ENV=development
@@ -53,7 +55,8 @@ RUN npm run build
5355
5456# Production stage
5557# Using node:22.1.0-alpine with OpenSSL 3.3.2+ to address CVE-2024-6119
56- FROM node:22.1.0-alpine AS production
58+ # Pinned to AMD64-specific SHA256 digest for supply chain security and deterministic builds
59+ FROM node:22.1.0-alpine@sha256:487dc5d5122d578e13f2231aa4ac0f63068becd921099c4c677c850df93bede8 AS production
5760
5861# Declare build arguments in production stage
5962ARG PORT=3081
You can’t perform that action at this time.
0 commit comments