This is an automated email from the ASF dual-hosted git repository.
arm pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/tooling-trusted-releases.git
The following commit(s) were added to refs/heads/main by this push:
new 4ec8b5a8 Pin Syft version in Dockerfile
4ec8b5a8 is described below
commit 4ec8b5a8fe8fa69940fb3a683c59cb0d068a578e
Author: Alastair McFarlane <[email protected]>
AuthorDate: Thu Feb 19 12:03:24 2026 +0000
Pin Syft version in Dockerfile
---
Dockerfile.alpine | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/Dockerfile.alpine b/Dockerfile.alpine
index b149825a..4fcacfb3 100644
--- a/Dockerfile.alpine
+++ b/Dockerfile.alpine
@@ -58,10 +58,10 @@ RUN [ -f apache-rat-${RAT_VERSION}.jar ] || mv $(find .
-maxdepth 1 -type f -nam
RUN mv apache-rat-${RAT_VERSION}.jar /opt/tools
# WORKDIR /var/run
-# ENV SYFT_VERSION=1.38.2
+ENV SYFT_VERSION=1.38.2
# RUN GOPATH=/usr/local go install
github.com/anchore/syft/cmd/syft@v${SYFT_VERSION}
# TODO: This is much faster than the above, but we should figure out how to
pin the binaries
-RUN curl -sSfL https://raw.githubusercontent.com/anchore/syft/main/install.sh
| sh -s -- -b /usr/local/bin
+RUN curl -sSfL
https://raw.githubusercontent.com/anchore/syft/v${SYFT_VERSION}/install.sh | sh
-s -- -b /usr/local/bin
ENV PARLAY_VERSION=0.9.0
RUN GOPATH=/usr/local go install github.com/snyk/parlay@v${PARLAY_VERSION}
ENV SBOMQS_VERSION=1.1.0
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
