lintai docs

Appearance

Rule Reference

SEC749lintai-ai-securitystabledockerfilewarn

Dockerfile: mutable registry image in FROM

Dockerfile FROM uses a mutable registry image without a digest pin

Provider
lintai-ai-security
Surface
dockerfile
Scope
per_file
Tier
stable
Severity
warn
Confidence
high
Detection
structural
Remediation
message_only

Activation Model

Preset Membership

This rule is part of the builtin activation graph through these preset memberships.

supply-chainmembership

Lifecycle

Stable Lifecycle Contract

State

stable_gated

Graduation rationale

Checks committed Dockerfiles for registry-distributed base images that are not digest pinned.

Deterministic signal basis

DockerfileSignals exact `FROM` token analysis with conservative registry-image matching and digest-pin detection on the selected image token.

Malicious corpus
dockerfile-mutable-base-image
Benign corpus
dockerfile-digest-pinned-base-image
structured evidence required remediation reviewed
Canonical note

Structural stable rule intended as a high-precision check with deterministic evidence.

Nearby Signals

Related Rules

SEC746Dockerfile: remote script execution in RUNDockerfile RUN downloads remote code and executes itdockerfilestable
SEC747Dockerfile: final stage runs as rootDockerfile final stage explicitly runs as rootdockerfilestable
SEC751Dockerfile: latest or implicit-latest base image tagDockerfile FROM uses a latest or implicit-latest image tagdockerfilestable

Why It Matters

Mutable base-image references make builds non-reproducible and weaken supply-chain review. The same tag can point to different bytes over time without any change in the committed Dockerfile.

What Triggers

SEC749 matches FROM instructions when the selected registry-distributed image reference is not pinned by digest.

False Positives

The rule is intentionally conservative: it uses the same registry-image matching logic already used elsewhere in the product and only flags references that are both registry-distributed and not digest pinned.

Remediation

Pin the base image by digest, for example ghcr.io/acme/app@sha256:..., so rebuilds and reviews refer to the same artifact.