From bb1405cb4402e7ddeaf0eefb9c9e1f9ecf2f5989 Mon Sep 17 00:00:00 2001
From: Taras Drozdovskyi <t.drozdovsky@samsung.com>
Date: Tue, 19 Dec 2023 18:22:25 +0200
Subject: [PATCH] fix: Fix Dockerfile for secure installation of scanoss
 package (#366)

Signed-off-by: Taras Drozdovskyi <t.drozdovsky@samsung.com>
---
 Dockerfile | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/Dockerfile b/Dockerfile
index e565893c..247519f3 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -31,7 +31,8 @@ RUN apt-get update && \
 RUN rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/*
 
 # Install SCANOSS
-RUN pip3 install scanoss --require-hashes
+RUN echo "scanoss==1.8.0 --hash=sha256:5d7d3c5dcff799155b72eaf3c88385a5f3e5fbb887afcffed42c9bd87f0b66f3" > requirements.txt
+RUN pip3 install --require-hashes --no-deps -r requirements.txt
 
 # Allow to listen port 7896
 EXPOSE 7896