DL3033 - Pin versions in yum install

Description

yum install and yum module install commands should specify explicit package or module versions to produce deterministic builds.

Goals

• Avoid accidental upgrades when building images.
• Encourage explicit version pinning for every installed package or module.

Specification

1. Iterate over each RUN instruction in the Dockerfile and split the instruction into shell command segments.
2. For every segment starting with yum:
3. If the command uses module install, ensure each module argument after install contains a colon (stream:version).
4. If the command uses regular install, ensure each package argument after install includes a hyphenated version (pkg-version) or ends with .rpm.
5. Ignore flags beginning with - when collecting package names.
6. If any package or module lacks a version specification, emit DL3033 at the RUN line with the message Specify version with `yum install -y <package>-<version>`.

(c) 2025 Asymmetric Effort, LLC. scaldwell@asymmetric-effort.com