Suggestion Description

I was looking into supply chain security of the almalinux 8 image.

It is currently pulling from a non-official image of almalinux:
https://github.com/ROCm/ROCm-docker/blob/master/dev/Dockerfile-almalinux-8-complete#L1

FROM amd64/almalinux:8

This appears to be published by the amd64 organization but also says it is the official image at https://hub.docker.com/r/amd64/almalinux/

The official build of AlmaLinux OS.

According to https://github.com/AlmaLinux/docker-images and https://hub.docker.com/_/almalinux

The official image is almalinux:8.

If you want to pull always the amd64 version of this, I would do a line like FROM --platform=linux/amd64 almalinux:8

I suggest y'all switch over to the official image to avoid supply chain security red flags

Operating System

almalinux

GPU

No response

ROCm Component

No response