Ask HN: How to handle security updates for Docker images?

4 points by BeenAGoodUser 3 years ago | 3 comments

When you deploy an app as a Docker container, the image is built at deploy time, meaning the libraries only have a chance of being updated the next time you deploy/rebuild your image. Is there any recommended workflow/tools to handle rebuilding your image as soon as a dependency gets a (security) update?

radonek 3 years ago |

To trigger a rebuild, you first need to know relevant upstream updates. To recognize them, you need to know your dependencies. Docker provides no means to track dependencies. In fact, avoiding dependency knowledge is one of its major selling points.

I wont say it's impossible problem to tackle. But I doubt any solution you find could work better or be less complicated then regular packaging. Unlike docker, debhelper, rpm, ebuild and others were designed for this task, and have decades of experience in the field.

captaindiego 3 years ago |

Mend Renovate

yuppie_scum 3 years ago |

Dependabot