dowjones
Automatically Refresh Docker Hub Image Base Layers
Is your feature request related to a problem? Please describe. The 2.4.0 version of the docker hub image was not updated for over a year and Docker Desktop was flagging the image as having vulnerabilities in the base layers.
Describe the solution you'd like Is it possible to setup an automation to build and publish images to docker hub on some interval to reduce the likelihood that consumers receive alerts about CVEs
Describe alternatives you've considered There are probably OSS community standards and best practices for maintainers of docker images that we could align with.
Additional context It's entirely possible, even likely, that consumers of tokendito are NOT at risk of many of the CVEs reported for the base layers but tokendito does access remote resources and used for security purposes.
Excellent notice @opis-mark, we should definitely build on a regular basis to keep up with updates to the base image. We could and should automate watching the base image for a new version and trigger a build+deploy tokendito release. PRs are most welcome, or I will eventually submit one to implement something like this, this is definitely a must have, thanks for bringing this up!
Just bumping this issue as there is now a CVE being flagged in the alpine layer for the XY compression library which is ranked 8.7-High.