scorecard icon indicating copy to clipboard operation
scorecard copied to clipboard
verified publisher icon ossf

BUG: are we updating our container images?

Open laurentsimon opened this issue 3 years ago • 3 comments

I was pulling some images and found that https://github.com/ossf/scorecard/blob/main/Dockerfile#L15, for example, was built in 08-2021, and the latest image is from 2022-04

I stumbled upon this by chance because the image was failing to build in unit tests.

Our dependabot config file has an entry for docker images, so I'm not exactly sure what's going on.

@naveensrinivasan any thoughts?

laurentsimon avatar Apr 15 '22 16:04 laurentsimon

No clue! It should work, AFAIK.

naveensrinivasan avatar Apr 15 '22 23:04 naveensrinivasan

when is the last time we merged a dependabot PR for a dockerfile update?

laurentsimon avatar Apr 18 '22 15:04 laurentsimon

when is the last time we merged a dependabot PR for a dockerfile update?

https://github.com/ossf/scorecard/pull/1786 21 days before

naveensrinivasan avatar Apr 18 '22 15:04 naveensrinivasan

Closing as all 8 docker files are in our dependabot config, and the various docker files are being updated. And both the docker builds and the cloud builds are succeeding.

spencerschrock avatar Jan 27 '24 00:01 spencerschrock