Vulnerabilities

Last week a post was made about 30% of the docker images having some type of security vulnerability.

A good thing about this was that some people finally realized that docker images are as safe as other software. Some have a maintainer and are up-to-date, others not really.

You should look every image with a grain of salt and try to understand how it was built. jpetazzo made an excellent post about this.

So, how can we leverage the build process?

Using automated builds: Add a repository with a Dockerfile and dockerhub will automatically build it for you. If you choose this approach don't forget to setup “Repository Links”, so that your image is automatically updated when the base image is also updated.

Maybe dockerhub should try to setup this link automatically

Using circleci: If you have more than one dockerfile per repository or if you want to do some automated testing before you push the image:

Now you can go the docker hub and search for your base image, for example, debian. Select “Webhooks” and insert the following api call:

This way, every time that official image gets updated,it will trigger a build.