Your Images are Out of Date (probably) - The Silent Rebuilds problem
Download MP3Container base images (like Official Docker Hub images) are often updated without new tag versions. I call this Silent Rebuilds. There's no way to know this happens without image digest-checking automation like Dependabot and Renovate with specific settings. Failure to keep up-to-date is a prime source of vulnerabilities that can lead to serious security breaches. Automate the updates!
Check out the video podcast version here: https://youtu.be/z_ahbsSc4Fo
Check out the video podcast version here: https://youtu.be/z_ahbsSc4Fo
🙌 My next course is coming soon! I've opened the waitlist for those wanting to go deep in GitHub Actions for DevOps and AI automation. I'm thrilled to announce this course. The waitlist allows you to quickly sign up for some content updates, discounts, and more as I finish building the course. https://learn.bretfisher.com/waitlist🍾
★Show Links★
- Course waitlist: GitHub Actions Pro
- https://www.bretfisher.com/blog/silent-rebuilds
- https://github.com/BretFisher/silent-rebuilds
- https://www.bretfisher.com/chainguard-event
You can also support my free material by subscribing to my YouTube channel and my weekly newsletter at bret.news!
Grab the best coupons for my Docker and Kubernetes courses.
Join my cloud native DevOps community on Discord.
Grab some merch at Bret's Loot Box
Homepage bretfisher.com
Grab the best coupons for my Docker and Kubernetes courses.
Join my cloud native DevOps community on Discord.
Grab some merch at Bret's Loot Box
Homepage bretfisher.com
- (00:00) - Intro
- (05:30) - Docker Security and Image Builds
- (09:33) - CVEs in Containers
- (10:59) - Where we were
- (14:46) - Silent Builds and Mutable Tags
- (18:04) - Docker Official Image Tags Are Rebuilt Often
- (20:34) - Chainguard's Tool
- (20:54) - Tag Tracker Tool Overview
- (25:33) - High Fivers DevOps Group
- (27:36) - Problem of Silent Rebuilds
- (35:53) - Post-Stream Updates
Creators and Guests
Host
Bret Fisher
Cloud native DevOps Dude. Course creator, YouTuber, Podcaster. Docker Captain and CNCF Ambassador. People person who spends too much time in front of a computer.
Producer
Beth Fisher
Producer of the DevOps and Docker Talk and Agentic DevOps podcasts. Assistant producer on Bret Fisher Live show on YouTube. Business and proposal writer by trade.
