Your Images are Out of Date (probably) - The Silent Rebuilds problem
Download MP3Container base images (like Official Docker Hub images) are often updated without new tag versions. I call this Silent Rebuilds. There's no way to know this happens without image digest-checking automation like Dependabot and Renovate with specific settings. Failure to keep up-to-date is a prime source of vulnerabilities that can lead to serious security breaches. Automate the updates!
Check out the video podcast version here: https://youtu.be/z_ahbsSc4Fo
Check out the video podcast version here: https://youtu.be/z_ahbsSc4Fo
🙌 The Agentic DevOps Guild has launched! It's a training + community + mentorship program for engineers wanting to learn the latest CI/CD automation and dive into Agentic DevOps. Meetups are happening now, with new course videos dropping every few weeks. Join the Guild and become your team's leader in AI for infrastructure automation https://www.bretfisher.com/theguild 🍾
★Show Links★
- Course waitlist: GitHub Actions Pro
- https://www.bretfisher.com/blog/silent-rebuilds
- https://github.com/BretFisher/silent-rebuilds
- https://www.bretfisher.com/chainguard-event
You can also support this podcast by subscribing to my YouTube channel and my weekly newsletter at bret.news!
Grab the best coupons for my Docker and Kubernetes courses.
Join my cloud native DevOps community on Discord.
Grab some merch at Bret's Loot Box
Homepage bretfisher.com
Grab the best coupons for my Docker and Kubernetes courses.
Join my cloud native DevOps community on Discord.
Grab some merch at Bret's Loot Box
Homepage bretfisher.com
- (00:00) - Intro
- (05:30) - Docker Security and Image Builds
- (10:13) - CVEs in Containers
- (11:39) - Where we were
- (15:26) - Silent Builds and Mutable Tags
- (18:44) - Docker Official Image Tags Are Rebuilt Often
- (21:14) - Chainguard's Tool
- (21:34) - Tag Tracker Tool Overview
- (26:13) - High Fivers DevOps Group
- (28:16) - Problem of Silent Rebuilds
- (36:33) - Post-Stream Updates
Creators and Guests
Host
Bret Fisher
Cloud native DevOps Dude. Course creator, YouTuber, Podcaster. Docker Captain and CNCF Ambassador. People person who spends too much time in front of a computer.
Producer
Beth Fisher
Producer of the DevOps and Docker Talk and Agentic DevOps podcasts. Assistant producer on Bret Fisher Live show on YouTube. Business and proposal writer by trade.
