How to manage and patch enterprise docker images

Asked Oct 20 '20 at 01:15

Active Oct 20 '20 at 09:13

Viewed 241 times

How do organizations handle patching of internal Docker images? I'm not able to find any documentation on this.

I want to make sure that my approach aligns with the Docker best practices. To sum up, this is my strategy:

Create an image hierarchy using the Centos7 image as the base image to build the following images:
```
tomcat
python
java
jboss
apache
```
Include a yum update -y in the Centos7 Dockerfile and release monthly images with a specific tag. ie:
```
internal-registry.example/admin/centos7:oct2020
```
Dockerfiles for the child images will also be updated to pull from the newest monthly image and tag them as well. ie: tomcat Dockerfile.
```
FROM internal-registry.example/admin/centos7:nov2020
```
Push images to the registry and perform image scanning.
Notify development teams every month to build images with the new tag.

Is there a better way to handle patches?

edited Oct 20 '20 at 09:13

Vit

asked Oct 20 '20 at 01:15

Samuel Rodriguez

AFAIK you cannot patch docker images. Do you mean updating your stack on a monthly basis? – Yuri G. Oct 20 '20 at 05:51
How would CVE detected by image scans be resolved? – Samuel Rodriguez Oct 20 '20 at 17:20

0 Answers0