Docker Dash

How to Patch Docker Images

How to Patch Docker Images

The goal of patching docker images is to fix any known vulnerabilities. You want to keep your images patched so the systems and data in them are safe from cyber attack.

There are a few ways to do this whats right for you will depend on your situation.

Update from upstream

When building images you usually build off of another image using FROM eg, your file might start with.

FROM ubuntu:18:04

To get the updates from upstream you might be able to change the version tag, for example to ubuntu:20:02.

Some upgrades might take a bit longer, they might have unexpected complications.

Upgrading The Base OS

If your not ready to update the base image version, or there isnt one available you can update the base os. For an ubuntu based image you would use apt-get upgrade

FROM ubuntu:18:04
RUN apt-get update && apt-get upgrade

Keep in mind adding this makes consecutive builds inconsistent and can be bad for build stability.