Ask HN: How to handle security updates for Docker images?
When you deploy an app as a Docker container, the image is built at deploy time, meaning the libraries only have a chance of being updated the next time you deploy/rebuild your image. Is there any recommended workflow/tools to handle rebuilding your image as soon as a dependency gets a (security) update? To trigger a rebuild, you first need to know relevant upstream updates. To recognize them, you need to know your dependencies. Docker provides no means to track dependencies. In fact, avoiding dependency knowledge is one of its major selling points. I wont say it's impossible problem to tackle. But I doubt any solution you find could work better or be less complicated then regular packaging. Unlike docker, debhelper, rpm, ebuild and others were designed for this task, and have decades of experience in the field. Mend Renovate Dependabot