Open mpldr opened 2 years ago
scottmando2000
commented
2 years ago I second this, but for a different reason, security vulnerabilities. Alpine containers are already security focused.
I have just ran the latest version of nginx proxy manager through the Trivy container scanner to see that there are almost 1000 active CVE's in the project.
https://trivy.dev/results/?image=jc21/nginx-proxy-manager:latest
@jc21
jc21
commented
2 years ago History lesson, NPM was using Alpine for most of it's life but it became unreliable and I can't exactly remember why but the history is hidden in an issue somewhere.. The next smallest solution was debian-slim. The base image is using debian:buster-slim and that probably could be changed to bullseye to get some updates to outdated packages.
scottmando2000
commented
2 years ago Thanks for the response!
Moving to bullseye would probably be a good step, but would it be possible to have scheduled build to prevent latest from getting out of date?
I did see that the last publish date on the latest tag was 7 months ago, which is a bit concerning on the security side of things.
Thanks, Scott
NPM is pretty heavy, which can inflate the image store significantly when regularly updating it. An Alpine Container would probably reduce this issue significantly.