Hardened alpine linux baseimage for Docker.
Note: If you use Golang, build statically and use iron-scratch. If you are using Java/Python/NodeJS/dotnet, use a distroless image instead.
# you can pull a global version (3), a series version (3.13) or a specific version (3.13.2)
docker pull ghcr.io/ironpeakservices/iron-alpine/iron-alpine:3
docker pull ghcr.io/ironpeakservices/iron-alpine/iron-alpine:3.13
docker pull ghcr.io/ironpeakservices/iron-alpine/iron-alpine:3.13.2
docker pull ghcr.io/ironpeakservices/iron-alpine:1.0.0
See the nginx example.
Updates to the official alpine docker image are automatically created as a pull request and trigger linting & a docker build. When those checks complete without errors, a merge into master will trigger a deploy with the same version to packages.
If you want, you can also enable vulnerability scanning during your build (for free). Take a look at https://github.com/aquasecurity/microscanner