Closed bianjp closed 9 months ago
Maybe we can add this functionality to the existing container
source? @yan12125, what do you think?
Maybe we can add this functionality to the existing
container
source? @yan12125, what do you think?
@lilydjwg I have tried extending container
source and it works. I'll make a pull request later.
Background
Docker image tag is just an alias of image ID, and can be updated to refer to new image IDs.
Many docker images provide tags named by its major version (or major and minor version), so users can easily get future patch version update without updating their Dockerfile. Say
nginx:1.24
for example, whenever a new patch version 1.24.x is released, the tag will be updated.Tags are also occasionally updated to eliminate vulnerabilities.
Feature
I hope nvchecker can watch for updates of image tags on Docker Hub (like
nginx:1.24
,oraclelinux:8
). Some private base images in our intranet depend on these public images and I want to keep them update-to-date and secure.Nvchecker's container plugin can only watch for new tags and is not applicable.
Proposal
Add a container_tag plugin.
Available API to check tag update:
/v2/<name>/manifests/<reference>
Unfortunately no image ID or update time is returned, so we have to use fsLayers to check whether tag is updatedhistory[0].v1Compatibility.created