mollyim / mollysocket

MollySocket allows getting Signal notifications via UnifiedPush.
GNU Affero General Public License v3.0
106 stars 10 forks source link

Use alpine linux instead of debian #37

Closed mce0 closed 1 week ago

mce0 commented 5 months ago

According to containercve.com there are currently 98 vulnerabilities detected in the docker image. I suppose this is because the docker image is based on Debian which is always a bit behind on updates.

I suggest using alpine as base. It has more up-to-date packages and often results in an even smaller image.

mce0 commented 4 months ago

For those interested, I now build my on image which is available at github.com/mce0/mollysocket-OCI with some extra hardening applied. Maybe it can be a base for improving the image provided in this repo.