guilload
commented
1 week ago First, we should start publishing our dev images to another namespace. Then, we should systemically scan our prod images with Snyk or some other tool and address security vulnerabilities, i.e., re-publish images with updated base images or packages, should they be detected.
Regarding the last issue, unlike Snyk, Debian does not consider it a critical security issue so there was not much I could do. I ended up publishing an Ubuntu-based image to provide an alternative.
We need to define and implement a sustainable process to fix security vulnerabilities in our docker images.