docker scancontainers to get vulnerability information and base image upgrade guidance. Scan the image by running the following command. Passing the
Dockerfileused to build the image using
--fileis needed to receive base image suggestions.
Minorupgrades are the most likely to be compatible with little work,
Majorupgrades can introduce breaking changes depending on image usage,
Alternativearchitecture images are shown for more technical users to investigate.
snyk-docker/deployment.apps/goofproject will show the same vulnerabilities as the
Dockerfileproject from the previous section.
Dockerfileto see base image suggestions.
Dockerfilewith a text editor, and replace, or comment out, the old base image with a new one. In this example, we'll use
kubectl. The deployment's
ImagePullPolicyforces Kubernetes to pull the latest image from Docker Hub.
developbranch. Use Git to do so.
developbranch to the