Container base images (like Official Docker Hub images) are often updated without new tag versions. I call this Silent Rebuilds. There's no way to know this happens without image digest-checking automation like Dependabot and Renovate with specific settings. Failure to keep up-to-date is a prime source of vulnerabilities that can lead to serious security breaches. Automate the updates!

Check out the video podcast version here: https://youtu.be/z_ahbsSc4Fo

🙌 My next course is coming soon! I've opened the waitlist for those wanting to go deep in GitHub Actions for DevOps and AI automation. I'm thrilled to announce this course. The waitlist allows you to quickly sign up for some content updates, discounts, and more as I finish building the course. https://learn.bretfisher.com/waitlist🍾

★Show Links★

• Course waitlist: GitHub Actions Pro
• https://www.bretfisher.com/blog/silent-rebuilds
• https://github.com/BretFisher/silent-rebuilds
• https://www.bretfisher.com/chainguard-event

Creators & Guests

• Cristi Cotovan - Editor
• Bret Fisher - Host
• Beth Fisher - Producer
• Nirmal Mehta - Host

You can also support my free material by subscribing to my YouTube channel and my weekly newsletter at bret.news!

Grab the best coupons for my Docker and Kubernetes courses.
Join my cloud native DevOps community on Discord.
Grab some merch at Bret's Loot Box
Homepage bretfisher.com

• (00:00) - Intro
• (05:30) - Docker Security and Image Builds
• (09:33) - CVEs in Containers
• (10:59) - Where we were
• (14:46) - Silent Builds and Mutable Tags
• (18:04) - Docker Official Image Tags Are Rebuilt Often
• (20:34) - Chainguard's Tool
• (20:54) - Tag Tracker Tool Overview
• (25:33) - High Fivers DevOps Group
• (27:36) - Problem of Silent Rebuilds
• (35:53) - Post-Stream Updates