-
Notifications
You must be signed in to change notification settings - Fork 28
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Support alpine images #78
Comments
Hi @bdun1013 Do you have some research that actually show that alpine has fewer vulnerabilities? and in any case, we already look for security issues on the images now. Regards, |
Here's output from CVE scanning both Debian and Alpine based Postgres images with Trivy (https://github.com/aquasecurity/trivy) ❯ podman run docker.io/aquasec/trivy image postgres:16.2-bullseye
postgres:16.2-bullseye (debian 11.9)
====================================
Total: 195 (UNKNOWN: 12, LOW: 121, MEDIUM: 32, HIGH: 28, CRITICAL: 2)
❯ podman run docker.io/aquasec/trivy image postgres:16.2-alpine
postgres:16.2-alpine (alpine 3.19.1)
====================================
Total: 1 (UNKNOWN: 0, LOW: 0, MEDIUM: 0, HIGH: 1, CRITICAL: 0) We would also like Alpine based images very very much. |
Even more if you scan it against the official cloudnative-pg image...
|
The official Postgres images support an alpine base image build: https://github.com/docker-library/postgres/tree/master/16/alpine3.18
Alpine is much smaller than debian and has many fewer vulnerabilities
The text was updated successfully, but these errors were encountered: