How can I deal with security updates in Docker images?

Question

How can I deal with security updates in Docker images?

I'm interested in trying wordpress for Docker. I think I understand the general concept. What should I do with security updated to something like PHP or from the bottom of Ubuntu? How do I keep my entire stack safe while keeping my blog intact?

+3

security docker wordpress

Sean W. June 21. '15 at 8:11

source to share

2 answers

I think you have a Dockerfile so you can build your image easily. When a vulnerability is disclosed, you apply the patch and create a new image and deploy it. Good read is a recent posting http://jpetazzo.github.io/2015/05/27/docker-images-vulnerabilities/

0

user2915097 June 21. '15 at 9:39

source to share

Adrian mouat · Accepted Answer · 2015-06-21T11:32:14+0000

The Wordpress image is built on top of the PHP image, which in turn is built on top of Debian.

It is the responsibility of the owner of the Wordpress image to update with newer versions of Wordpress and restore the image when the PHP or debian base images are updated (this can be automated to some extent with links to the repository).

It is your responsibility to make sure you are using an updated version of the Wordpress image. This means regular execution docker pull

and removal of obsolete containers. You are probably using volume containers or data volumes to store your site, which can be easily migrated to new containers when upgrading.

Things get more complicated if you use custom images that don't update frequently; you may find it easier to extract the source and save the package updates yourself.

In the future, you may see more tools to check for vulnerabilities and ensure images are up to date.

How can I deal with security updates in Docker images?

More articles: