Skip to main content
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]
[rdf4j-dev] removing old docker images from dockerhub / vulnerability scanning
Currently, we have docker images for about 20 versions of RDF4J published to Dockerhub (see https://hub.docker.com/repository/docker/eclipse/rdf4j-workbench). However, we tend not to refresh those images, meaning that any security fixes that get published for the base images we rely on do not get pushed. As a result, most of these older version are unsafe to use.

I can easily go in manually and just remove all images other than latest and 4.2.1, but can we think of any reasons to perhaps keep some older tagged versions around? If we do, we'll need to come up with a procedure to refresh those images periodically, and/or a way to scan them so we're aware of potential vulnerabilities affecting them.

Thoughts?

Jeen

Back to the top