Expected/desired solution :
Fixing the Security vulnerabilities found on base docker image without increasing the newer version of "base docker image" due to Application stability and its dependency of its packages.
Here is the solution :
Easy way
- use the docker inspect command to see the "environment variable for the current version and its latest patch version if not available search it the Linux Official distro sites.
- Found the Patch version of the docker image and its checksum in the "Docker Hub".
- C the docker file and import with checksum or with patch vesion.
- Build your docker image from your docker file.
- Scan the docker image your created in the above step using docker security vulnerabilities scanner tools like scout , trivy , sysdig and snyk
- Count and compare the vulnerabilities on your current docker image and the previous version of the docker image.
- Finally wrap your Application Packages (WAR, JAR, nodeJS or Python) and check the application stability .
If Easy way - doesn't work , then "Hard way" - I will soon update here