From 4120800bd9e4b46c84b2e1b1436929b3f133eb07 Mon Sep 17 00:00:00 2001 From: Karl Haworth Date: Tue, 16 Apr 2024 07:51:40 -0400 Subject: [PATCH] - move path from `minimal-harded-image` -> `minimal-hardened-image` Signed-off-by: Karl Haworth --- .../Dockerfile | 0 .../README.md | 0 docs/deployment/docker.md | 4 ++-- 3 files changed, 2 insertions(+), 2 deletions(-) rename contrib/docker/{minimal-harded-image => minimal-hardened-image}/Dockerfile (100%) rename contrib/docker/{minimal-harded-image => minimal-hardened-image}/README.md (100%) diff --git a/contrib/docker/minimal-harded-image/Dockerfile b/contrib/docker/minimal-hardened-image/Dockerfile similarity index 100% rename from contrib/docker/minimal-harded-image/Dockerfile rename to contrib/docker/minimal-hardened-image/Dockerfile diff --git a/contrib/docker/minimal-harded-image/README.md b/contrib/docker/minimal-hardened-image/README.md similarity index 100% rename from contrib/docker/minimal-harded-image/README.md rename to contrib/docker/minimal-hardened-image/README.md diff --git a/docs/deployment/docker.md b/docs/deployment/docker.md index 791882224d..9ec5460a88 100644 --- a/docs/deployment/docker.md +++ b/docs/deployment/docker.md @@ -345,8 +345,8 @@ The `Dockerfile` mentioned above located in `packages/backend` is maintained by ### Minimal Hardened Image -A contributed `Dockerfile` exists within the directory of `contrib/docker/minimal-harded-image` which uses the [`wolfi-base`](https://github.com/wolfi-dev) image to reduce vulnerabilities. When this was contributed, this alternative `Dockerfile` reduced 98.2% of vulnerabilities in the built Backstage docker image when compared with the image built from `packages/backend/Dockerfile`. +A contributed `Dockerfile` exists within the directory of `contrib/docker/minimal-hardened-image` which uses the [`wolfi-base`](https://github.com/wolfi-dev) image to reduce vulnerabilities. When this was contributed, this alternative `Dockerfile` reduced 98.2% of vulnerabilities in the built Backstage docker image when compared with the image built from `packages/backend/Dockerfile`. -To reduce maintenance, the digest of the image has been removed from the `contrib/docker/minimal-harded-image/Dockerfile` file. A complete example with the digest would be `cgr.dev/chainguard/wolfi-base:latest@sha256:3d6dece13cdb5546cd03b20e14f9af354bc1a56ab5a7b47dca3e6c1557211fcf` and it is suggested to update the `FROM` line in the `Dockerfile` to use a digest. Please do a docker pull on the image to get the latest digest. Using the digest allows tools such as Dependabot or Renovate to know exactly which image digest is being utilized and allows for Pull Requests to be triggered when a new digest is available. +To reduce maintenance, the digest of the image has been removed from the `contrib/docker/minimal-hardened-image/Dockerfile` file. A complete example with the digest would be `cgr.dev/chainguard/wolfi-base:latest@sha256:3d6dece13cdb5546cd03b20e14f9af354bc1a56ab5a7b47dca3e6c1557211fcf` and it is suggested to update the `FROM` line in the `Dockerfile` to use a digest. Please do a docker pull on the image to get the latest digest. Using the digest allows tools such as Dependabot or Renovate to know exactly which image digest is being utilized and allows for Pull Requests to be triggered when a new digest is available. It is suggested to setup Dependabot/Renovate or a similar tool to ensure the image is kept up to date so that vulnerability fixes that have been addressed are pulled in frequently.