Is there any command/way to get latest digest(sha256) for amazon/aws-lambda-nodejs:14. Currently, we are manually setting digest version sha256. Like, give below.
FROM amazon/aws-lambda-nodejs:14@sha256:621368a9c8cbf474b60ae9092725f6ea7ae4f9b0ac7a9229039e25157bad990b
We end up getting vulnerabilities after some time for the Docker image. Please suggest a way/command in Dockerfile to get the latest version or stable version while building a Docker image.
2
Answers
The list of digests for each tag is available from a V2 registry JSON response for a specific tag in the
imagesarray:Also from a local image in the
RepoDigestsarrayIf you specify an exact image hash like that, you’ll always get that exact image, never a newer version or build.
It’s more common to just specify the image tag
If you
docker pullthe base image, it will contact the registry and try to get a newer version. It won’t download versions or layers it already has, so this can be quick if the image hasn’t changed upstream (or it can be slow if the base OS has an update and you need to download the whole thing again).docker buildanddocker-compose buildboth have--pulloptions that can do this automatically. If you’re using Compose, for example, you canto get the newest build of any image mentioned in the
docker-compose.ymlfile or in DockerfileFROMlines.