[yokohummer7]

When I learned Docker for the first time I was so surprised that so few people mention the problem. As one who is used to automatic secutity updates provided by Linux distributions, relying on manual `docker build`s gives me anxiety. I use Docker because it solves many of my problems, but I have not been able to feel easy from potential security concerns from the beginning.

[hibbelig]

I used to think like that as well. But what is “manual” about “docker build” that isn’t also manual with “apt full-upgrade”, say?

[yokohummer7]

What I meant by "automatic" was Ubuntu/Debian's unattended upgrade feature. I've used it for years without any problem, and it has relieved much of my maintenance burden.

Maybe I need to enable it in containers too? I have no idea how to use it on (containerized) Alpine Linux though.

Even without unattended upgrades, finding the list of `Dockerfile`s and `docker-compose.xml`s that might be affected by a new vulnerability sounds more complicated to me. Until now it hasn't been that difficult but I'm still a bit nervous if I somehow missed some vulnerable images.

[gruez]

you can configure unattended-updates with apt-get. I guess you can do the same with docker if you use some sort of CI service + auto deploy script, but it's way more work + way more opportunities for failure