What I meant by "automatic" was Ubuntu/Debian's unattended upgrade feature. I've used it for years without any problem, and it has relieved much of my maintenance burden.
Maybe I need to enable it in containers too? I have no idea how to use it on (containerized) Alpine Linux though.
Even without unattended upgrades, finding the list of `Dockerfile`s and `docker-compose.xml`s that might be affected by a new vulnerability sounds more complicated to me. Until now it hasn't been that difficult but I'm still a bit nervous if I somehow missed some vulnerable images.
you can configure unattended-updates with apt-get. I guess you can do the same with docker if you use some sort of CI service + auto deploy script, but it's way more work + way more opportunities for failure
Maybe I need to enable it in containers too? I have no idea how to use it on (containerized) Alpine Linux though.
Even without unattended upgrades, finding the list of `Dockerfile`s and `docker-compose.xml`s that might be affected by a new vulnerability sounds more complicated to me. Until now it hasn't been that difficult but I'm still a bit nervous if I somehow missed some vulnerable images.