Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Support alpine images #78

Open
bdun1013 opened this issue Nov 15, 2023 · 3 comments · May be fixed by #94
Open

Support alpine images #78

bdun1013 opened this issue Nov 15, 2023 · 3 comments · May be fixed by #94
Assignees
@sxd

Comments

@bdun1013
Copy link

bdun1013 commented Nov 15, 2023
edited

The official Postgres images support an alpine base image build: https://github.com/docker-library/postgres/tree/master/16/alpine3.18

Alpine is much smaller than debian and has many fewer vulnerabilities
@sxd
Copy link
Member

sxd commented Feb 22, 2024

Hi @bdun1013

Do you have some research that actually show that alpine has fewer vulnerabilities? and in any case, we already look for security issues on the images now.

Regards,

@sxd sxd self-assigned this Feb 22, 2024
@gazab
Copy link

gazab commented Feb 27, 2024
edited

Here's output from CVE scanning both Debian and Alpine based Postgres images with Trivy (https://github.com/aquasecurity/trivy)

❯ podman run docker.io/aquasec/trivy image postgres:16.2-bullseye

postgres:16.2-bullseye (debian 11.9)
====================================
Total: 195 (UNKNOWN: 12, LOW: 121, MEDIUM: 32, HIGH: 28, CRITICAL: 2)

❯ podman run docker.io/aquasec/trivy image postgres:16.2-alpine

postgres:16.2-alpine (alpine 3.19.1)
====================================
Total: 1 (UNKNOWN: 0, LOW: 0, MEDIUM: 0, HIGH: 1, CRITICAL: 0)

We would also like Alpine based images very very much.

@onedr0p
Copy link

onedr0p commented Feb 27, 2024

Even more if you scan it against the official cloudnative-pg image...

ghcr.io/cloudnative-pg/postgresql:16.2-6 (debian 11.9)
======================================================
Total: 273 (UNKNOWN: 12, LOW: 143, MEDIUM: 55, HIGH: 57, CRITICAL: 6)

@sando38 sando38 linked a pull request Mar 1, 2024 that will close this issue
Draft
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@sxd sxd

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

WIP: add Alpine Dockerfile sando38/postgres-containers
4 participants
@onedr0p @gazab @sxd @bdun1013