Closed
Description
The official Postgres images support an alpine base image build: https://github.com/docker-library/postgres/tree/master/16/alpine3.18
Alpine is much smaller than debian and has many fewer vulnerabilities
Metadata
Metadata
Assignees
Labels
No labels
Activity
sxd commentedon Feb 22, 2024
Hi @bdun1013
Do you have some research that actually show that alpine has fewer vulnerabilities? and in any case, we already look for security issues on the images now.
Regards,
gazab commentedon Feb 27, 2024
Here's output from CVE scanning both Debian and Alpine based Postgres images with Trivy (https://github.com/aquasecurity/trivy)
We would also like Alpine based images very very much.
onedr0p commentedon Feb 27, 2024
Even more if you scan it against the official cloudnative-pg image...
sxd commentedon Mar 28, 2025
Those images are out of support and aren't supposed to be used anymore, closing
mungo312 commentedon May 8, 2025
@sxd Where did you see the images are out of support ? I can't find any hint about this. There are up to date images generated on the upstream based on alpine. Would be really great if we could use them with cnpg.
sxd commentedon May 8, 2025
@mungo312 https://github.com/cloudnative-pg/postgres-containers/?tab=readme-ov-file#system-images