Use Long Names for Your Base Images
When you are a consumer of base images from DockerHub, do yourself the favor of using the long names.
In your Dockerfile if you just specify the short name:
FROM perl:5.34.0
You cannot see what base image, this is based on, so when you can to investigate potential security issues etc. you first have to find out what operating system and version you are based on.
perl:5.34.0 is the equivalent of: 5.34.0-bullseye
And also all of these variations are available.
- 5.34.0, 5.34, 5, latest, 5.34.0-bullseye, 5.34-bullseye, 5-bullseye, bullseye
- 5.34.0-buster, 5.34-buster, 5-buster, buster
- 5.34.0-slim, 5.34-slim, 5-slim, slim, 5.34.0-slim-bullseye, 5.34-slim-bullseye, 5-slim-bullseye, slim-bullseye
- 5.34.0-slim-buster, 5.34-slim-buster, 5-slim-buster, slim-buster
- 5.34.0-threaded, 5.34-threaded, 5-threaded, threaded, 5.34.0-threaded-bullseye, 5.34-threaded-bullseye, 5-threaded-bullseye, threaded-bullseye
- 5.34.0-threaded-buster, 5.34-threaded-buster, 5-threaded-buster, threaded-buster
- 5.34.0-slim-threaded, 5.34-slim-threaded, 5-slim-threaded, slim-threaded, 5.34.0-slim-threaded-bullseye, 5.34-slim-threaded-bullseye, 5-slim-threaded-bullseye, slim-threaded-bullseye
- 5.34.0-slim-threaded-buster, 5.34-slim-threaded-buster, 5-slim-threaded-buster, slim-threaded-buster
Additional examples for Ruby and Python, where I recommend the same pattern.
FROM ruby:3.1.0-bullseye
REF: GitHub: jonasbn/docker-cheatset
FROM python:3.10.2-slim as spellcheck-builder
REF: GitHub: rojopolis/spellcheck-github-actions
Bonus Material
- You can configure Dependabot to assist you in keeping your Docker images up to date
- You can use Snyk to do security audits of your Docker images