Hello everyone,
I'm curious if anyone (probably from a large organization) has had to do security patching for the OSS docker images and if so, what they're doing to automate this process? We are trying to minimize operational maintenance, and part of that is having to manually construct a hardened image based off of the original OSS image. That includes changing the base images to security hardened ones, using the latest source code, using a different nginx conf file, using a different npm registry, etc. The are lots of little fragmented changes that I do to manually adapt the original docker files, and it would make automation not so straight-forward. Curious about what patterns and technologies others are using to automate patching for these images.