I just tried to run a docker scan on the default docker image from 1.7 rc1
(mix phx.gen.release --docker) It show 45 vulnerabilities, one with high severity.
My understand was that the apt update in the dockerfile should do the trick,
but It clearly isn’t. Anyone who can tell me how to update the image ?
You can change both RUN apt-get update -y && commands into RUN apt-get update -y && apt-get upgrade -y &&. In other words; add an apt-get upgrade -y after the apt-get update command.
This will update all out of date packages if there are (security) updates available for the given platform.
For me it results in fixing all high severe vulnerabilities in the generated image of the generated base docker file.
After doing the above (adding the update command) docker scan still finds 43 low severe vulnerabilities which I assume you can pretty much ignore. The high ones are fixed.
HTH
