diff --git a/docker/terraform/Dockerfile b/docker/terraform/Dockerfile index ef28358b880..d855bdedd2e 100644 --- a/docker/terraform/Dockerfile +++ b/docker/terraform/Dockerfile @@ -1,12 +1,12 @@ # Taken and modified from https://github.com/GoogleCloudPlatform/cloud-builders-community/tree/master/terraform -FROM golang:1.25.6-alpine@sha256:d9b2e14101f27ec8d09674cd01186798d227bb0daec90e032aeb1cd22ac0f029 AS GO_BUILD +FROM golang:1.25.7-alpine@sha256:81d49e1de26fa223b9ae0b4d5a4065ff8176a7d80aa5ef0bd9f2eee430afe4d7 AS GO_BUILD ARG TERRAFORM_VERSION WORKDIR /build/ RUN GOBIN=$(pwd) go install github.com/hashicorp/terraform@v${TERRAFORM_VERSION} -FROM gcr.io/google.com/cloudsdktool/google-cloud-cli:alpine@sha256:23eb1691f771e6c249a4db5bf9e4a9af9976b26617d33a8659453bda1bc408ed +FROM gcr.io/google.com/cloudsdktool/google-cloud-cli:alpine@sha256:68100018e78bc098b4dc04a95416edd3ad6a3c7bb5947531b4747176953918f8 COPY --from=GO_BUILD /build/terraform /usr/bin/terraform COPY entrypoint.bash /builder/entrypoint.bash diff --git a/gcp/indexer/Dockerfile b/gcp/indexer/Dockerfile index fe9f533433b..97348649037 100644 --- a/gcp/indexer/Dockerfile +++ b/gcp/indexer/Dockerfile @@ -12,7 +12,7 @@ # See the License for the specific language governing permissions and # limitations under the License. -FROM golang:1.25.6-alpine@sha256:d9b2e14101f27ec8d09674cd01186798d227bb0daec90e032aeb1cd22ac0f029 AS GO_BUILD +FROM golang:1.25.7-alpine@sha256:81d49e1de26fa223b9ae0b4d5a4065ff8176a7d80aa5ef0bd9f2eee430afe4d7 AS GO_BUILD WORKDIR /build # Cache dependencies in these steps @@ -24,7 +24,7 @@ RUN go mod download COPY ./ /build RUN CGO_ENABLED=0 ./build.sh -FROM gcr.io/distroless/base-debian12@sha256:0c70ab46409b94a96f4e98e32e7333050581e75f7038de2877a4bfc146dfc7ce +FROM gcr.io/distroless/base-debian12@sha256:347a41e7f263ea7f7aba1735e5e5b1439d9e41a9f09179229f8c13ea98ae94cf COPY --from=GO_BUILD build/indexer /indexer ENTRYPOINT ["/indexer"] CMD ["--help"] diff --git a/gcp/website/Dockerfile b/gcp/website/Dockerfile index 2c56395977e..3f64fe6e43c 100644 --- a/gcp/website/Dockerfile +++ b/gcp/website/Dockerfile @@ -1,5 +1,5 @@ # Build the Javascript frontend -FROM node:24.13@sha256:b2b2184ba9b78c022e1d6a7924ec6fba577adf28f15c9d9c457730cc4ad3807a AS FRONTEND3_BUILD +FROM node:24.13@sha256:1de022d8459f896fff2e7b865823699dc7a8d5567507e8b87b14a7442e07f206 AS FRONTEND3_BUILD WORKDIR /build/frontend3 # Install dependencies first for better caching diff --git a/gcp/workers/linter/Dockerfile b/gcp/workers/linter/Dockerfile index eb6b3f54791..b705747e59c 100644 --- a/gcp/workers/linter/Dockerfile +++ b/gcp/workers/linter/Dockerfile @@ -14,7 +14,7 @@ # Stage 1: Build the Go linter binary -FROM golang:1.25.6-alpine@sha256:d9b2e14101f27ec8d09674cd01186798d227bb0daec90e032aeb1cd22ac0f029 AS go_builder +FROM golang:1.25.7-alpine@sha256:81d49e1de26fa223b9ae0b4d5a4065ff8176a7d80aa5ef0bd9f2eee430afe4d7 AS go_builder RUN apk add --no-cache git WORKDIR /src diff --git a/go/cmd/custommetrics/Dockerfile b/go/cmd/custommetrics/Dockerfile index 66282c76559..4a45a2f66ca 100644 --- a/go/cmd/custommetrics/Dockerfile +++ b/go/cmd/custommetrics/Dockerfile @@ -12,7 +12,7 @@ # See the License for the specific language governing permissions and # limitations under the License. -FROM golang:1.25.6-alpine@sha256:d9b2e14101f27ec8d09674cd01186798d227bb0daec90e032aeb1cd22ac0f029 AS build +FROM golang:1.25.7-alpine@sha256:81d49e1de26fa223b9ae0b4d5a4065ff8176a7d80aa5ef0bd9f2eee430afe4d7 AS build WORKDIR /src diff --git a/go/cmd/exporter/Dockerfile b/go/cmd/exporter/Dockerfile index 48ce9322d0f..c0308cbcd81 100644 --- a/go/cmd/exporter/Dockerfile +++ b/go/cmd/exporter/Dockerfile @@ -12,7 +12,7 @@ # See the License for the specific language governing permissions and # limitations under the License. -FROM golang:1.25.6-alpine@sha256:d9b2e14101f27ec8d09674cd01186798d227bb0daec90e032aeb1cd22ac0f029 AS build +FROM golang:1.25.7-alpine@sha256:81d49e1de26fa223b9ae0b4d5a4065ff8176a7d80aa5ef0bd9f2eee430afe4d7 AS build WORKDIR /src diff --git a/go/cmd/generatesitemap/Dockerfile b/go/cmd/generatesitemap/Dockerfile index d652ef1bda6..8f775bc80b1 100644 --- a/go/cmd/generatesitemap/Dockerfile +++ b/go/cmd/generatesitemap/Dockerfile @@ -12,7 +12,7 @@ # See the License for the specific language governing permissions and # limitations under the License. -FROM golang:1.25.6-alpine@sha256:d9b2e14101f27ec8d09674cd01186798d227bb0daec90e032aeb1cd22ac0f029 AS build +FROM golang:1.25.7-alpine@sha256:81d49e1de26fa223b9ae0b4d5a4065ff8176a7d80aa5ef0bd9f2eee430afe4d7 AS build WORKDIR /src diff --git a/go/cmd/gitter/Dockerfile b/go/cmd/gitter/Dockerfile index c872d05e5e4..f5c41e7b69e 100644 --- a/go/cmd/gitter/Dockerfile +++ b/go/cmd/gitter/Dockerfile @@ -12,7 +12,7 @@ # See the License for the specific language governing permissions and # limitations under the License. -FROM golang:1.25.6-alpine@sha256:d9b2e14101f27ec8d09674cd01186798d227bb0daec90e032aeb1cd22ac0f029 AS build +FROM golang:1.25.7-alpine@sha256:81d49e1de26fa223b9ae0b4d5a4065ff8176a7d80aa5ef0bd9f2eee430afe4d7 AS build WORKDIR /src @@ -24,7 +24,7 @@ RUN go mod download && go mod verify COPY ./ /src/ RUN CGO_ENABLED=0 go build -o gitter ./cmd/gitter/ -FROM alpine:3.23@sha256:865b95f46d98cf867a156fe4a135ad3fe50d2056aa3f25ed31662dff6da4eb62 +FROM alpine:3.23@sha256:25109184c71bdad752c8312a8623239686a9a2071e8825f20acb8f2198c3f659 # Need to install the full tar package, to not use the busybox version, which doesn't have --zstd support. RUN apk add --no-cache git zstd tar diff --git a/go/cmd/recordchecker/Dockerfile b/go/cmd/recordchecker/Dockerfile index a6da2085771..aa01b3ef365 100644 --- a/go/cmd/recordchecker/Dockerfile +++ b/go/cmd/recordchecker/Dockerfile @@ -12,7 +12,7 @@ # See the License for the specific language governing permissions and # limitations under the License. -FROM golang:1.25.6-alpine@sha256:d9b2e14101f27ec8d09674cd01186798d227bb0daec90e032aeb1cd22ac0f029 AS build +FROM golang:1.25.7-alpine@sha256:81d49e1de26fa223b9ae0b4d5a4065ff8176a7d80aa5ef0bd9f2eee430afe4d7 AS build WORKDIR /src diff --git a/go/cmd/relations/Dockerfile b/go/cmd/relations/Dockerfile index ae09d09ccfa..c840bd0bc48 100644 --- a/go/cmd/relations/Dockerfile +++ b/go/cmd/relations/Dockerfile @@ -12,7 +12,7 @@ # See the License for the specific language governing permissions and # limitations under the License. -FROM golang:1.25.6-alpine@sha256:d9b2e14101f27ec8d09674cd01186798d227bb0daec90e032aeb1cd22ac0f029 AS build +FROM golang:1.25.7-alpine@sha256:81d49e1de26fa223b9ae0b4d5a4065ff8176a7d80aa5ef0bd9f2eee430afe4d7 AS build WORKDIR /src diff --git a/vulnfeeds/cmd/combine-to-osv/Dockerfile b/vulnfeeds/cmd/combine-to-osv/Dockerfile index e5f23812808..7de27f90078 100644 --- a/vulnfeeds/cmd/combine-to-osv/Dockerfile +++ b/vulnfeeds/cmd/combine-to-osv/Dockerfile @@ -12,7 +12,7 @@ # See the License for the specific language governing permissions and # limitations under the License. -FROM golang:1.25.6-alpine@sha256:d9b2e14101f27ec8d09674cd01186798d227bb0daec90e032aeb1cd22ac0f029 AS GO_BUILD +FROM golang:1.25.7-alpine@sha256:81d49e1de26fa223b9ae0b4d5a4065ff8176a7d80aa5ef0bd9f2eee430afe4d7 AS GO_BUILD RUN mkdir /src WORKDIR /src @@ -26,7 +26,7 @@ RUN go build -o combine-to-osv ./cmd/combine-to-osv/ RUN go build -o download-cves ./cmd/mirrors/download-cves/ -FROM gcr.io/google.com/cloudsdktool/google-cloud-cli:alpine@sha256:23eb1691f771e6c249a4db5bf9e4a9af9976b26617d33a8659453bda1bc408ed +FROM gcr.io/google.com/cloudsdktool/google-cloud-cli:alpine@sha256:68100018e78bc098b4dc04a95416edd3ad6a3c7bb5947531b4747176953918f8 RUN apk --no-cache add jq WORKDIR /root/ diff --git a/vulnfeeds/cmd/converters/alpine/Dockerfile b/vulnfeeds/cmd/converters/alpine/Dockerfile index 1073c62e5e6..7ecd4547ec6 100644 --- a/vulnfeeds/cmd/converters/alpine/Dockerfile +++ b/vulnfeeds/cmd/converters/alpine/Dockerfile @@ -12,7 +12,7 @@ # See the License for the specific language governing permissions and # limitations under the License. -FROM golang:1.25.6-alpine@sha256:d9b2e14101f27ec8d09674cd01186798d227bb0daec90e032aeb1cd22ac0f029 AS GO_BUILD +FROM golang:1.25.7-alpine@sha256:81d49e1de26fa223b9ae0b4d5a4065ff8176a7d80aa5ef0bd9f2eee430afe4d7 AS GO_BUILD RUN mkdir /src WORKDIR /src @@ -25,7 +25,7 @@ COPY ./ /src/ RUN go build -o alpine-osv ./cmd/converters/alpine/ -FROM gcr.io/google.com/cloudsdktool/google-cloud-cli:alpine@sha256:23eb1691f771e6c249a4db5bf9e4a9af9976b26617d33a8659453bda1bc408ed +FROM gcr.io/google.com/cloudsdktool/google-cloud-cli:alpine@sha256:68100018e78bc098b4dc04a95416edd3ad6a3c7bb5947531b4747176953918f8 WORKDIR /root/ COPY --from=GO_BUILD /src/alpine-osv ./ diff --git a/vulnfeeds/cmd/converters/cve/cve5/bulk-converter/Dockerfile b/vulnfeeds/cmd/converters/cve/cve5/bulk-converter/Dockerfile index 4819bd8e19d..1a7b436717c 100644 --- a/vulnfeeds/cmd/converters/cve/cve5/bulk-converter/Dockerfile +++ b/vulnfeeds/cmd/converters/cve/cve5/bulk-converter/Dockerfile @@ -12,7 +12,7 @@ # See the License for the specific language governing permissions and # limitations under the License. -FROM golang:1.25.6-alpine@sha256:d9b2e14101f27ec8d09674cd01186798d227bb0daec90e032aeb1cd22ac0f029 AS go_build +FROM golang:1.25.7-alpine@sha256:81d49e1de26fa223b9ae0b4d5a4065ff8176a7d80aa5ef0bd9f2eee430afe4d7 AS go_build RUN mkdir /src WORKDIR /src @@ -25,7 +25,7 @@ RUN go mod download && go mod verify COPY ./ /src/ RUN go build -o cve-bulk-converter ./cmd/converters/cve/cve5/bulk-converter/ -FROM gcr.io/google.com/cloudsdktool/google-cloud-cli:alpine@sha256:23eb1691f771e6c249a4db5bf9e4a9af9976b26617d33a8659453bda1bc408ed +FROM gcr.io/google.com/cloudsdktool/google-cloud-cli:alpine@sha256:68100018e78bc098b4dc04a95416edd3ad6a3c7bb5947531b4747176953918f8 RUN apk --no-cache add jq WORKDIR /root/ diff --git a/vulnfeeds/cmd/converters/cve/nvd-cve-osv/Dockerfile b/vulnfeeds/cmd/converters/cve/nvd-cve-osv/Dockerfile index 12e520e2c57..a899010ff63 100644 --- a/vulnfeeds/cmd/converters/cve/nvd-cve-osv/Dockerfile +++ b/vulnfeeds/cmd/converters/cve/nvd-cve-osv/Dockerfile @@ -12,7 +12,7 @@ # See the License for the specific language governing permissions and # limitations under the License. -FROM golang:1.25.6-alpine@sha256:d9b2e14101f27ec8d09674cd01186798d227bb0daec90e032aeb1cd22ac0f029 AS GO_BUILD +FROM golang:1.25.7-alpine@sha256:81d49e1de26fa223b9ae0b4d5a4065ff8176a7d80aa5ef0bd9f2eee430afe4d7 AS GO_BUILD WORKDIR /go/src @@ -22,7 +22,7 @@ RUN go mod download && go mod verify COPY . . RUN CGO_ENABLED=0 go build -v -o /usr/local/bin ./cmd/converters/cve/nvd-cve-osv ./cmd/mirrors/download-cves -FROM gcr.io/google.com/cloudsdktool/google-cloud-cli:alpine@sha256:23eb1691f771e6c249a4db5bf9e4a9af9976b26617d33a8659453bda1bc408ed +FROM gcr.io/google.com/cloudsdktool/google-cloud-cli:alpine@sha256:68100018e78bc098b4dc04a95416edd3ad6a3c7bb5947531b4747176953918f8 RUN apk --no-cache add jq COPY --from=GO_BUILD /usr/local/bin/ ./usr/local/bin/ diff --git a/vulnfeeds/cmd/converters/debian/Dockerfile b/vulnfeeds/cmd/converters/debian/Dockerfile index 4d73051add8..ac7998d263d 100644 --- a/vulnfeeds/cmd/converters/debian/Dockerfile +++ b/vulnfeeds/cmd/converters/debian/Dockerfile @@ -12,7 +12,7 @@ # See the License for the specific language governing permissions and # limitations under the License. -FROM golang:1.25.6-alpine@sha256:d9b2e14101f27ec8d09674cd01186798d227bb0daec90e032aeb1cd22ac0f029 AS GO_BUILD +FROM golang:1.25.7-alpine@sha256:81d49e1de26fa223b9ae0b4d5a4065ff8176a7d80aa5ef0bd9f2eee430afe4d7 AS GO_BUILD RUN mkdir /src WORKDIR /src @@ -25,7 +25,7 @@ COPY ./ /src/ RUN go build -o debian ./cmd/converters/debian/ -FROM gcr.io/google.com/cloudsdktool/google-cloud-cli:alpine@sha256:23eb1691f771e6c249a4db5bf9e4a9af9976b26617d33a8659453bda1bc408ed +FROM gcr.io/google.com/cloudsdktool/google-cloud-cli:alpine@sha256:68100018e78bc098b4dc04a95416edd3ad6a3c7bb5947531b4747176953918f8 WORKDIR /root/ COPY --from=GO_BUILD /src/debian ./ diff --git a/vulnfeeds/cmd/mirrors/cpe-repo-gen/Dockerfile b/vulnfeeds/cmd/mirrors/cpe-repo-gen/Dockerfile index d710b2c3bb3..bb66a90dce4 100644 --- a/vulnfeeds/cmd/mirrors/cpe-repo-gen/Dockerfile +++ b/vulnfeeds/cmd/mirrors/cpe-repo-gen/Dockerfile @@ -12,7 +12,7 @@ # See the License for the specific language governing permissions and # limitations under the License. -FROM golang:1.25.6-alpine@sha256:d9b2e14101f27ec8d09674cd01186798d227bb0daec90e032aeb1cd22ac0f029 AS GO_BUILD +FROM golang:1.25.7-alpine@sha256:81d49e1de26fa223b9ae0b4d5a4065ff8176a7d80aa5ef0bd9f2eee430afe4d7 AS GO_BUILD RUN mkdir /src WORKDIR /src @@ -24,7 +24,7 @@ RUN go mod download COPY ./ /src/ RUN CGO_ENABLED=0 go build -o cpe-repo-gen ./cmd/mirrors/cpe-repo-gen -FROM gcr.io/google.com/cloudsdktool/google-cloud-cli:alpine@sha256:23eb1691f771e6c249a4db5bf9e4a9af9976b26617d33a8659453bda1bc408ed +FROM gcr.io/google.com/cloudsdktool/google-cloud-cli:alpine@sha256:68100018e78bc098b4dc04a95416edd3ad6a3c7bb5947531b4747176953918f8 RUN apk add --no-cache unzip diff --git a/vulnfeeds/cmd/mirrors/debian-copyright-mirror/Dockerfile b/vulnfeeds/cmd/mirrors/debian-copyright-mirror/Dockerfile index e78c74ab7ca..b010e1a0597 100644 --- a/vulnfeeds/cmd/mirrors/debian-copyright-mirror/Dockerfile +++ b/vulnfeeds/cmd/mirrors/debian-copyright-mirror/Dockerfile @@ -12,7 +12,7 @@ # See the License for the specific language governing permissions and # limitations under the License. -FROM gcr.io/google.com/cloudsdktool/google-cloud-cli:alpine@sha256:23eb1691f771e6c249a4db5bf9e4a9af9976b26617d33a8659453bda1bc408ed +FROM gcr.io/google.com/cloudsdktool/google-cloud-cli:alpine@sha256:68100018e78bc098b4dc04a95416edd3ad6a3c7bb5947531b4747176953918f8 RUN apk add py3-yaml diff --git a/vulnfeeds/cmd/mirrors/download-cves/Dockerfile b/vulnfeeds/cmd/mirrors/download-cves/Dockerfile index 947db494682..46a328d300e 100644 --- a/vulnfeeds/cmd/mirrors/download-cves/Dockerfile +++ b/vulnfeeds/cmd/mirrors/download-cves/Dockerfile @@ -12,7 +12,7 @@ # See the License for the specific language governing permissions and # limitations under the License. -FROM golang:1.25.6-alpine@sha256:d9b2e14101f27ec8d09674cd01186798d227bb0daec90e032aeb1cd22ac0f029 AS GO_BUILD +FROM golang:1.25.7-alpine@sha256:81d49e1de26fa223b9ae0b4d5a4065ff8176a7d80aa5ef0bd9f2eee430afe4d7 AS GO_BUILD RUN mkdir /src WORKDIR /src @@ -24,7 +24,7 @@ RUN go mod download COPY ./ /src/ RUN go build -o download-cves ./cmd/mirrors/download-cves/ -FROM gcr.io/google.com/cloudsdktool/google-cloud-cli:alpine@sha256:23eb1691f771e6c249a4db5bf9e4a9af9976b26617d33a8659453bda1bc408ed +FROM gcr.io/google.com/cloudsdktool/google-cloud-cli:alpine@sha256:68100018e78bc098b4dc04a95416edd3ad6a3c7bb5947531b4747176953918f8 WORKDIR /usr/local/bin COPY --from=GO_BUILD /src/download-cves ./ diff --git a/vulnfeeds/tools/debian/Dockerfile b/vulnfeeds/tools/debian/Dockerfile index 2d5fbdec6f4..fd59715957f 100644 --- a/vulnfeeds/tools/debian/Dockerfile +++ b/vulnfeeds/tools/debian/Dockerfile @@ -12,7 +12,7 @@ # See the License for the specific language governing permissions and # limitations under the License. -FROM gcr.io/google.com/cloudsdktool/google-cloud-cli:alpine@sha256:23eb1691f771e6c249a4db5bf9e4a9af9976b26617d33a8659453bda1bc408ed +FROM gcr.io/google.com/cloudsdktool/google-cloud-cli:alpine@sha256:68100018e78bc098b4dc04a95416edd3ad6a3c7bb5947531b4747176953918f8 # Setup Poetry in its own virtual environment. # So when poetry changes the system dependencies, it doesn't mess with its own dependencies