From a1416fa820b9785493e7a91b011b4b5e36afe288 Mon Sep 17 00:00:00 2001
From: StepSecurity Bot <bot@stepsecurity.io>
Date: Fri, 27 Mar 2026 21:14:44 +0000
Subject: [PATCH] [StepSecurity] Apply security best practices

Signed-off-by: StepSecurity Bot <bot@stepsecurity.io>
---
 .github/dependabot.yml | 5 +++++
 website/Dockerfile     | 2 +-
 2 files changed, 6 insertions(+), 1 deletion(-)

diff --git a/.github/dependabot.yml b/.github/dependabot.yml
index 35f0b455c..bf6d8b4cb 100644
--- a/.github/dependabot.yml
+++ b/.github/dependabot.yml
@@ -44,3 +44,8 @@ updates:
       website-npm-all:
         patterns:
         - "*"
+
+  - package-ecosystem: docker
+    directory: /website
+    schedule:
+      interval: daily
diff --git a/website/Dockerfile b/website/Dockerfile
index dd8075c38..1eb90a71b 100644
--- a/website/Dockerfile
+++ b/website/Dockerfile
@@ -1,2 +1,2 @@
 # Use a Dockerfile for the image ref so that dependabot can update it for us
-FROM docker.io/library/node:24-bookworm
+FROM docker.io/library/node:24-bookworm@sha256:bb20cf73b3ad7212834ec48e2174cdcb5775f6550510a5336b842ae32741ce6c