Skip to content

chore: update dockerfile base images to latest rolling tags#3915

Merged
spiffcs merged 3 commits intomainfrom
base-image-updates
May 19, 2025
Merged

chore: update dockerfile base images to latest rolling tags#3915
spiffcs merged 3 commits intomainfrom
base-image-updates

Conversation

@spiffcs
Copy link
Copy Markdown
Contributor

@spiffcs spiffcs commented May 19, 2025
edited
Loading

Description

An upstream issue with busy box was causing issues where users would see:

wget: TLS error from peer (alert code 40): handshake failure
wget: error getting response: Connection reset by peer

This could cause issues in ci pipelines where users needed the debug image of syft for running pre CI commands before the sbom functionality was invoked.

This PR moves us forward to use the rolling tags for latest and debug images from distroless debian12

Here is a local demonstration of the fix. PR reviewers can pull down the branch and run make snapshot to build the docker images and test on their local:

[I] (base-image-updates)> docker run -it --rm --entrypoint /busybox/wget be0d5f30581e --no-check-certificate --spider https://www.google.com
Connecting to www.google.com (142.250.65.196:443)
remote file exists
[I]  (base-image-updates)> docker image ls | grep be0d
anchore/syft                                                 debug-arm64v8                                                      be0d5f30581e   2 minutes ago   50.2MB
anchore/syft                                                 v1.25.0-debug-arm64v8                                              be0d5f30581e   2 minutes ago   50.2MB
ghcr.io/anchore/syft                                         debug-arm64v8                                                      be0d5f30581e   2 minutes ago   50.2MB
ghcr.io/anchore/syft                                         v1.25.0-debug-arm64v8                                              be0d5f30581e   2 minutes ago   50.2MB

Type of change

  • Bug fix (non-breaking change which fixes an issue)

Checklist:

  • I have tested my code in common scenarios and confirmed there are no regressions

@spiffcs
chore: update base images to latest pinned sha
cdf8956 
Signed-off-by: Christopher Phillips <32073428+spiffcs@users.noreply.github.com>
@spiffcs spiffcs requested a review from willmurphyscode May 19, 2025 13:08
spiffcs added 2 commits May 19, 2025 09:19
@spiffcs
feat: update to use latest
2ec245c 
Signed-off-by: Christopher Phillips <32073428+spiffcs@users.noreply.github.com>
@spiffcs
chore: update to rolling tags
a32fcf2 
Signed-off-by: Christopher Phillips <32073428+spiffcs@users.noreply.github.com>
@spiffcs spiffcs changed the title chore: update base images to latest pinned sha chore: update base images to latest rolling tags May 19, 2025
@spiffcs spiffcs changed the title chore: update base images to latest rolling tags chore: update dockerfile base images to latest rolling tags May 19, 2025
@spiffcs spiffcs enabled auto-merge (squash) May 19, 2025 13:40
@spiffcs spiffcs merged commit b4ca040 into main May 19, 2025
12 checks passed
@spiffcs spiffcs deleted the base-image-updates branch May 19, 2025 13:43
@BrewTestBot BrewTestBot mentioned this pull request May 20, 2025
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@wagoodman wagoodman wagoodman approved these changes

@willmurphyscode willmurphyscode Awaiting requested review from willmurphyscode

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

syft 1.24.0 debug container - wget fails TLS

2 participants

@spiffcs @wagoodman