Patch & Maintain Your Tools

Gord sharpens her sword before danger appears.
In DevSecOps, outdated tools and dependencies fail exactly when pressure spikes.

Outdated components cause:

• silent breakage under stress,
• failures at the worst moment,
• known vulnerabilities waiting to be exploited.

Before entering any “deep forest” in production:

One of the most important practices in container security is keeping images and dependencies up to date. It usually happens on projects that are actively maintained, but less often in legacy systems or the basic infrastructure layers, e.g. a base image you built months ago and keep reusing.

• Update dependencies and base images regularly.
• Remove deprecated libs and stale packages.
• Patch known CVEs quickly.
• Automate recurring maintenance tasks.

Example: Version Parameters in Dockerfiles

Rebuild images frequently to incorporate the latest patches. Use build arguments to manage base image versions easily:

ARG BASE_IMAGE_VERSION=3.13-slim
FROM python:${BASE_IMAGE_VERSION}

Lock the dependencies in your application and check them regularly for vulnerabilities. Use tools like Dependabot, Renovate, or Snyk to automate dependency updates and vulnerability scanning.

Exercise

1. Review your current Dockerfiles and identify any outdated base images or dependencies.
2. Implement a process to regularly update and rebuild your images.