docker-lock

Automatically manage image digests in Dockerfiles, docker-compose files, and Kubernetes manifests by tracking them in a separate Lockfile (by safe-waters)

Docker-lock Alternatives

Similar projects and alternatives to docker-lock

NOTE: The number of mentions on this list indicates mentions on common posts plus user suggested alternatives. Hence, a higher number means a better docker-lock alternative or higher similarity.

docker-lock reviews and mentions

Posts with mentions or reviews of docker-lock. We have used some of these posts to build our list of alternatives and similar projects. The last one was on 2023-12-06.
  • :latest or :version for supporting services?
    3 projects | /r/selfhosted | 6 Dec 2023
    I do both! I tag my services with :latest, then use docker-lock. It scans your docker and docker-compose, generates a lock file and adds the current sha to git. That lets me freely update because I can always go get the previous version from git, rollback, and pin the version for that specific container if there is a problem. It really is the best of both worlds.
  • Keeping Up with Docker Official Images
    5 projects | news.ycombinator.com | 8 Jun 2021
    Nice! I was thinking about building something similar -- just filed an issue for how you might extend this to work for migrating registries.

    Pleasantly surprised to come across this PR: https://github.com/safe-waters/docker-lock/pull/73

    This is a perfect application of crane :)

    5 projects | news.ycombinator.com | 8 Jun 2021
    Shameless Plug: I wrote a cli-plugin for docker, docker-lock, to solve the mutable tag problem without having to manually specify hashes - https://github.com/safe-waters/docker-lock

    It creates a Lockfile (think package-lock.json) that tracks the image digests (sha256 hashes) of your base images, so you will always know exactly which images you are using even if you only specify tags. This way, you can know if a base image has changed, yet still receive important security updates that you would not receive if you hardcode the digest. It supports any registry, so is useful even if you are not using Dockerhub. It also works with Dockerfiles, docker-compose files, and Kubernetes manifests.

    I hope anyone dealing with this issue finds it helpful :)

  • A note from our sponsor - SaaSHub
    www.saashub.com | 28 Mar 2024
    SaaSHub helps you find the best software and product alternatives Learn more →

Stats

Basic docker-lock repo stats
3
424
0.0
about 2 months ago

safe-waters/docker-lock is an open source project licensed under Apache License 2.0 which is an OSI approved license.

The primary programming language of docker-lock is Go.

SaaSHub - Software Alternatives and Reviews
SaaSHub helps you find the best software and product alternatives
www.saashub.com