File tree Expand file tree Collapse file tree 3 files changed +3636
-1929
lines changed
Expand file tree Collapse file tree 3 files changed +3636
-1929
lines changed Original file line number Diff line number Diff line change 11# syntax=docker/dockerfile:1.4
22
33# Build stage
4- FROM node:22.1.0-alpine@sha256:487dc5d5122d578e13f2231aa4ac0f63068becd921099c4c677c850df93bede8 AS builder
4+ # Using node:22-alpine with OpenSSL 3.3.2+ to address CVE-2024-6119
5+ # Pinned to specific SHA256 digest for supply chain security and deterministic builds
6+ # To update: podman pull node:22-alpine && podman inspect node:22-alpine --format '{{index .RepoDigests 0}}'
7+ # Last updated: 2025-10-24
8+ FROM node:22-alpine@sha256:d31216005bd330aa47f848822d4f269f6c79f0905b60cca1d87577149519daa6 AS builder
59
610# Set build-time variables for reproducibility
711ARG NODE_ENV=development
@@ -50,7 +54,10 @@ COPY . .
5054# Build TypeScript code with deterministic output
5155RUN npm run build
5256
53- FROM node:22.1.0-alpine@sha256:487dc5d5122d578e13f2231aa4ac0f63068becd921099c4c677c850df93bede8 AS production
57+ # Production stage
58+ # Using node:22-alpine with OpenSSL 3.3.2+ to address CVE-2024-6119
59+ # Pinned to specific SHA256 digest for supply chain security and deterministic builds
60+ FROM node:22-alpine@sha256:d31216005bd330aa47f848822d4f269f6c79f0905b60cca1d87577149519daa6 AS production
5461
5562# Declare build arguments in production stage
5663ARG PORT=3081
You can’t perform that action at this time.
0 commit comments