Pulling Images by Digest

Learn what image digests are, and how pulling images by digests is a more reliable method.

We'll cover the following...

The problem with tags

So far, we’ve seen how to pull and work with images using names (tags). While this is the most common method, it has a problem—tags are mutable. This means it’s possible to tag an image incorrectly or give a new image the same tag as an older one. An extremely common example is the latest tag. For example, pulling the alpine:latest tag a year ago will not pull the same image as pulling the same tag today.

Example

Let’s consider a quick example outlining one potential implication of trusting mutable tags. Imagine we have an image called golftrack:1.5, and we get a warning that it has a critical vulnerability. We build a new image containing the fix and push the new image to the same repository with the same tag. Take a moment to consider what just happened and the implications.

We have an image called golftrack:1.5 that’s being used by lots ...

About the Course

An Overview of Containers

Docker and Container-Related Standards and Projects

The Big Picture

The Docker Engine

Working with Images

Working with Containers

Containerizing an Application

Conclusion

Appendix: Getting Docker

Pulling Images by Digest

The problem with tags

Example