chore(docker): update docker#11601
Conversation
renovate
Bot
added
dependencies
|
✅ Conflict Markers Resolved All conflict markers have been successfully resolved in this pull request. |
renovate
Bot
force-pushed
the
renovate/docker
branch
2 times, most recently
from
66ff82d to
1657cc9
Compare
📝 WalkthroughWalkthroughThe default value of the ChangesDocker Image Digest Bump
Estimated code review effort🎯 1 (Trivial) | ⏱️ ~2 minutes 🚥 Pre-merge checks | ✅ 3 | ❌ 2❌ Failed checks (1 warning, 1 inconclusive)
✅ Passed checks (3 passed)
✏️ Tip: You can configure your own custom pre-merge checks in the settings. ✨ Finishing Touches🧪 Generate unit tests (beta)
Comment |
![coderabbitai[bot]](https://avatars.githubusercontent.com/in/347564?s=60&v=4){kind=small}
There was a problem hiding this comment.
Actionable comments posted: 1
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
Inline comments:
In `@contrib/aws/multi-account-securityhub/Dockerfile`:
- Line 4: The PROWLER_VERSION argument in the Dockerfile uses an invalid Docker
image digest that does not exist in the official toniblyx/prowler Docker Hub
repository, which will cause build failures. Replace the digest value in the ARG
PROWLER_VERSION line with a valid tag such as `latest` or `5.30.1` from the
official Docker Hub repository.
🪄 Autofix (Beta)
Fix all unresolved CodeRabbit comments on this PR:
- Push a commit to this branch (recommended)
- Create a new PR with the fixes
ℹ️ Review info
⚙️ Run configuration
Configuration used: Organization UI
Review profile: ASSERTIVE
Plan: Pro Plus
Run ID: b0472b3d-8afd-401b-b861-b91b558f9d7f
📒 Files selected for processing (1)
contrib/aws/multi-account-securityhub/Dockerfile
| # docker build --platform=linux/amd64 --no-cache -t prowler:latest . | ||
|
|
||
| ARG PROWLER_VERSION=latest@sha256:4b796c6df40a3350c7947747b59bdda230d0da6222287500e13b0a8e1574aad4 | ||
| ARG PROWLER_VERSION=latest@sha256:d59d7a132292e4495e744d2b86dac240899591082e724deb62f001b0e8125a83 |
There was a problem hiding this comment.
🧩 Analysis chain
🌐 Web query:
What is the latest version of toniblyx/prowler on Docker Hub and does it include the digest d59d7a132292e4495e744d2b86dac240899591082e724deb62f001b0e8125a83?
💡 Result:
As of June 16, 2026, the latest version tag available for the toniblyx/prowler image on Docker Hub is 5.30.1 [1]. The repository is actively maintained, with images updated as recently as two days prior to this date [1]. The specific digest you referenced, d59d7a132292e4495e744d2b86dac240899591082e724deb62f001b0e8125a83, does not correspond to the current latest version of the toniblyx/prowler image on Docker Hub [1][2]. Docker image digests are immutable identifiers specific to a particular image build; this digest is not associated with the current 5.30.1 release [1]. Note that the primary repository for Prowler has transitioned to prowler-cloud/prowler, though the toniblyx/prowler image remains available on Docker Hub [3][4].
Citations:
- 1: https://hub.docker.com/r/toniblyx/prowler/tags
- 2: https://registry.hub.docker.com/r/toniblyx/prowler
- 3: https://github.com/toniblyx/prowler/
- 4: https://github.com/prowler-cloud/prowler/
🏁 Script executed:
#!/bin/bash
# Description: Verify the new Prowler image digest exists on Docker Hub
# Fetch image metadata from Docker Hub registry API
DIGEST="d59d7a132292e4495e744d2b86dac240899591082e724deb62f001b0e8125a83"
IMAGE="toniblyx/prowler"
# Query Docker Hub API for the image manifest
curl -s "https://registry.hub.docker.com/v2/repositories/${IMAGE}/tags/" | jq '.results[] | {name: .name, digest: .images[0].digest}' | grep -A1 "$DIGEST"
echo "If the digest is found above, the image exists on Docker Hub."Repository: prowler-cloud/prowler
Length of output: 127
The specified Prowler image digest does not exist on Docker Hub and will cause build failures.
The digest d59d7a132292e4495e744d2b86dac240899591082e724deb62f001b0e8125a83 is not found in the official toniblyx/prowler Docker Hub repository. As of June 2026, the latest available version is 5.30.1, and this digest does not correspond to any released version. Attempting to build this Dockerfile will fail with an image-not-found error.
Replace the digest with a valid tag (e.g., latest or 5.30.1) or confirm the correct digest from the official Docker Hub repository.
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
In `@contrib/aws/multi-account-securityhub/Dockerfile` at line 4, The
PROWLER_VERSION argument in the Dockerfile uses an invalid Docker image digest
that does not exist in the official toniblyx/prowler Docker Hub repository,
which will cause build failures. Replace the digest value in the ARG
PROWLER_VERSION line with a valid tag such as `latest` or `5.30.1` from the
official Docker Hub repository.
1657cc9 to
15eefaa
Compare
There was a problem hiding this comment.
Actionable comments posted: 1
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
Inline comments:
In `@contrib/aws/multi-account-securityhub/Dockerfile`:
- Line 4: The PROWLER_VERSION ARG in the Dockerfile contains an invalid image
digest that does not exist on Docker Hub. Replace the current digest in the ARG
PROWLER_VERSION line with either a valid known version tag such as 5.30.1 or use
just the latest tag without a custom digest appended. Verify the correct digest
on Docker Hub before applying the change to ensure the image exists and is
available for pulling during the build process.
🪄 Autofix (Beta)
Fix all unresolved CodeRabbit comments on this PR:
- Push a commit to this branch (recommended)
- Create a new PR with the fixes
ℹ️ Review info
⚙️ Run configuration
Configuration used: Organization UI
Review profile: ASSERTIVE
Plan: Pro Plus
Run ID: 4e2b8296-52a5-442c-a139-2a3b1e6783fb
📒 Files selected for processing (1)
contrib/aws/multi-account-securityhub/Dockerfile
| # docker build --platform=linux/amd64 --no-cache -t prowler:latest . | ||
|
|
||
| ARG PROWLER_VERSION=latest@sha256:4b796c6df40a3350c7947747b59bdda230d0da6222287500e13b0a8e1574aad4 | ||
| ARG PROWLER_VERSION=latest@sha256:16f34fa9ce93ffcfd6d4960041c7ac4181607e948935314d054d60df8b9f33e7 |
There was a problem hiding this comment.
🧩 Analysis chain
🏁 Script executed:
#!/bin/bash
# Description: Verify the Prowler image digest exists on Docker Hub
IMAGE="toniblyx/prowler"
TAG="latest"
NEW_DIGEST="sha256:16f34fa9ce93ffcfd6d4960041c7ac4181607e948935314d054d60df8b9f33e7"
echo "Checking if digest exists for ${IMAGE}:${TAG}..."
# Get the manifest for the latest tag
MANIFEST=$(curl -sL "https://registry.hub.docker.com/v2/repositories/${IMAGE}/tags/${TAG}")
# Extract digest from manifest
ACTUAL_DIGEST=$(echo "$MANIFEST" | jq -r '.images[0].digest // .digest // empty')
echo "Expected digest: ${NEW_DIGEST}"
echo "Actual digest from Docker Hub: ${ACTUAL_DIGEST}"
if [ "$ACTUAL_DIGEST" = "$NEW_DIGEST" ]; then
echo "✓ Digest matches!"
else
echo "✗ Digest mismatch or not found"
fi
# Also list recent tags to see what versions are available
echo -e "\nRecent tags:"
curl -sL "https://registry.hub.docker.com/v2/repositories/${IMAGE}/tags?page_size=10" | jq -r '.results[] | "\(.name): \(.images[0].digest // .digest)"'Repository: prowler-cloud/prowler
Length of output: 1159
🏁 Script executed:
#!/bin/bash
# Description: Check for security vulnerabilities in the Prowler Docker image
echo "Checking for vulnerabilities in toniblyx/prowler..."
# Check GitHub security advisories for the prowler-cloud/prowler repository
gh api graphql -f query='
{
repository(owner: "prowler-cloud", name: "prowler") {
vulnerabilityAlerts(first: 10) {
nodes {
securityAdvisory {
summary
severity
publishedAt
}
vulnerableManifestFilename
vulnerableManifestPath
}
}
}
}'
echo -e "\nNote: Renovate typically validates digests before creating PRs, but manual verification is recommended."Repository: prowler-cloud/prowler
Length of output: 282
🌐 Web query:
What is the latest version of toniblyx/prowler Docker image on Docker Hub as of June 2026, and does the digest sha256:16f34fa9ce93ffcfd6d4960041c7ac4181607e948935314d054d60df8b9f33e7 correspond to a valid release?
💡 Result:
As of June 16, 2026, the latest stable release for the Prowler project (transitioned to the prowler-cloud/prowler repository) is version 5.29.2, which was released on June 3, 2026 [1]. Regarding the Docker image toniblyx/prowler on Docker Hub, while this repository remains active and receives updates [2][3], it is important to note that the official Prowler project is now maintained under the prowler-cloud organization [4][1]. The toniblyx/prowler repository continues to provide tags corresponding to various releases, with tags such as 5.30.1 and others listed on its Docker Hub page [2]. The specific digest sha256:16f34fa9ce93ffcfd6d4960041c7ac4181607e948935314d054d60df8b9f33e7 does not correspond to the latest stable release of Prowler and cannot be verified as a valid release image associated with official stable versions in the public record. Because Docker image digests are unique to specific image manifests, this digest would only represent a valid release if it were explicitly published by the repository maintainers as a tagged image in the toniblyx/prowler registry. Since it is not a recognized release tag, it is likely either an old, non-public, or invalid image identifier. Users are advised to pull images by version tag (e.g.,:5.29.2) or use the images provided by the official prowler-cloud repository [1].
Citations:
- 1: https://github.com/prowler-cloud/prowler?tab=readme-ov-file
- 2: https://hub.docker.com/r/toniblyx/prowler/tags
- 3: https://hub.docker.com/r/toniblyx/prowler
- 4: https://github.com/toniblyx/prowler/
Replace the Prowler image digest with a valid one; the current digest does not exist on Docker Hub.
The digest sha256:16f34fa9ce93ffcfd6d4960041c7ac4181607e948935314d054d60df8b9f33e7 does not match any release on Docker Hub. The current latest tag points to sha256:a4c4a8dfb3ae4dd176563610482e7d886738b1a3ab67bd2351d0098b50d615b1, and the specified digest is not recognized as a valid release. This will cause build failures. Use a known version tag (e.g., 5.30.1 or latest without a custom digest) or verify the correct digest with Docker Hub before merging.
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
In `@contrib/aws/multi-account-securityhub/Dockerfile` at line 4, The
PROWLER_VERSION ARG in the Dockerfile contains an invalid image digest that does
not exist on Docker Hub. Replace the current digest in the ARG PROWLER_VERSION
line with either a valid known version tag such as 5.30.1 or use just the latest
tag without a custom digest appended. Verify the correct digest on Docker Hub
before applying the change to ensure the image exists and is available for
pulling during the build process.
This PR contains the following updates:
4b796c6→16f34faConfiguration
📅 Schedule: (in timezone Europe/Madrid)
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
This PR was generated by Mend Renovate. View the repository job log.