Currently the images used in the test containers modules are being pulled by tag.
This has several disadvantages, the biggest one being a possible attack vector if the owner's account for those images in Docker is compromised.
I understand that users can override and pull whatever image they want but it would be nice to have a more secure default.
I was going to submit a pr with these changes but I noticed that some images were already being pulled by digest before and this was changed to tags (example: #1406).
I want to know if there is interest in doing this. If so I can help. It's also unclear what kind of architectures are supported with Testcontainers (eg: arm?) which will influence the approach in case you feel like implementing this change.
Currently the images used in the test containers modules are being pulled by tag.
This has several disadvantages, the biggest one being a possible attack vector if the owner's account for those images in Docker is compromised.
I understand that users can override and pull whatever image they want but it would be nice to have a more secure default.
I was going to submit a pr with these changes but I noticed that some images were already being pulled by digest before and this was changed to tags (example: #1406).
I want to know if there is interest in doing this. If so I can help. It's also unclear what kind of architectures are supported with Testcontainers (eg: arm?) which will influence the approach in case you feel like implementing this change.