Update postgres:17.2-alpine Docker digest from 17.2 to 17.2-alpine (docker-compose.yml)

[renovate]

This PR contains the following updates:

Package	Update	Change
postgres	digest	d37d2c1 -> f58b02e

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[dryrunsecurity]

DryRun Security Summary

The pull request updates the PostgreSQL Docker image in the docker-compose.yml file for DefectDojo, focusing on maintaining application security by using a newer, trusted database version.

Expand for full summary

Summary:

The provided code change is an update to the docker-compose.yml file, which is used to deploy the DefectDojo application in a containerized environment. The key change in this pull request is the update to the postgres service's Docker image from a specific version and digest to a newer version and digest. From an application security perspective, this is a good practice as it ensures the application is using a known and trusted version of the database, which can help mitigate the risk of vulnerabilities or security issues.

Additionally, the docker-compose.yml file includes several environment variables that are used to configure the DefectDojo application, such as the database connection details, secret keys, and other sensitive information. It is important to ensure that these environment variables are properly secured and not exposed in the deployment process.

Overall, the changes in this pull request appear to be focused on maintaining the security and stability of the DefectDojo application deployment, which is a positive step from an application security perspective.

Files Changed:

• docker-compose.yml: The key change in this file is the update to the postgres service's Docker image from postgres:17.2-alpine@sha256:d37d2c160d34430877c802e5adc22824a2ad453499db9bab1a2ceb2be6c1a46f to postgres:17.2-alpine@sha256:f58b02ec01778a7c590c3dcf869da3f4294d89adc70e6f55d63b0b8c6f78faa1. This ensures the application is using a known and trusted version of the database, which can help mitigate the risk of vulnerabilities or security issues. The file also includes several environment variables that are used to configure the DefectDojo application, and it is important to ensure these are properly secured.

Code Analysis

We ran 9 analyzers against 1 file and 0 analyzers had findings. 9 analyzers had no findings.

View PR in the DryRun Dashboard.

[mtesauro]

Approved