chore(deps): update postgres:16.3-alpine docker digest from 16.3 to 16.3-alpine (docker-compose.yml)

[renovate]

This PR contains the following updates:

Package	Update	Change
postgres	digest	2463c8f -> de3d7b6

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR has been generated by Mend Renovate. View repository job log here.

[dryrunsecurity]

Hi there 👋, @DryRunSecurity here, below is a summary of our analysis and findings.

DryRun Security	Status	Findings
Configured Codepaths Analyzer	✅	0 findings
Server-Side Request Forgery Analyzer	✅	0 findings
Sensitive Files Analyzer	✅	0 findings
IDOR Analyzer	✅	0 findings
SQL Injection Analyzer	✅	0 findings
Authn/Authz Analyzer	✅	0 findings
Secrets Analyzer	✅	0 findings

Note

🟢 Risk threshold not exceeded.

Change Summary (click to expand)

The following is a summary of changes in this pull request made by me, your security buddy 🤖. Note that this summary is auto-generated and not meant to be a definitive list of security issues but rather a helpful summary from a security perspective.

Summary:

The changes made in the docker-compose.yml file appear to be focused on maintaining the security and stability of the PostgreSQL database service, which is a critical component of the DefectDojo application. The update to the PostgreSQL Docker image tag uses a specific version and a SHA-256 digest, ensuring a reproducible and immutable build. This helps to prevent unintended changes or vulnerabilities that may be introduced in newer versions of the base image. The use of digest-based image references and a minimal Alpine-based PostgreSQL image also contribute to the overall security of the deployment. Additionally, the file uses environment variables to configure sensitive information, such as database credentials, which is a good practice for managing and rotating these credentials without modifying the source code. The configuration of named volumes for storing data related to the PostgreSQL database, RabbitMQ message broker, and Redis cache highlights the importance of ensuring that these data stores are properly backed up and secured.

Files Changed:

• docker-compose.yml: The changes in this file update the Docker image tag for the PostgreSQL database service from postgres:16.3-alpine@sha256:2463c8fa10dd52951104d1195ed25ea5c25ebcd2c394e5020385f6a15d5ffb30 to postgres:16.3-alpine@sha256:de3d7b6e4b5b3fe899e997579d6dfe95a99539d154abe03f0b6839133ed05065. This ensures that a specific version of the PostgreSQL image is used, rather than relying on a potentially changing "latest" tag, which helps to maintain the integrity and security of the deployment. The file also uses environment variables to configure sensitive information, such as the database name, user, and password, and configures named volumes for storing data related to the PostgreSQL database, RabbitMQ message broker, and Redis cache.

Powered by DryRun Security

[mtesauro]

Approved

Waiting for tests