chore(deps): update postgres:17.2-alpine docker digest from 17.2 to 17.2-alpine (docker-compose.yml)

[renovate]

This PR contains the following updates:

Package	Update	Change
postgres	digest	0bcc5bb -> 7e5df97

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[dryrunsecurity]

DryRun Security Summary

The pull request modifies the docker-compose.yml file by updating the PostgreSQL Docker image version and implementing security best practices through environment variables, credential encryption, and proper volume mounting configurations to enhance the DefectDojo application's security and reliability.

Expand for full summary

Summary:

The changes made in this pull request to the docker-compose.yml file are focused on maintaining the security and reliability of the DefectDojo application deployment. The key security-related aspects of these changes include:

1. Pinned Docker Image Versions: The use of specific, pinned Docker image versions for the PostgreSQL database service ensures that the application is using a known, tested, and potentially patched version of the database, reducing the risk of running an outdated and potentially vulnerable version.

2. Environment Variable Usage: The extensive use of environment variables to configure the application, including sensitive information like database connection details and encryption keys, is a recommended security practice that allows for easy customization and management of these settings without hardcoding them directly in the configuration file.

3. Credential Encryption: The use of the DD_CREDENTIAL_AES_256_KEY environment variable to encrypt sensitive credentials, such as database passwords, is a good security practice to protect sensitive data at rest.

4. Database Readiness Timeout: The DD_DATABASE_READINESS_TIMEOUT environment variable helps ensure that the application does not fail to start if the database takes longer than expected to initialize, improving the overall reliability of the deployment.

5. Volume Mounts: The mounting of volumes for the PostgreSQL data directory and the DefectDojo media directory highlights the importance of ensuring that these volumes are properly secured and backed up to maintain the integrity and availability of the application data.

Files Changed:

• docker-compose.yml: This file has been updated to change the Docker image version for the PostgreSQL database service from postgres:17.2-alpine@sha256:0bcc5bbbb2aa9c9b4c6505845918c7eb55d783cf5c1f434fac33012579fb149d to postgres:17.2-alpine@sha256:7e5df973a74872482e320dcbdeb055e178d6f42de0558b083892c50cda833c96. The changes also include the use of various environment variables to configure the application, including sensitive information like database connection details and encryption keys, as well as the mounting of volumes for the PostgreSQL data directory and the DefectDojo media directory.

Code Analysis

We ran 9 analyzers against 1 file and 0 analyzers had findings. 9 analyzers had no findings.

View PR in the DryRun Dashboard.

[mtesauro]

Approved