Docker image clean‐up policy - nagyesta/lowkey-vault GitHub Wiki
As time passes, more and more images are being pushed to the Docker registry with our releases. This will make the registry larger and larger over time. This alone is not an issue, it is perfectly fine to keep the useful images in place. Unfortunately as time passes, more and more vulnerabilities are also found in the old images.
In order to make sure we are not keeping around useless vulnerable junk indefinitely, the old images need to be cleaned up periodically. This document will outline how these images will be cleaned up regularly.
Major versions
The latest (1) amd64 and multiarch image will be kept forever as final image from the major version in question. This is necessary because major version changes indicate breaking changes and it is not our intent to break anything intentionally. This is the best option we can provide to both keep at least one version from each major version and keep the least vulnerable image at the same time.
For example we will forever keep:
2.14.13and2.14.13-ubi9-minimalas the final images for2.x.y1.30.0and1.30.0-jammyas the final images for1.x.y
Minimum retention
We will keep any image (other than the final images from each major version) for at least 1 year from the date of original push. Any image older that that can be deleted at any time without warning. This will allow ample time for everyone to migrate to the fresher, less vulnerable images.