Changelog NotificationsAPIAikido login
Page cover

AutoFix for Containers: Using Extended Lifetime Support images

Updating to the latest version of a base image can be a difficult task as it might required changes to your application. When updating to a newer base image is not a viable option, you can stay secure by using Aikido Extended Lifetime Support (ELS) images.

Aikido maintains a registry of base images containing patched versions of libraries with reported CRITICAL or HIGH severity security issues. When you accept an AutoFix suggestion to use an ELS image, the patched image from the Aikido registry replaces the existing base image in your Dockerfile.

For example CVE-2025-4373 is fixed by Debian in Trixie and Sid but not in Bookworm. Our ELS debian:bookworm image contains a patched version of glib2.0 that fixes this vulnerability. Using this image avoids breaking changes while maintaining a good security posture.

The Aikido-maintained ELS images are created by root.io. Root.io eliminates vulnerabilities in container images by automatically remediating issues and patching affected packages. That means the ELS images you use are continuously kept up to date, with AutoFix suggesting updates as appropriate.

Using ELS images with AutoFix

  1. In Aikido, navigate to Containers. For a container with security issues, select the kebab menu for that entry and click Preview AutoFix (if AutoFix is available for that issue).

    1. Note: You can alternatively navigate to AutoFix > Containers and click View Fix under the Status column for that issue.

  2. Aikido AutoFix for containers will automatically propose an ELS image when available. The image is hosted on docker.aikido.io .

In this example we see a Dockerfile using a debian:bookworm base image. Updating the base image to the ELS version solves 75 issues present in that version of the base image that were not remediated by the Debian maintainers.

  1. Select Create PR to open a pull request in your SCM to apply the fix. You can also click Copy fixed file to manually apply the change to your Dockerfile.

Extended Lifetime Support image availability

In Aikido, you can view which base images have supported ELS versions from the AutoFix > Containers page.

All image are available for both amd64 and arm64 architectures.

Last updated

Was this helpful?