How do you find the sha256 digest of a running App Service container?

Steve Tooke 0 Reputation points

I would like to understand exactly which image containers are running for a given App Service. This requires having access to the image sha256 fingerprint, not just the image tag.

Is there anyway to query the service to get this data?

Azure App Service
Azure App Service
Azure App Service is a service used to create and deploy scalable, mission-critical web apps.
5,661 questions
{count} votes

1 answer

Sort by: Most helpful
  1. Ben Gimblett 2,190 Reputation points Microsoft Employee

    Yes as far as I can see App service doesn't store the digest anywhere other than the docker logs that are accessible to you - unless you use the image hash value as part of the identifier

    '<my container registry>/<name>:<digest>'

    I've used the above convention with Web Apps + Azure Container Registry where the digest value replaces the tag. For docker a pull with digest (not tag) requires the form
    'docker pull name@sha256:digest'

    More generally; what you are experiencing is one of the issues of using the latest tag which is considered a bit of an anti-pattern by a number of folks in the community

    There's loads of blog posts and comments on this, I've grabbed one at random here

    Referencing the image by digest isn't super readable - but using a versioning strategy with the tag is less brittle than relying on "latest" (or similar convention).

    1 person found this answer helpful.
    0 comments No comments