How do you find the sha256 digest of a running App Service container?

Steve Tooke 0 Reputation points
2023-09-12T13:12:07.1166667+00:00

I would like to understand exactly which image containers are running for a given App Service. This requires having access to the image sha256 fingerprint, not just the image tag.

Is there anyway to query the service to get this data?

Azure App Service
Azure App Service
Azure App Service is a service used to create and deploy scalable, mission-critical web apps.
7,663 questions
{count} votes

1 answer

Sort by: Most helpful
  1. Ben Gimblett 4,330 Reputation points Microsoft Employee
    2023-09-13T13:35:33.26+00:00

    Yes as far as I can see App service doesn't store the digest anywhere other than the docker logs that are accessible to you - unless you use the image hash value as part of the identifier
    Example

    '<my container registry>/<name>:<digest>'
    

    I've used the above convention with Web Apps + Azure Container Registry where the digest value replaces the tag. For docker a pull with digest (not tag) requires the form
    'docker pull name@sha256:digest'

    More generally; what you are experiencing is one of the issues of using the latest tag which is considered a bit of an anti-pattern by a number of folks in the community

    There's loads of blog posts and comments on this, I've grabbed one at random here https://vsupalov.com/docker-latest-tag/

    Referencing the image by digest isn't super readable - but using a versioning strategy with the tag is less brittle than relying on "latest" (or similar convention).

    1 person found this answer helpful.
    0 comments No comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.