New Event! Join us January 28th in Durham, NC for Cocktails and Cloud Governance Register Now ❯
Register Now ❯

CloudQuery

Back to blog
Security
Tutorials

Query Your Dockerfiles with SQL: Find EOL Node 18 Images Across All repos

Joe Karlsson

Joe Karlsson

Node 18 reached end-of-life in April 2025. You need to find which Dockerfiles across your organization still reference node:18 base images. The manual approach: clone every repo, grep for Dockerfiles, parse the FROM lines, compile results, email teams, track remediation. Multiply that across hundreds of repos and multiple EOL versions.
The Git Source Plugin syncs Dockerfile content into your data warehouse. Query EOL base images across all repos with SQL.

Configuration #

Configure the Git Source Plugin to sync Dockerfiles:
tables:
  - git_files:
      glob_patterns:
        - '**/Dockerfile*'
This syncs all files matching the Dockerfile pattern from your repositories into the git_files table.

Query EOL Docker Base Images #

Find all Dockerfiles using Node 18:
WITH Dockerfiles_parsed AS (
  SELECT repository_url, path, name,
         regexp_split_to_table(convert_from(content, 'UTF8'), E'\n') AS line
  FROM git_files
  WHERE name = 'Dockerfile'
),
images AS (
  SELECT repository_url, path, regexp_replace(line, '^FROM\s+', '') AS image
  FROM Dockerfiles_parsed
  WHERE line ~ '^FROM\s+'
)
SELECT * FROM images WHERE image LIKE 'node:18%'
The query:
  1. Parses Dockerfile content into individual lines
  2. Extracts FROM statements using regex
  3. Filters for Node 18 base images

Results #

The query returns:
  • repository_url - Repository containing the Dockerfile
  • path - Path to the Dockerfile
  • image - Full base image reference (e.g., node:18-alpine, node:18.16.0)
Cross-reference results with your GitHub data to identify repo owners and create tracking issues.

Beyond Node 18 #

Modify the query to find other EOL images:
Python 2.7:
WHERE image LIKE 'python:2.7%'
Ubuntu 18.04:
WHERE image LIKE 'ubuntu:18.04%'
Multiple EOL versions:
WHERE image LIKE 'node:18%' OR image LIKE 'node:16%' OR image LIKE 'python:2.7%'

Complete Example #

Join with GitHub repository data to identify owners:
WITH Dockerfiles_parsed AS (
  SELECT repository_url, path, name,
         regexp_split_to_table(convert_from(content, 'UTF8'), E'\n') AS line
  FROM git_files
  WHERE name = 'Dockerfile'
),
images AS (
  SELECT repository_url, path, regexp_replace(line, '^FROM\s+', '') AS image
  FROM Dockerfiles_parsed
  WHERE line ~ '^FROM\s+'
),
eol_images AS (
  SELECT * FROM images WHERE image LIKE 'node:18%'
)
SELECT
  ei.repository_url,
  ei.path,
  ei.image,
  gr.full_name,
  gr.owner
FROM eol_images ei
JOIN git_repositories gr ON gr.url = ei.repository_url
This combines file content analysis with repository metadata for actionable results.

Get Started #

The Git Source Plugin is available on CloudQuery Hub. See the tables documentation for the full git_files, git_repositories, and git_commits schema. Download the CloudQuery CLI to start querying Dockerfiles.
Related:

FAQ #

How does the Git Source Plugin access Dockerfiles?
The plugin fetches file content directly via the Git provider's API. There's no local clone, which means faster syncs and no disk space requirements for repository storage.
Can I query other Dockerfile patterns beyond FROM statements?
Yes. The plugin syncs raw Dockerfile content. Query for EXPOSE ports, ENV variables, COPY commands, or any other Dockerfile instruction using PostgreSQL string functions and regex.
Does this work for multi-stage Dockerfiles?
Yes. Multi-stage Dockerfiles have multiple FROM statements. The query extracts all FROM lines, showing each base image used in the build stages.
How often should I run this query?
Depends on your release cycle. Running weekly catches new Dockerfiles with EOL images before they reach production. Combine with CloudQuery's incremental sync to update only changed files.
What if Dockerfiles use variables for base images?
Variables like ARG BASE_IMAGE won't appear in the FROM statement directly. You'll need to parse ARG statements separately and correlate with FROM statements, or query your CI/CD system for actual resolved image names.
Can I track when EOL images were introduced?
The git_files table includes commit metadata. Join with commit history to identify when specific Dockerfiles were last modified or when Node 18 references were added.
Does this work with Dockerfiles in subdirectories?
Yes. The glob pattern **/Dockerfile* matches Dockerfiles at any directory depth, including Dockerfile.prod, Dockerfile.dev, and files in subdirectories like docker/Dockerfile.
How do I sync Dockerfiles from private repositories?
Configure the Git Source Plugin with credentials for your Git provider (GitHub token, GitLab token, etc.). The plugin authenticates and syncs content from private repos you have access to.

Related posts

Turn cloud chaos into clarity

Find out how CloudQuery can help you get clarity from a chaotic cloud environment with a personalized conversation and demo.

CloudQuery Updates, In Your Inbox Weekly

Product use cases

Resources

Legal

© 2026 CloudQuery, Inc. All rights reserved.