diff --git a/Dockerfile b/Dockerfile
new file mode 100644
index 0000000..06e9834
--- /dev/null
+++ b/Dockerfile
@@ -0,0 +1,5 @@
+# NOTE: This Dockerfile is unused, it's only here so Dependabot can update the sha's
+
+# TODO: Pin to sha256
+FROM docker.pkg.github.com/dependabot/dependabot-updater:v1
+FROM docker.pkg.github.com/github/dependabot-update-job-proxy:v1
diff --git a/src/docker-tags.ts b/src/docker-tags.ts
index 41c0ca3..b41fdf7 100644
--- a/src/docker-tags.ts
+++ b/src/docker-tags.ts
@@ -1,4 +1,26 @@
-export const UPDATER_IMAGE_NAME =
-  'docker.pkg.github.com/dependabot/dependabot-updater:v1'
-export const PROXY_IMAGE_NAME =
-  'docker.pkg.github.com/github/dependabot-update-job-proxy:v1'
+import fs from 'fs'
+
+const dockerfile = fs.readFileSync(require.resolve('../Dockerfile'), 'utf8')
+
+const imageNames = dockerfile
+  .split(/\n/)
+  .filter(a => a.startsWith('FROM'))
+  .map(a => a.replace('FROM', '').trim())
+
+const updaterImageName = imageNames.find(a =>
+  a.includes('dependabot/dependabot-updater')
+)
+const proxyImageName = imageNames.find(a =>
+  a.includes('github/dependabot-update-job-proxy')
+)
+
+if (!updaterImageName) {
+  throw new Error('Could not find dependabot-updater image name')
+}
+
+if (!proxyImageName) {
+  throw new Error('Could not find dependabot-update-job-proxy image name')
+}
+
+export const UPDATER_IMAGE_NAME = updaterImageName
+export const PROXY_IMAGE_NAME = proxyImageName