Not a newt

Rebuild: no. If the software itself is unmaintained, it gets replaced.

Patch: yes. If the base image contains vulnerabilities that can be fixed with a package update, then that gets applied. The patch size and side effects can be minimized by using copacetic, which can ingest Trivy scan results to identify vulnerabilities.

There’s also repos like Chainguard and Docker hardened images which are handy for getting up to date images of commonly used tools.

Assets. That’s what I get for trusting the phone keyboard.

Find companies that resell EOL corporate arrest assets like refurb.io

Sounds like what you want is tracing. OpenTelemetry is the de facto standard for that. Couple it with aggressive sampling (here’s a great talk on it https://www.usenix.org/conference/srecon24americas/presentation/cruz ) and you’ll have a very efficient way of identifying use patterns.