A discussion on Docker image security comparing distroless images against images that include shells, package managers, and tools like curl. The core argument is that distroless images reduce the attack surface in production environments. Including a package manager or curl in a production container image is a security risk because attackers who gain container access can immediately install malicious packages without needing to bring their own tools.
•1m watch time
Sort: