These new container images significantly improve security posture:
Ultra-small images (reduced size and attack surface)No package manager (avoids a whole class of attacks)No shell (avoids a whole class of attacks)Non-root (avoids a whole class of attacks)
I wonder how not using a package manager makes it more secure, would you be able to pinpoint that? Is there any kind of security check to verify ?
To me it looks a bit like AppImages on Linux (or snaps, and somewhat to flatpacks). AppImages simply take the source and see git as "it is secure"
Running it in a container does not mean one should run unsafe software imho
These new container images significantly improve security posture:
Ultra-small images (reduced size and attack surface)No package manager (avoids a whole class of attacks)No shell (avoids a whole class of attacks)Non-root (avoids a whole class of attacks)
I wonder how not using a package manager makes it more secure, would you be able to pinpoint that? Is there any kind of security check to verify ?
To me it looks a bit like AppImages on Linux (or snaps, and somewhat to flatpacks). AppImages simply take the source and see git as "it is secure"
Running it in a container does not mean one should run unsafe software imho