[staticassertion]

The way I imagine this is best solved is by keeping a compressed set of tools on your host and then mounting those tools into a volume for your container.

So if you have N containers on a host you only end up with one set of tooling across all of them, and it's compressed until you need it.

You can decouple your test tooling from your images/containers, which has a number of benefits. One that's perhaps understated is reducing attacker capabilities in the container.

With log4j some of the payloads were essentially just calling out to various binaries on Linux. If you don't have those they die instantly.