|
|
|
|
|
|
by OptionOfT
2 hours ago
|
|
|
If the base image I use is based on Debian, it comes with more than 15 binaries that I don't use. But when Docker scans my image and notices that there is a CVE in one of those binaries, my image is currently out of compliance. FROM scratch just reduces the surface. |
|
|
The actual attack surface of your application? Or the attack surface of you and your team's attention from a busybody security org.
It's important not to confuse the two.