We built and pushed the image into our own registry. Where our trivy scanner discovered and complained about multiple CVEs. As is common with go binaries we can just use an image from scratch with just the binary and configuration files. This results in an image of about 8mb instead of 35mb and base image vulnerabilites or updates no longer exist.
till
commented
3 months ago
Hi,
We built and pushed the image into our own registry. Where our trivy scanner discovered and complained about multiple CVEs. As is common with go binaries we can just use an image from scratch with just the binary and configuration files. This results in an image of about 8mb instead of 35mb and base image vulnerabilites or updates no longer exist.