Closed dacamposol closed 2 years ago
Thank you @dacamposol. Wondering if UBI image was another option to keep consistent with rules-decision?
Thank you adding links to best practices and other docs for all your changes.
Actually I though about adding the RedHat image as well, but I'm not very happy on the fact that they only have the "fat" images with a ton of unnecessary libraries.
I'd prefer to just have a fixed slim
version and to build in a previous stage with the fat version if required. Since the fat version will be deleted on the build process, there isn't neither a need to use the RedHat one instead of the official.
Also in that way we own the fixes that we do to the image, so we have a faster iteration in case that a critical CVS appear. The next feature I'd like to add is Snyk scan to the resultant images.
Thank you for the explanation. I see a permissions issue now. Can you please add another fix? I remember you fixed this on UBI with the chown flag in COPY commands. Maybe something similar is needed here?
A docker build action would probably have caught this. Similar to the one you added to rules decision.
Related to: