We're not actually using (for example) docker-compose at runtime, and is only used for testing purposes in the other *images repos. Moving this to a test dependency reduces "security surface area" as well as any other benefits (like not accidentally pulling in less desirable licenses into our docker containers)
cchristous
commented
2 weeks ago
We're not actually using (for example)
docker-composeat runtime, and is only used for testing purposes in the other*imagesrepos. Moving this to a test dependency reduces "security surface area" as well as any other benefits (like not accidentally pulling in less desirable licenses into our docker containers)