Closed endersonmaia closed 1 month ago
This less/0 CVEs is a false negative, since chisel doesn't provides the information the way grype knows how to find.
So take this information with a grain of salt.
There are issues on the chisel side to address it, and we could address it ourselves generating proper SBOMs for our packages and using it as input for grype, but that's out of scope for this PR.
This PR will introduce a distroless container image based on Canonical's
chisel
tool.COmparing the current ubuntu based to the chiselled one, we have no CVEs, and a reduced final size.
builtins:0.5.0
builtins:pr-15
Running command from the contaienr
And it's still possible to run the binaries using the container.