I've added an alpine base for the neo4j image. Renders at 443MB w. an image efficiency score of 99%, this image shreds ~200Mb from the image while being minimal in size. Alpine as a base gives you an os kernel layer of only 7 MB. The base image substitutes a lot of binaries with Busybox giving it a small surface for exploitation, and is not dependent on Debian releases to mitigate security flaws. I will test the image with some security scanning tools later, but some tests fail.
I would like to get some insight into these tests, as they may be flaky or misconfigured.
Enterprise image on the left and alpine-enterprise on the right. Tests bottom right.
I've added an alpine base for the neo4j image. Renders at 443MB w. an image efficiency score of 99%, this image shreds ~200Mb from the image while being minimal in size. Alpine as a base gives you an os kernel layer of only 7 MB. The base image substitutes a lot of binaries with Busybox giving it a small surface for exploitation, and is not dependent on Debian releases to mitigate security flaws. I will test the image with some security scanning tools later, but some tests fail.
I would like to get some insight into these tests, as they may be flaky or misconfigured.
Enterprise image on the left and alpine-enterprise on the right. Tests bottom right.