IdanAdar
commented
2 months ago @karl-johan-grahn Could please review the PR and merge if accepted?
Closed bainsy88 closed 1 month ago
IdanAdar
commented
2 months ago @karl-johan-grahn Could please review the PR and merge if accepted?
IdanAdar
commented
1 month ago @karl-johan-grahn @SheryarButt Can you please cut a new release?
MuneebAijaz
commented
1 month ago
Is your feature request related to a problem? Please describe. Currently the UBI based image is based off ubi-minimal which is has >100 packages most of which are not needed. This creates vulnerability churn and an increased attack surface
Describe the solution you'd like Created an image directory in the first stage of the build that contains the minimum set of files to run a non-statically compiled Go app and be scannable by image vulnerability scanners. An RPM database is then created just for the packages in the image dir both this and the libs are then copied to the final base image.
Describe alternatives you've considered Another option could have been to use UBI micro but this has more packages than this solution and also doesn't have a package manager which makes getting package updates more complicated when the CI is not running on RHEL.
Additional context We have an internal requirement for compliance to use UBI based packages in the image which is why simply can't use the distroless image already provided