I was able to reduce the Docker image size by 77% (8.6 MB instead of 38.8 MB in v1.4.8) by compressing the static binary and switching from alpine to scratch, only a few lines had to be changed.
Of course the security attack surface shrank massively too, no other binaries or libs with new CVEs every week.
Background
The Docker images are not being rebuilt regularly to address CVEs, so reducing the attack surface improves security by a long shot.
Smaller images start faster and make development easier when running integration tests again and again.
Workarounds
I have to rebuild mesh if I want to improve security, the project should do it so all users can enjoy these official improvements.
Welcome!
Proposal
I was able to reduce the Docker image size by 77% (8.6 MB instead of 38.8 MB in v1.4.8) by compressing the static binary and switching from alpine to scratch, only a few lines had to be changed. Of course the security attack surface shrank massively too, no other binaries or libs with new CVEs every week.
Background
The Docker images are not being rebuilt regularly to address CVEs, so reducing the attack surface improves security by a long shot. Smaller images start faster and make development easier when running integration tests again and again.
Workarounds
I have to rebuild mesh if I want to improve security, the project should do it so all users can enjoy these official improvements.