Closed bqcuong closed 1 year ago
I was expecting that one :-D Thanks for your work.
Can you update all the Dockerfile.tmpl
files, and run ./populate.sh dockerfiles
before committing? As it is, we'll lose your changes the next time somebody updates something.
I updated all the Dockerfile templates, ran the populate script.
Should we merge?
looks good, thanks!
Hi,
This pull request includes a small improvement for the Dockerfile, which should help improve the security of container and reduce the risk of potential attacks.
In detail:
--no-install-recommends
to remove unnecessaryapt
packages, that were not needed for the container's functionality. Not only can this change trim your image size but it also can also reduce the attack surface.As quoted from CIS Docker Benchmark v1.5.0:
I hope that you find them useful. Please let me know if you have any concerns.
Thank you.