Project Zero for Better Security

  • We use Docker containers heavily and scan them using Dockle and Trivy as part of our CI/CD pipeline.

    It came as a shock to find many marketplace Docker images riddled with vulnerabilities.  For that reason we start with the Alpine Linux image and build up from that base. Marketplace images have a lot of libraries and utilities that aren't needed by the app you actually want and those are where a lot of vulnerabilities lie.

    Sometimes building up from the Alpine Linux base is hard work. We think it is worth it. Not just from a security stand point but also because the Docker images can be dramatically smaller, even smaller than official vendor images.  This makes for faster start up times and plays well with Kubernetes.

    Security is a moving target and vulnerability databases are updated accordingly.  An image that is confirmed secure today may be insecure tomorrow. Building the lightest weight image possible doesn't eliminate that but does reduce it.


  • This was removed by the editor as SPAM

Viewing 3 posts - 1 through 2 (of 2 total)

You must be logged in to reply to this topic. Login to reply