Date: 2022-11-03
Accepted
We have the commitment in our team to use distroless images, as they reduce the container size and improves the performance. These light weight images have lesser packages and therefore, reduces the attack surface and there are fewer components whcih can be vulnerable.
We will be using the distroless nginx base image from chainguard, which is rebuilt every night from source and therefore always up to date.
In the past we spent a lot of time dealing with vulnerabilities, that occure in packages that our nginx alpine base image uses. As the distroless image depends on lesser packages, the chance of having vulerabilites is reduced.