How does the choice of base image affect the security and size trade-offs of a production image, particularly regarding "distroless" images?
Correct! Well done.
Incorrect.
The correct answer is B) Distroless images contain only the application and its runtime dependencies, deliberately excluding package managers, shells, and other OS utilities — this reduces size and attack surface but complicates debugging since shell-based tools are unavailable
Correct Answer
Distroless images contain only the application and its runtime dependencies, deliberately excluding package managers, shells, and other OS utilities — this reduces size and attack surface but complicates debugging since shell-based tools are unavailable
Distroless images strip out shells, package managers, and other binaries not needed at runtime, minimizing both size and the tools available to an attacker who gains code execution, at the cost of making interactive debugging ("docker exec ... sh") harder.