DEV Community

Discussion on: Top 8 Docker Best Practices for using Docker in Production ✅

Collapse
afaliagas profile image
Apostol Faliagas

"by using smaller images with leaner OS distributions, which only bundle the necessary system tools and libraries, you're also minimizing the attack surface and making sure that you build more secure images"
Are you serious?

Collapse
quazywabbit1 profile image
QuazyWabbit

If you have a criticism at least provide a constructive explanation on what you see as a misunderstanding.

Collapse
wizardlizardroy profile image
Roy Ben-Yosef

For example, let's say you followed the advice for not using root. But now you have something bad in your container that wants to gain local privilege escalation (e.g. through some vulnerability take over the host). Oftentimes, local tools may contain vulnerabilities that can allow such lpe.
So yes, I think that is a really good example for reducing attack surface.

Collapse
wizardlizardroy profile image
Roy Ben-Yosef

Yes, that's accurate. Having less tools means you are less exposed to vulnerabilities. That is a perfect example of smaller attack surface.