GitHub user hpvd added a comment to the discussion: Build distroless package for better security, smaller size, speed and more
sure you are right about false positives! ..but even if the absolute numbers are lower e.g. with a new release of pulsar and an included distro, the mechanism keeps always alive: the more code within a package, the more chances for vulnerabilities. And if the absolute number is low on release day, it will always be higher next week... GitHub link: https://github.com/apache/pulsar/discussions/20253#discussioncomment-5851978 ---- This is an automatically sent email for [email protected]. To unsubscribe, please send an email to: [email protected]
