Hi CQ team, have you considered using a distroless image?
At this point, I don’t think we have ever looked into it. If we were to switch from Alpine to distroless, I am interested in how that would help you and your team.
CQ Distroless Image
We are tracking the images vulnerabilities, and over time the distro images usually get some vulnerabilities. Also, we are leaning towards distroless because of security reasons - “smaller area of potential problems”. As CloudQuery is written in Go, maintaining a distroless image should not be a problem.
(not a CQ team member but saw the thread) FWIW - having run distroless images in production, I’d tell you to look more into the UBI images than distroless. Distroless is great… until you have a problem you need to troubleshoot; then they’re basically impossible to figure out why something isn’t working. At least with the UBI images you still have that minimal attack surface but with way more troubleshooting capabilities.
You mean Red Hat Universal Base Image?
Yeah - they’re open source and free to use (except some issues around distributing them as a product, which would basically keep CloudQuery from ever using them 
) so don’t let the Red Hat name scare you.
Thank’s for the tip! I will look into it, but I still see a general push towards distroless. It would be great if CloudQuery could provide this option as well.
Thank you for the idea! I have created a GitHub issue to track this feature request!
GitHub Issue #9254