In some of our images we download binaries with curl and copy them into the filesystem.
Whenever possible we should use a package manager for the installation.
Examples:
https://github.com/openshift-pipelines/pipeline-service/blob/main/images/access-setup/Dockerfile#L8-L13
Rational: These binaries are not "visible" to image scanners, which means that CVEs may get unnoticed.
In some of our images we download binaries with curl and copy them into the filesystem.
Whenever possible we should use a package manager for the installation.
Examples:
https://github.com/openshift-pipelines/pipeline-service/blob/main/images/access-setup/Dockerfile#L8-L13
Rational: These binaries are not "visible" to image scanners, which means that CVEs may get unnoticed.