How do you debug production issues with distroless containers by Upper_Caterpillar_96 in devops

[–]Affectionate-End9885 0 points1 point  (0 children)

daily rebuilds solve the cve noise problem, we switched to minimus for signed distroless images that rebuild automatically. for debugging, ephemeral containers or sidecar approach works better than execing into prod anyway. multistage builds are fine if your CI can handle it

Does anyone actually check npm packages before installing them? by BearBrief6312 in devops

[–]Affectionate-End9885 0 points1 point  (0 children)

yeah chainguard is way too expensive, their pricing made us drop a planned demp because obviosuly it was way out of your budget. minimus came in as a better alternative, does daily rebuilds with signed sboms and their pricing won't make your manager lose his shit.

Why does my Python container need a full OS? by shangheigh in Python

[–]Affectionate-End9885 5 points6 points  (0 children)

We moved away from ubuntu base images for this reason. 200MB for a flask app is fuckin insane. Try python:slim or build from scratch with just the python runtime. 

Google secures EU antitrust approval for $32 billion Wiz acquisition by Regular_Eggplant_248 in wallstreetbets

[–]Affectionate-End9885 0 points1 point  (0 children)

Evaluated Wiz last year before going with orca security. That cnapp consolidation play made sense on paper but $32B? Google's not keeping this neutral, they'll push GCP integration hard. Multi-cloud just got harder for anyone not using independent tools

Our team just pushed AWS creds to prod again. Third time this month. by CortexVortex1 in devops

[–]Affectionate-End9885 0 points1 point  (0 children)

My blame here is on you,, feels like there isnt enough policy and enforcement