Installing recommended packages automatically can lead to vulnerabilities in the Docker image.
Potentially unnecessary packages are installed via a known Debian package manager. These packages will increase the attack surface of the created
container as they might contain unidentified vulnerabilities or malicious code. Those packages could be used as part of a broader supply chain attack.
In general, the more packages are installed in a container, the weaker its security posture is.
Depending on the introduced vulnerabilities, a
malicious actor accessing such a container could use these for privilege escalation.
Removing unused packages can also significantly reduce your
Docker image size.
To be secure, remove unused packages where possible and ensure images are subject to routine vulnerability scans.
There is a risk if you answered yes to the question.
# Sensitive RUN apt install -y build-essential # Sensitive RUN apt-get install -y build-essential # Sensitive RUN aptitude install -y build-essential
RUN apt install -y --no-install-recommends build-essential RUN apt-get install -y --no-install-recommends build-essential RUN aptitude install -y --without-recommends build-essential