You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I run trivy for vulnerability scan on the python image. After upgrade from python:3.11.3-slim to python:3.11.4-slim, it started to report on vulnerabilities in Linux kernel due to linux-libc-dev.
It seems to contain upgrade from bullseye to bookworm. The base debian:bookworm-slim does not add the dev packages, but they seem to be added during Python build.
I run trivy for vulnerability scan on the python image. After upgrade from python:3.11.3-slim to python:3.11.4-slim, it started to report on vulnerabilities in Linux kernel due to linux-libc-dev.
It seems to contain upgrade from bullseye to bookworm. The base debian:bookworm-slim does not add the dev packages, but they seem to be added during Python build.
The added packages are these:
libc-dev-bin
libc6-dev
libcrypt-dev
libnsl-dev
libtirpc-dev
linux-libc-dev
rpcsvc-proto
These total about 20 MB of unnecessary packages.
I traced the problem into libc6-dev containing file paths that embed the searched library path
Therefore it thinks libc6-dev is needed and marks it manually installed to be saved on the image.