apt-get’ missing ‘–no-install-recommends
| Property | |
|---|---|
| Language |  |
| Severity |  |
| Vulnerability Type | omission |
Description#
When ‘apt-get install’ is used without the ‘–no-install-recommends’ flag, unnecessary recommended packages are installed, increasing the size and complexity of the resulting image. This can introduce unneeded software and dependencies into production environments.
Impact#
Larger images with surplus packages expand the attack surface, making it easier for attackers to exploit vulnerabilities in unused or unnecessary software. This can lead to increased security risks, longer build times, and compliance issues related to minimal and hardened deployments.
Resolution#
Add ‘–no-install-recommends’ flag to ‘apt-get