I don't think it's very meaningful to say you removed 74% of the known vulnerabilities.
Let's say your Debian base image brings in some vulnerable version of ImageMagick that has an arbitrary code execution in its PNG parser, is that really relevant if you're exclusively running a Postgres server which does not link to, or ever call, ImageMagick?
1 comment
[ 2.9 ms ] story [ 14.6 ms ] threadLet's say your Debian base image brings in some vulnerable version of ImageMagick that has an arbitrary code execution in its PNG parser, is that really relevant if you're exclusively running a Postgres server which does not link to, or ever call, ImageMagick?