When creating a secure container image, which two items should you incorporate into the build if possible? (Choose two.)
Click on the arrows to vote for the correct answer
A. B. C. D. E.BC.
https://cloud.google.com/solutions/best-practices-for-building-containersWhen creating a secure container image, it is important to incorporate best practices to ensure that the image is secure and does not introduce any vulnerabilities. The two items that should be incorporated into the build if possible are:
Remove any unnecessary tools not needed by the app: This means that only the necessary software components should be included in the container image. Including additional tools or software that are not required can introduce security vulnerabilities that can be exploited by attackers. Therefore, the image should be stripped down to only include the essential components.
Ensure that the app does not run as PID 1: PID 1 is the first process that runs when a container is started, and it has special privileges that allow it to manage other processes within the container. Running an application as PID 1 can introduce security vulnerabilities, as it can be exploited by attackers to gain access to the host operating system. Therefore, it is recommended to run the application as a non-root user and not as PID 1.
The other options, such as packaging a single app as a container and using public container images as a base image for the app, are also important but not as critical as the above two items. Packaging a single app as a container ensures that the container only contains the necessary components, while using a public container image can introduce vulnerabilities if the image has not been properly vetted for security. Using many container image layers to hide sensitive information can also be useful, but it is not as critical as the above two items, as it only provides an additional layer of security.