>tons of docker images in production that lack basic debugging functionality like... a shell
That's a commendable security practice. A whole class of vulnerabilities is mitigated (and others are much harder to exploit) if you don't add unnecessary junk to your images, like a shell.
That's a commendable security practice. A whole class of vulnerabilities is mitigated (and others are much harder to exploit) if you don't add unnecessary junk to your images, like a shell.
It's also endorsed by Google via distroless: https://github.com/GoogleContainerTools/distroless