Debug Container Approach¶
This document provides an overview of the Debug Container approach for scanning distroless containers.
Introduction¶
The Debug Container approach uses Kubernetes ephemeral containers to access and scan distroless containers that lack a shell and standard utilities. This approach is recommended as an interim solution for distroless containers until the Kubernetes API approach adds full distroless support.
Key Features¶
- Works with Kubernetes 1.16+ with ephemeral containers feature enabled
- Can be used with existing deployed distroless containers
- Uses temporary debug containers that are removed after scanning
- Provides filesystem access to distroless containers
Detailed Documentation¶
- Technical Implementation - How the approach works and detailed technical specifications
- Distroless Container Basics - What are distroless containers and their challenges
- RBAC Configuration - Required permissions and security considerations
- Integration - Integration with CI/CD pipelines and other systems
- Limitations and Requirements - What's needed and where the approach has constraints
- Security Considerations - Security implications and best practices
- Future Work - Planned enhancements and development roadmap
Related Resources¶
- Approach Comparison - Compare the Debug Container approach with other options
- Decision Matrix - Help decide which approach is best for specific scenarios
- Workflows - Visual representation of workflows
- Security Analysis - Detailed security analysis