Question: With more tools being added to a single container is ther concern for image bloat?

[attesch]

Looks like this is going to be very bulky, and would take a significant amount of time to pull down. 0.8.0 is already around pushing 1 GB.

What about maintaining a number of containers for each of the features. They would all be components of the pipeline, and then I would be able to choose what I need. Eg... having node tools is great, but only if I need to test NodeJs.

[mkonda]

Its a great point. One which we are aware of but haven't necessarily made a clear call on yet.

The concern is that maintaining multiple containers and managing communications between them can be complicated as well.

We do that for ZAP, for example, where we access it via an API on a docker image that is easy to pull already.

My thinking at this point is that we basically need at least:

1. Ruby tools to run pipeline itself
2. JavaScript because almost every web app will have JS.
3. Java to run static analysis checks

We would probably use a separate container for .NET static anslysis and dynamic analysis. Appreciate any further thoughts ...

[stale[bot]]

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.