Distroless Done Right: Curated Minimalism Before Image Minimalism
Distroless is the right destination, but the first move is curated understanding, not a pre-trimmed base. Start by building a system that you can explain: enumerate every component actually used, record why it’s present, and generate an SBOM that reflects your choices—not the entire contents of a generic “slim” image. Only when owners can articulate “what, why, and where” for each package does minimalism become a defendable boundary. Security enables safety when the boundary is intentional, observable, and reversible.