I hate that it puts package management in Devs hands. The same Devs that usually want root access to run their application and don’t know a vulnerability scan for the life of them. So now rather than having the one up to date version of a package on my system I may have 3 different old ones with differing vulnerabilities and devs that don’t want to change it because “I need this version because it works!”
I’d argue that’s just a ripple effect of being a bad dev, not necessarily the tools fault, but I do get where you are coming from. But also vulnerabilities in some package in a container would be isolated to that container without a further exploit chain
I hate that it puts package management in Devs hands. The same Devs that usually want root access to run their application and don’t know a vulnerability scan for the life of them. So now rather than having the one up to date version of a package on my system I may have 3 different old ones with differing vulnerabilities and devs that don’t want to change it because “I need this version because it works!”
I’d argue that’s just a ripple effect of being a bad dev, not necessarily the tools fault, but I do get where you are coming from. But also vulnerabilities in some package in a container would be isolated to that container without a further exploit chain