I’ve reading two topics about Docker security:
I understand for Docker image which are apps, the root user is not safe, so the best option is creating a non-root user to run my service.
But what about development images? Docker images which are used when I need to build applications, not to run services?
Currently I’m using non-root user for development images, but I see few advantages when using it. For instance, when I want to use my Docker image in MS Azure, running as Container jobs, it requires a root user. Also, when I need to update my image, like installing a new package, I need to elevate that user, which has sudo permission.
Finally, is there a real recommendation for non-root user in Docker images, when an image is only for development and building?