🔒️(backend) uninstall pip in the production image

Reduce surface area and keep the runtime image minimal.
2026-02-19 15:51:27 +01:00
parent 5048005fc1
commit dac4a72838
1 changed files with 3 additions and 0 deletions
--- a/3
+++ b/3
@@ -127,6 +127,9 @@ ARG MEET_STATIC_ROOT=/data/static
 RUN mkdir -p /usr/local/etc/gunicorn
 COPY docker/files/usr/local/etc/gunicorn/meet.py /usr/local/etc/gunicorn/meet.py

+# Remove pip to reduce attack surface in production
+RUN pip uninstall -y pip
+
 # Un-privileged user running the application
 ARG DOCKER_USER
 USER ${DOCKER_USER}