Excessive Docker Image Size when Installing Checkov and Python3-pip

[yilas]

Describe the feature

The feature request is focused on optimizing the size of the Docker image when installing Checkov in a debian:12.7-slim base image. Currently, when adding python3-pip and Checkov, the image size grows significantly, which might not be ideal for use cases where smaller images are preferred, such as in CI/CD pipelines (which is my case 😄, tbh). It would be beneficial to have a more lightweight installation process for Checkov, or some guidance on how to reduce the image size effectively.

Example

With checkov

Here is an example of Dockerfile :

FROM debian:12.7-slim
ENV DEBIAN_FRONTEND=noninteractive

RUN apt-get update && apt-get full-upgrade -yq && apt-get autoremove -yq && apt-get clean && rm -rf /var/lib/apt/lists/* && \
    apt-get update && apt-get install -yq --no-install-recommends curl git gnupg jq python3-pip software-properties-common sudo unzip wget zip && \
    apt-get clean && rm -rf /var/lib/apt/lists/*

RUN pip3 install checkov --break-system-packages

With python3-pip and Checkov

• Layer 3: python3-pip installation (~344 MB)
• Last layer: Checkov installation (~264 MB)

Total ~600 MB

Without checkov

Additional context

None

Question

Is there any guidance or best practice to minimize the image size when installing Checkov and its dependencies, especially in resource-constrained environments? Any suggestions or recommendations would be highly appreciated.