Bring your towel and join one of the fastest growing data communities. Welcome to our second-generation open source orchestration platform, a completely rethought approach to dataflow automation.

Prefect Community

*The Prefect base image doesn’t pass Snyk Docker vulnerabilities check, any ideas?*

When scanning the base image with Snyk I find this vulnerability:
```✗ Critical severity vulnerability found in curl/libcurl3-gnutls
  Description: Cleartext Transmission of Sensitive Information
  Info: <https://security.snyk.io/vuln/SNYK-DEBIAN11-CURL-3320493>
  Introduced through: git@1:2.30.2-1+deb11u2
  From: git@1:2.30.2-1+deb11u2 &gt; curl/libcurl3-gnutls@7.74.0-1.3+deb11u7```
This comes from Prefect’s Dockerfile line 101:
<https://github.com/PrefectHQ/prefect/blob/main/Dockerfile#L101>

Is Git actually needed and used within the Prefect server / Prefect agents? If so, why?
Can I remove it or will it break Prefect?

We do have a note about git just a few lines above <https://github.com/PrefectHQ/prefect/blob/main/Dockerfile#L96>

Our users expect our base image to be able to do typical workflow orchestration activity which often includes using `git` to retrieve flow run source code.

Thanks <@U01CEUST9B5>! under what circumstances is `git` being called?

We have a rather simple deployment and workflow that we deploy with:
```prefect deployments build \
    our_workflow.py:run_our_workflow \
    --name run_our_workflow \
    --path /usr/src/app \
    --work-queue test \
    --skip-upload \
    --apply```

And then trigger them via REST API:
```/v1/deployments/flow-run/create_flow_run```

We need to account for the majority of our users with our container image though. If you don't need git you can derive an image with it removed.

When the deployment pulls code from a git repository

For example you could see the git project recipe

Thanks! could you please attach a link to it?

I would love to see and learn this type of usage

I'm on my phone! It shouldn't be hard to find in our docs or I'll link when I'm back.

<https://docs.prefect.io/latest/concepts/projects/>

<@U01CEUST9B5> that was very helpful and a very prompt response :slightly_smiling_face:

On a separate note I would love to hear what is a compelling reason to use projects, it looks like it’s a beta feature according to the documentation so when do simple *Deployments* won’t cut it that I should turn to using *Projects*?

I’ll follow up on the official docs and code samples but would love to learn real world applications if it’s possible. Thanks!

Projects are intended to be a more user friendly way to create deployments. They’re intended to replace the existing deployment build tooling eventually.

There’s an example of using Docker to pull code from git at <https://docs.prefect.io/latest/tutorials/projects/#dockerized-deployment> — I don’t have any real world repositories to link to but you could try asking in the community!