Issue

Currently, this repository is experiencing frequent security alerts, particularly stemming from the Go(lang) codebase, which is proving to be quite disruptive.

Solutions thoughts

Instead of compiling Skopeo from scratch, consider downloading the Skopeo CLI tool from the official source during the execution of the Custom Resource Lambda. However, it's worth noting that the Skopeo official repository does not offer any static binaries, as outlined in this document.

Another approach could involve creating a separate repository dedicated to providing pre-built lambda function binaries, similar to cdklabs/awscdk-asset-kubectl. By doing so, the security issue would transit to the separate repository, although it would still require ongoing efforts to maintain.

Another approach is get rid of skopeo, use crane instead. Since crane has prebuilt static binary. But if we run crane in lambda it encounter Error: mkdir /home/sbx_user1051: read-only file system error. But we can solve this problem via set env DOCKER_CONFIG=/tmp/.docker in lambda env.