Thanks! but these are builder images, not the final runtime. Chisel only really makes sense after the binary is built and you know what it needs at runtime. Before that you are pulling in whole packages, which is why things like ncurses might show up, similar to chainguard's image. For a builder, it is just SBOM noise and not something the app ever executes. Its hard to identify what you need before running the application, and you can always find a library you don't need. The “only your app should be executable” idea works for fully static binaries, but once you use glibc or CGO you already have other executables.