diff --git a/.devcontainer/cpp/Dockerfile b/.devcontainer/cpp/Dockerfile
index 39264c27..50e1fb44 100644
--- a/.devcontainer/cpp/Dockerfile
+++ b/.devcontainer/cpp/Dockerfile
@@ -14,21 +14,21 @@ HEALTHCHECK NONE
 SHELL ["/bin/bash", "-o", "pipefail", "-c"]
 
 # Install the base system with all tool dependencies
-COPY .devcontainer/cpp/apt-requirements-base.json /tmp/apt-requirements-base.json
 # hadolint ignore=DL3008
-RUN apt-get update && apt-get install -y --no-install-recommends jq \
- && jq -r 'to_entries | .[] | .key + "=" + .value' /tmp/apt-requirements-base.json | xargs apt-get install -y --no-install-recommends \
- && rm /tmp/apt-requirements-base.json \
- && rm -rf /var/lib/apt/lists/*
+RUN --mount=type=bind,source=.devcontainer/cpp/apt-requirements-base.json,target=/tmp/apt-requirements-base.json \
+    --mount=type=cache,target=/var/cache/apt,sharing=locked \
+    --mount=type=cache,target=/var/lib/apt,sharing=locked \
+    --mount=type=cache,target=/var/log,sharing=locked \
+ apt-get update && apt-get install -y --no-install-recommends jq \
+ && jq -r 'to_entries | .[] | .key + "=" + .value' /tmp/apt-requirements-base.json | xargs apt-get install -y --no-install-recommends
 
 # Include the Cisco Umbrella PKI Root
 RUN wget -qO /usr/local/share/ca-certificates/Cisco_Umbrella_Root_CA.crt https://www.cisco.com/security/pki/certs/ciscoumbrellaroot.pem \
  && update-ca-certificates
 
 # Install some tools via pip to get more recent versions
-COPY .devcontainer/cpp/requirements.txt /tmp/requirements.txt
-RUN python3 -m pip install --break-system-packages --require-hashes --no-cache-dir -r /tmp/requirements.txt \
- && rm -rf /tmp/requirements.txt
+RUN  --mount=type=bind,source=.devcontainer/cpp/requirements.txt,target=/tmp/requirements.txt \
+ python3 -m pip install --break-system-packages --require-hashes --no-cache-dir -r /tmp/requirements.txt
 
 # Set default environment options for CMake and ccache
 ENV CCACHE_DIR=/cache/.ccache \
@@ -38,18 +38,19 @@ ENV CCACHE_DIR=/cache/.ccache \
     CPM_SOURCE_CACHE=/cache/.cpm-cache
 
 # Install clang toolchain and mull mutation testing framework
-COPY .devcontainer/cpp/apt-requirements-clang.json /tmp/apt-requirements-clang.json
-# hadolint ignore=SC1091
-RUN wget -qO - https://apt.llvm.org/llvm-snapshot.gpg.key | gpg --dearmor -o /usr/share/keyrings/llvm-snapshot-keyring.gpg \
+RUN --mount=type=bind,source=.devcontainer/cpp/apt-requirements-clang.json,target=/tmp/apt-requirements-clang.json \
+    --mount=type=cache,target=/var/cache/apt,sharing=locked \
+    --mount=type=cache,target=/var/lib/apt,sharing=locked \
+    --mount=type=cache,target=/var/log,sharing=locked \
+    --mount=type=cache,target=/tmp,sharing=locked,mode=1777 \
+ wget -qO - https://apt.llvm.org/llvm-snapshot.gpg.key | gpg --dearmor -o /usr/share/keyrings/llvm-snapshot-keyring.gpg \
  && wget -qO - https://dl.cloudsmith.io/public/mull-project/mull-stable/gpg.41DB35380DE6BD6F.key | gpg --dearmor -o /usr/share/keyrings/mull-project-mull-stable-archive-keyring.gpg \
- && UBUNTU_CODENAME=$(. /etc/os-release; echo "${UBUNTU_CODENAME/*, /}") \
+ && UBUNTU_CODENAME=$(grep '^UBUNTU_CODENAME=' /etc/os-release | cut -d= -f2) \
  && echo "deb [signed-by=/usr/share/keyrings/llvm-snapshot-keyring.gpg] http://apt.llvm.org/${UBUNTU_CODENAME}/ llvm-toolchain-${UBUNTU_CODENAME}-${CLANG_VERSION} main" | tee /etc/apt/sources.list.d/llvm.list > /dev/null \
  && echo "deb [signed-by=/usr/share/keyrings/mull-project-mull-stable-archive-keyring.gpg] https://dl.cloudsmith.io/public/mull-project/mull-stable/deb/ubuntu ${UBUNTU_CODENAME} main" | tee /etc/apt/sources.list.d/mull-project-mull-stable.list > /dev/null \
  && echo -e 'Package: *\nPin: origin "apt.llvm.org"\nPin-Priority: 1000' > /etc/apt/preferences \
  && apt-get update \
- && jq -r 'to_entries | .[] | .key + "=" + .value' /tmp/apt-requirements-clang.json | xargs apt-get install -y --no-install-recommends \
- && rm /tmp/apt-requirements* \
- && rm -rf /var/lib/apt/lists/*
+ && jq -r 'to_entries | .[] | .key + "=" + .value' /tmp/apt-requirements-clang.json | xargs apt-get install -y --no-install-recommends
 ENV PATH="$PATH:/usr/lib/llvm-${CLANG_VERSION}/bin"
 
 # Install arm-gcc toolchain
@@ -78,19 +79,21 @@ RUN wget -qO - https://github.com/ccache/ccache/archive/refs/tags/v${CCACHE_VERS
 # Install include-what-you-use (iwyu) from source
 # hadolint ignore=DL3008
 RUN --mount=type=cache,target=/root/.ccache,sharing=locked \
+    --mount=type=cache,target=/var/cache/apt,sharing=locked \
+    --mount=type=cache,target=/var/lib/apt,sharing=locked \
  apt-get update && apt-get install -y --no-install-recommends libclang-${CLANG_VERSION}-dev llvm-${CLANG_VERSION}-dev \
  && wget -qO - https://github.com/include-what-you-use/include-what-you-use/archive/refs/tags/${INCLUDE_WHAT_YOU_USE_VERSION}.tar.gz | tar xz -C /tmp \
  && CC=clang CXX=clang++ cmake -DCMAKE_C_COMPILER_LAUNCHER=ccache -DCMAKE_CXX_COMPILER_LAUNCHER=ccache -S /tmp/include-what-you-use-${INCLUDE_WHAT_YOU_USE_VERSION} -B /tmp/include-what-you-use-${INCLUDE_WHAT_YOU_USE_VERSION}/build \
  && cmake --build /tmp/include-what-you-use-${INCLUDE_WHAT_YOU_USE_VERSION}/build --target install \
  && rm -rf /tmp/include-what-you-use-${INCLUDE_WHAT_YOU_USE_VERSION} \
- && apt-get purge -y libclang-${CLANG_VERSION}-dev llvm-${CLANG_VERSION}-dev libsqlite3-dev \
+ && apt-get purge -y libclang-${CLANG_VERSION}-dev llvm-${CLANG_VERSION}-dev \
  && apt-get autoremove -y \
- && apt-get clean \
- && rm -rf /var/lib/apt/lists/*
+ && apt-get clean
 
 # Update all tool alternatives to the correct version
 # and patch root's bashrc to include bash-completion
-RUN update-alternatives --install /usr/bin/gcc gcc /usr/bin/gcc-14 10 \
+RUN --mount=type=cache,target=/var/log,sharing=locked \
+ update-alternatives --install /usr/bin/gcc gcc /usr/bin/gcc-14 10 \
                         --slave /usr/bin/g++ g++ /usr/bin/g++-14 \
                         --slave /usr/bin/gcov gcov /usr/bin/gcov-14 \
  && update-alternatives --install /usr/bin/cc cc /usr/bin/gcc-14 10 \
diff --git a/.devcontainer/rust/Dockerfile b/.devcontainer/rust/Dockerfile
index 5b3b18a4..854cf32b 100644
--- a/.devcontainer/rust/Dockerfile
+++ b/.devcontainer/rust/Dockerfile
@@ -11,19 +11,21 @@ HEALTHCHECK NONE
 SHELL ["/bin/bash", "-o", "pipefail", "-c"]
 
 # Install the base system with all tool dependencies
-COPY .devcontainer/rust/apt-requirements-base.json /tmp/apt-requirements-base.json
 # hadolint ignore=DL3008
-RUN apt-get update && apt-get install -y --no-install-recommends jq \
- && jq -r 'to_entries | .[] | .key + "=" + .value' /tmp/apt-requirements-base.json | xargs apt-get install -y --no-install-recommends \
- && rm /tmp/apt-requirements-base.json \
- && rm -rf /var/lib/apt/lists/*
+RUN --mount=type=bind,source=.devcontainer/rust/apt-requirements-base.json,target=/tmp/apt-requirements-base.json \
+    --mount=type=cache,target=/var/cache/apt,sharing=locked \
+    --mount=type=cache,target=/var/lib/apt,sharing=locked \
+    --mount=type=cache,target=/var/log,sharing=locked \
+ apt-get update && apt-get install -y --no-install-recommends jq \
+ && jq -r 'to_entries | .[] | .key + "=" + .value' /tmp/apt-requirements-base.json | xargs apt-get install -y --no-install-recommends
 
 # Include the Cisco Umbrella PKI Root
 RUN wget -qO /usr/local/share/ca-certificates/Cisco_Umbrella_Root_CA.crt https://www.cisco.com/security/pki/certs/ciscoumbrellaroot.pem \
  && update-ca-certificates
 
 # Install rust
-ENV CARGO_HOME=/usr/local/cargo \
+ENV BINSTALL_DISABLE_TELEMETRY=true \
+    CARGO_HOME=/usr/local/cargo \
     RUSTUP_HOME=/usr/local/rustup \
     PATH=/usr/local/cargo/bin:"$PATH"
 RUN rustup set profile minimal \
@@ -42,10 +44,10 @@ RUN batstmp="$(mktemp -d /tmp/bats-core-${BATS_VERSION}.XXXX)" \
 
 # Update all tool alternatives to the correct version
 # and patch root's bashrc to include bash-completion
-RUN update-alternatives --install /usr/bin/cc cc /usr/bin/gcc-14 20 \
+RUN --mount=type=cache,target=/var/log,sharing=locked \
+ update-alternatives --install /usr/bin/cc cc /usr/bin/gcc-14 20 \
  && cp /etc/skel/.bashrc /root/.bashrc
 
-ENV BINSTALL_DISABLE_TELEMETRY=true
 # Install additional rust tools
 RUN wget -qO - "https://github.com/cargo-bins/cargo-binstall/releases/download/v${CARGO_BINSTALL_VERSION}/cargo-binstall-$(uname -m)-unknown-linux-gnu.tgz" | tar xz -C "/usr/bin" \
  && cargo-binstall -y --locked cargo-binutils@0.3.6 cargo-mutants@25.0.0 flip-link@0.1.10 \
diff --git a/.github/actions/container-size-diff/container-size-diff.sh b/.github/actions/container-size-diff/container-size-diff.sh
index 3a914e83..91043d60 100755
--- a/.github/actions/container-size-diff/container-size-diff.sh
+++ b/.github/actions/container-size-diff/container-size-diff.sh
@@ -5,6 +5,12 @@ set -Eeuo pipefail
 FROM_CONTAINER=${1:?}
 TO_CONTAINER=${2:?}
 
+format_size() {
+    local SIZE=${1:?}
+
+    numfmt --to iec --format '%.2f' -- "${SIZE}"
+}
+
 get_sizes_from_manifest() {
     local CONTAINER=${1:?}
     declare -Ag ${2:?}
@@ -60,5 +66,5 @@ do
         ICON="🔄"
     fi
 
-    echo "| ${PLATFORM} | $(numfmt --to iec --format '%.2f' ${FROM_SIZE}) | $(numfmt --to iec --format '%.2f' ${TO_SIZE}) | $(numfmt --to iec --format '%.2f' ${DELTA}) (${PERCENT_CHANGE}%) | ${ICON} |"
+    echo "| ${PLATFORM} | $(format_size ${FROM_SIZE}) | $(format_size ${TO_SIZE}) | $(format_size ${DELTA}) (${PERCENT_CHANGE}%) | ${ICON} |"
 done